The EU makes a statement with GDPR.

A lot of companies have been notifying their users about privacy policy updates to terms of use. This is largely due to the new law that will go into effect today that will changes the way companies can use your personal data and offers additional protection of users’ personal information. It’s called the General Data Protection Regulation, also known as GDPR, and was established by the EU. Although the law applies to the EU, companies in other countries wanting EU users to visit their websites or use their apps must follow the rules as well.

What’s the Overview?

The GDPR redefines consent for use of personal information in a simple and clear manner. It will make it illegal for companies to not make the terms of consent overtly clear. There will also be a new form of user-binding consent—no more already checked boxes. In the past, companies could offer additional features to a user in exchange for more personal data. Under GDPR, this is no longer seen as consent given openly and will therefore be illegal.

EU citizens will be allowed to access the data stored by companies and have it modified for accuracy of erased altogether if they wish. Personal data must also be securely stored by the companies that hold it. This mean security protocols must be beefed up. Regulating government bodies are also getting involved as companies are now required to report a data breach to them directly. To incentivize companies to adhere to GDPR, hefty fines have been put in place for breaking the rules. Companies can expect to pay 20 million Euros, or four percent of a company’s total annual revenue, for infractions.

Who is Impacted?

Because GDPR applies to any company wishing to offer its services to EU citizens, virtually all big tech companies are subject to the new law reform. As data processors and controllers, tech companies now carry legal obligation for said data. The big social media four: Facebook, Linkedin, Google+, and Twitter all have revised their terms of use to stay within the guidelines of GDPR.

Why Now?

The creator of Facebook, Mark Zuckerberg, faced Congress recently to explain how Cambridge Analytica was able to acquire, keep, and exploit user data from millions of Facebook users. The details emerged of how personal data was gathered and stored on Facebook users and the inefficiencies that lead to the data leak. To make matters worse, the personal information collected from Cambridge Analytica was then used by foreign entities in an attempt to manipulate the 2016 Presidential Election for the U.S. The situation was a huge disaster and caused a review of regulations for personal data collection and privacy.

The Outcome

The GDPR set a tone for the tech industry that times are changing. Comprehensive protection of free consent is now a requirement and tech giants will have to increase the protection of user data. The Facebook scandal sent shockwaves through the tech community, signaling a need for restructuring.  User data, if used properly, can provide great benefit. Personalized ads have been favored by the public over less relevant ads but not at the cost of election manipulation.