According to a telecom consulting company, you may not have heard of the General Data Protection Regulation (GDPR), but you’ve certainly seen the effect if you’ve been online in the last several months.
The GDPR is an EU law that protects user data and privacy for citizens within the European Union. The regulation allows users who use online services to have more control over their private information, by mandating that companies disclose what data is being stored, for how long it’s being saved, and if it’s being shared with any third parties.
Now, this is all well and good for the EU, but what does it mean for people here in the United States?
Many people here in the US do business with European companies, and those rules affect how our data is handled. If you’re a user of any online service, you’ve no doubt seen emails or pop-ups on websites telling you about the many changes regarding privacy and terms of service taking place with companies operating online. Simply put, if a US-based company does business with people in the EU, the company must adhere to the law. And if a US citizen is doing business with a company in the EU, the company is expected to treat that user’s data the same way they treat an EU citizen’s data under the law.
What the guidance says
According to the law, companies that collect user data must ensure that the data is anonymized and not ever made public unless the user gives consent.Which is what provisioning in telecom is. It’s also required that a user is allowed to revoke consent to share data at any time, even after previously having granted permission, and the company must comply. Lastly, because so many companies share data with other companies, who then, in turn, share that data with other companies, it’s required that the user has full knowledge of which companies have access to their data.
Data Protection in the US
So, how does the United States fare with laws regarding the protection of user data? Sadly, not so well right now, but legislators are looking to change that. Recently, California legislators passed a law similar to the EU’s GDPR called the California Consumer Privacy Act. This law is similar to the GDPR in that California residents have a right to know how companies handle and share their personal information, and that consumers have the right to revoke the sharing of that information whenever they choose. Unlike the GDPR, which is already in practice, the California law doesn’t go into effect until January of 2020.
However, that’s just California; the rest of the country is still trying to catch up and figure out how best to protect consumers while ensuring companies can still operate as they intend. Currently, consumers have some protection of their personal information, primarily their health data, but right now there’s nothing as comprehensive as the GDPR on the table to guarantee data protection for everyone in the US.