trending Market Intelligence /marketintelligence/en/news-insights/trending/v_ndeugpf6bfu-porizy1g2 content esgSubNav
In This List

European Data Protection Board addresses confusion surrounding EU's new GDPR

Blog

Broadcast deal market recap 2021

Podcast

Next in Tech | Episode 49: Carbon reduction in cloud

Blog

Volume of Investment Research Reports on Inflation Increased in Q4 2021

Blog

Price wars in India: Disney+ Hotstar vs. Amazon Prime Video vs. Netflix


European Data Protection Board addresses confusion surrounding EU's new GDPR

European authorities moved to clarify confusion around the EU's new data protection rules, which saw a number of businesses, including the Los Angeles Times and the New York Daily News, shut down their websites to users in Europe.

Speaking during a May 25 press briefing held in Brussels, marking the launch of new General Data Protection Regulation (GDPR), the European Data Protection Board, a regional group of EU data protection authorities in charge of ensuring that the GDPR is applied consistently across the EU, said it had received several complaints about the lack of clarity on the issue of consent.

GDPR requires companies to gain consent from all online users before collecting and using their data, as part of efforts to boost the rights of EU citizens and to give individuals greater control over their personal data.

Collectively, the board said that internet users that fail to give consent to use of their data should not be deprived of using online services.

"Consent cannot be overestimated because it is part of our fundamental rights… consent has to be freely given and you have to have it written in a way that people understand," said Andrea Jelinek, chair of the European Data Protection Board.

"If there is forced consent, there is no consent," she continued, adding that most online services can be offered to users without the need to collect their data.

The sweeping changes to Europe's data privacy laws are designed to keep pace with the growing amounts of online data being created on a daily basis and to bring the EU up to speed with a fast-changing digital landscape.

Aside from gaining consent from online users, businesses operating in Europe will also be required to notify users and authorities of any data breaches within 72 hours.

A number of cybersecurity experts warned, however, that many companies were unprepared for the changes GDPR will bring, following a number of high-profile breaches and security flaws such as Meltdown and Spectre this year, and last year's WannaCry malware attack.

Speaking earlier this year, experts said some companies were underestimating the task of compliance and had therefore routinely underinvested in security infrastructure.

The stakes are high, given that the new measures threaten steep penalties for failure to comply, including fines of €20 million or 4% of annual turnover for the most serious breaches.

Determining the proportion of fines is one of the biggest challenges the board faces, Jelinek said, adding that individual fines would depend on the extent of infringement.

Meanwhile, the U.K., which is preparing to exit the European Union next year, is planning to usher in a new Data Protection Act which will incorporate the key aspects of the GDPR, with some minor adjustments. The board, however, declined to comment on the U.K.'s position after it leaves the EU.