The European Union’s General Data Protection Regulation was celebrated as a revolution in how internet privacy could be legislated. It was a reaction to long-term concerns in the EU about information collection by tech giants like Facebook, Alphabet and Apple.
Known as GDPR, the regulation gave sweeping new powers to individuals in how they can control their data, including the right to demand that companies tell them how their data is used, and to ask corporations to destroy their data, a tenet of the law known as “the right to be forgotten.”
The law also imposed the world’s stiffest potential privacy fines: Up to 20 million euros or 4% of a company’s global annual revenue for the previous year for the most egregious violations. For Facebook, such an upper-level fine could therefore feasibly reach $1.6 billion.
But one year later, GDPR hasn’t lived up to its potential.
Among some consumers, GDPR is perhaps best known as a bothersome series of rapid-fire, pop-up privacy notices. Those astronomical fines have failed to materialize. The law has created new bureaucracies within corporations, and with those, tension and confusion. And it’s unclear if the EU data authority that oversees the law is adequately staffed to handle its demands.
Clique aqui e leia a matéria completa.