How To Handle The Flood Of GDPR Privacy Updates

Couple looking at emailsImage copyright Getty Images
Image caption It is easy to feel overwhelmed by the flood of new privacy policies

Many app users' inboxes are bulging with requests to review new terms of service and privacy conditions.

And it is no coincidence that so many developers have revamped their small print at the same time.

In just under a month, the EU will introduce a new privacy law that gives Europeans new data protection rights and threatens giant fines for organisations that do not comply.

But making sense of the new terms poses a challenge.

Some companies, including Facebook, are asking members to give explicit consent to new features such as facial recognition.

Others - such as Twitter, Fitbit and Yahoo - have told members that simply continuing to use their products will be interpreted as agreement to the tweaked conditions.

The time-strapped public would be forgiven for thinking the easiest thing to do is to tick the necessary boxes and otherwise plough on regardless, despite the advent of the General Data Protection Regulation (GDPR).

After all, who normally reads this stuff?

But that would be to pass up an opportunity to understand and place limits on how your personal details are being exploited for profit.

And there is value in knowing what you have signed up for in advance of the next data privacy scandal.

Image copyright Getty Images
Image caption A quick search for key phrases can help users hone in on the key details

Digital rights campaign group Privacy International suggests that one way to handle the deluge of documents is to search for instances of the following terms:

'Data providers'

The phrase may be mentioned in sections that explain what data is being collected and how that is achieved.

In particular, users should watch out for details of personal information being acquired from third parties that could let the services profile them in unexpected ways.

'Location data'

The new law explicitly defines the places a person visits in their past and present as being a type of personal data for the first time.

Organisations are therefore required to detail how such information will be used to identify individuals.

'Affirmative act'

When consent is required, it must now be given via a clear action.

The days of automatically signing up people to a marketing campaign because they did not untick a box are over.

But it's worth double-checking how consent is being sought to avoid clicking a button without realising its consequences.

'Controller'

Users based outside the EU should check where the entity is based. Facebook recently switched millions of its users out of the control of its Irish office, which means they will no longer be protected by the European watchdogs enforcing the new legislation.

'Purposes' and 'Recipients'

These terms are often used to inform users what a business will do with their data and with whom they will share it.

The UK's Consumers' Association - known more commonly as Which? - has published its own guide to GDPR.

It highlights some of the ways you can take advantage of GDPR's new rights.

These include the right to object to any decisions taken by organisations based solely on algorithms having analysed your personal data. For instance, you can appeal against a decision to refuse you a job interview based solely on computer analysis of your CV.

You can also request a copy of the personal data being processed to make software-driven decisions.

Which's computing editor told the BBC that people should be aware that if they are unhappy at how their personal information is being used to target ads at them, they can now demand part or all of it to be erased.

She added that people should also watch out for illegitimate enticements.

"I saw on Twitter the other day somebody share an email... saying you'd get a free pizza if/when you consented," commented Kate Bevan.

"That is a big fat nope - consent can't be bundled with something else."

Image copyright Getty Images
Image caption You may need to ask follow-up questions to get the answers you want

Those that take the time to wade through all the paperwork may still have questions.

For example, while an app might have to disclose that it shares data with third parties, it does not necessarily have to name them unless a user personally requests the information.

"They should always give you a point of contact," explained Nicola Fulford, head of data protection and privacy at the law firm Kemp Little.

"If they sent you an email and you have questions, then they should respond to it, although obviously at the moment they may be very busy."

RECENT NEWS

From Chip War To Cloud War: The Next Frontier In Global Tech Competition

The global chip war, characterized by intense competition among nations and corporations for supremacy in semiconductor ... Read more

The High Stakes Of Tech Regulation: Security Risks And Market Dynamics

The influence of tech giants in the global economy continues to grow, raising crucial questions about how to balance sec... Read more

The Tyranny Of Instagram Interiors: Why It's Time To Break Free From Algorithm-Driven Aesthetics

Instagram has become a dominant force in shaping interior design trends, offering a seemingly endless stream of inspirat... Read more

The Data Crunch In AI: Strategies For Sustainability

Exploring solutions to the imminent exhaustion of internet data for AI training.As the artificial intelligence (AI) indu... Read more

Google Abandons Four-Year Effort To Remove Cookies From Chrome Browser

After four years of dedicated effort, Google has decided to abandon its plan to remove third-party cookies from its Chro... Read more

LinkedIn Embraces AI And Gamification To Drive User Engagement And Revenue

In an effort to tackle slowing revenue growth and enhance user engagement, LinkedIn is turning to artificial intelligenc... Read more