What The European Union's New Online Privacy Law Means For The U.S. NPR's Ari Shapiro speaks with Estelle Massé, senior policy analyst for Access Now — a non-profit organization devoted to open and secure communications worldwide — about the new law adopted by the European Union to protect online privacy.
NPR logo

What The European Union's New Online Privacy Law Means For The U.S.

  • Download
  • <iframe src="https://www.npr.org/player/embed/602971733/602971740" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
What The European Union's New Online Privacy Law Means For The U.S.

Law

What The European Union's New Online Privacy Law Means For The U.S.

What The European Union's New Online Privacy Law Means For The U.S.

  • Download
  • <iframe src="https://www.npr.org/player/embed/602971733/602971740" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

NPR's Ari Shapiro speaks with Estelle Massé, senior policy analyst for Access Now — a non-profit organization devoted to open and secure communications worldwide — about the new law adopted by the European Union to protect online privacy.

ARI SHAPIRO, HOST:

Lawmakers who want to protect online privacy are looking overseas for models. Here are some of the comments that came out of last week's hearings with Facebook CEO Mark Zuckerberg.

(SOUNDBITE OF ARCHIVED RECORDING)

LINDSEY GRAHAM: Do you think the Europeans have it right?

(SOUNDBITE OF ARCHIVED RECORDING)

SCOTT PETERS: I want you to elaborate on what the Europeans got right and what you think they got wrong.

(SOUNDBITE OF ARCHIVED RECORDING)

MARIA CANTWELL: Do you believe the European regulations should be applied here in the U.S.?

SHAPIRO: That was Republican Senator Lindsey Graham, followed by Democratic Congressman Scott Peters and Democratic Senator Maria Cantwell. A big online privacy law goes into effect next month in Europe. And we're going to look at what it does and what it could mean for this country in this week's All Tech Considered.

(SOUNDBITE OF MUSIC)

SHAPIRO: Estelle Masse is an advocate for stronger online privacy. She's with the nonprofit group Access Now and joins us from Brussels. Welcome to the program.

ESTELLE MASSE: Thank you. Thank you for having me.

SHAPIRO: You urged lawmakers to pass this regulation, officially called the General Data Protection Regulation or GDPR. What gave them the political will to do it? Was there a story about personal data falling into the wrong hands similar to the Cambridge Analytica affair?

MASSE: So in the EU, we have had a data protection laws since 1995. So in reality, this concept is not anything new for us. However, that law has been lacking enforcement for many, many years. So what motivated EU lawmakers to adopt the General Data Protection Regulation was the fact that - despite the fact that we had a law, there were still many issues on misuse of data. And we were seeing also an increased number of data breaches. Therefore, there was a great need to adapt the model that we had for offline privacy to the online world.

SHAPIRO: I know one big part of this new regulation is having people consent to have their information shared - opting in. We'll hear more about that in a moment. What else do you especially like about this new set of regulations?

MASSE: So one important point of the GDPR was to bring it to the digital age. So one of the change that we can see in the law is that there is new protection around the use of data for what we call big data analytics and potentially artificial intelligence, which, for instance, provide rights to the users to object - which means refuse - the use of their data when it's only done - conducted through algorithm. And we're also gaining a right to explanation, which means that we will be able to receive normally information about the logic used by algorithm when they're applied to make a decision about us. We also gain a new effective right to information. And this right, for instance, requires terms of service to be given to people in clear and plain language. So it means that it can no longer be hundreds of pages of legalese text where you would need a lawyer to help, you know, if you really want to consent to that use of data, for instance.

SHAPIRO: Were the things that you wanted to be included in this regulation that you couldn't persuade lawmakers to do?

MASSE: Right. So the regulation was one of the most lobbied piece of legislation against. It was being negotiated for five years, which is already quite unusual for EU processes. It can take a long time, but that was really huge. There have been more than 3,000 amendment on the law from the European Parliament...

SHAPIRO: More than 3,000?

MASSE: Right. It was really a lot of work. And we're not entirely satisfied with what's in there. However, it's a great improvement from the previous law. And it's also a great basis for the use of data in the digital age.

SHAPIRO: What will happen to companies that don't comply with these regulations? What punishment will there be?

MASSE: So there are different layers of punishment based on the type of violation you're doing. The most serious threats that a company can have in case of serious and repeated violation would be a fine of 4 percent of their worldwide turnover. And for violation of other rights, it could be a fine of 1 percent.

SHAPIRO: I don't know what 1 percent or 4 percent of Facebook's annual net profit is, but I can imagine the number is not insignificant.

MASSE: Right. It will be pretty large. And the whole point was that for the fine to be dissuasive enough so that the law would be complied with, which was an issue with the previous law, for instance, because the highest fine under the previous law was 150,000 euros, which if I remember correctly, I think Google makes in like less than a nanosecond. So it would have been pretty easy for them to budget it.

SHAPIRO: Estelle Masse, thank you so much for talking with us today.

MASSE: Thank you very much.

SHAPIRO: She's a senior policy analyst for Access Now, a nonprofit international organization working to protect human rights in the digital era, speaking with us from Brussels.

Copyright © 2018 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.