How Europe's New Data Privacy Law Is Supposed To Give Users More Control
MARY LOUISE KELLY, HOST:
In Europe, a sweeping digital privacy law kicked in this past Friday. Companies have been updating their terms of service and their data security rules. And even here in the U.S., we are feeling the impact. And that is where we kick off this week's All Tech Considered.
(SOUNDBITE OF MUSIC)
KELLY: Well, if you are like me, your email inbox has been inundated with messages about the new European rules. And if you're like me, you may not have read every line of the fine print of these emails yet. But The Wall Street Journal's personal technology columnist Joanna Stern has. She has diligently been reading dozens of these messages. And she joins us now.
JOANNA STERN: Hi. How are you?
KELLY: We are well. Thank you. I wonder if you would start by giving us the real quick version of this European law and what it's designed to do.
STERN: Yeah. So GDPR, which stands for the General Data Protection Regulation, went into effect in the European Union. And this is a new set of laws that basically tightens what companies can do with our data. Overall, what most people need to know is this is supposed to be very good for consumers. And it makes companies be more transparent about what they're doing with what they collect on us.
KELLY: OK. And one of the ways in which they're being transparent is emailing all of us with these long policies and updates to the rules. You actually - you made a video, which I want to play. It's up on the Wall Street Journal website. And this is you. You printed out paper copies of some of these policies and then lined them up on a football field.
(SOUNDBITE OF VIDEO)
STERN: One-hundred and twenty yards, 360 feet...
(SOUNDBITE OF MUSIC)
KELLY: A not-very-subtle message there that these policies are really long.
STERN: One thing I quickly noticed from this and one thing that GDPR does require is that they have to be written in plain English. So I actually was able to make sense of these policies a lot more. But I also noticed that when I compared between the old policies and the new policies, the post-GDPR policies - some of them have gotten twice as long.
KELLY: You have taken the time to read all these. What is your trick to them? And were there common things you're looking for as you're skimming through?
STERN: Yeah. So two things kind of stick out. One, after you've read pretty much only, like, five of these, you start to notice a pattern - one, the company tells you what data is collected, what they're taking on you; two, they'll tell you why they're using that data - and this is a big part of GDPR, that these companies have to tell you how they're using that data and for what reason; and then part three is - most of these companies have now updated with where they give you the ability to have some control over what they do with your data. That doesn't mean they're not going to collect it. But they'll point you to some settings where you can control, do you want this information to be used to target ads at you? Do you not?
And I would say the biggest takeaway I also had here is that nobody's going to read through all those one, two, three parts. But what you can do is search for keywords. And one thing that I sort of - at around Policy No. 20, I sort of gave up and said - OK, I'm going to search for these keywords.
KELLY: (Laughter) Started just skimming fast, yeah. So what keywords should we search for?
STERN: Well, third parties is a big one. That's really been, you know, the brunt of a lot of the privacy issues we've seen here in the U.S. with Cambridge Analytica and some of the election stuff is that some of this data was being given to third parties, to other apps. And many people were not aware of that. And so you should search for the term third parties and see where your data could end up going.
KELLY: It sounds like the other takeaway is we still need to be proactive about this.
STERN: Absolutely. I mean, none of these companies are going to come up to us, tap us on the shoulder and say, oh, hey, guess what - we took that information that you put in, and we decided to serve you a bunch more ads about that. Plus, we sold it to another company, so we made more money this quarter. That's not going to happen.
KELLY: That is Joanna Stern, personal technology columnist for The Wall Street Journal.
Joanna, thanks so much.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.