with the advertisements that you ac-
cept. And I think people are becoming
more and more aware of the fact that
their personal data do have a value.”
Says Alison Cool, assistant profes-
sor of anthropology at the University
of Colorado, Boulder, “There are a
lot of questions and ambiguities that
must be addressed, but it’s clear that
GDPR will significantly change the
While the U.S. and a number of
other countries have adopted an opt-
out approach to data collection—es-
sentially, a consumer must instruct
a company if he or she doesn’t want
his or her data used or shared in cer-
tain ways—Europe has implemented
a more restrictive opt-in approach.
However, GDPR takes this concept to
a new and previously untested level.
Besides giving consumers near-total
control of their data, they can have
WHEN THE EUROPEAN UNION (EU) General Data Protection Regu- lation (GDPR) went into effect on May 25,
2018, it represented the most sweeping
effort yet to oversee the way businesses
collect and manage consumer data.
The law, established to create consistent data standards and protect EU
citizens from potential privacy abuses, sent ripples—if not tidal waves—
across the world.
GDPR gives European citizens greater control of their data while establishing strong penalties for businesses
that do not comply. What is more, any
data that involves EU citizens or touches EU companies is covered by GDPR.
The initiative replaces an older data
privacy initiative called the Data Protection Directive 95/46/EC, which was
introduced in 1995.
The implications and ramifications
are enormous—and the initiative’s
reach is global. GDPR will change everything from the way data collection
takes place to the way corporate databases are designed and used. It also will
potentially change the way research
and development takes place, and
will impact cybersecurity practices, as
well as introducing a practical array of
challenges revolving around sites and
repositories where groups share comments, information, and other data.
“It’s a groundbreaking initiative,”
says Brett M. Frischmann, Charles
Widger Endowed University Professor
in Law, Business, and Economics at Vil-
lanova University, and Affiliate Scholar
of the Center for Internet and Society
at Stanford Law School. “Europe has
flipped a switch and prompted recon-
sideration of how data can be collected,
managed, and used.” The EU takes the
position that a person owns his or her
data, and their privacy is a fundamen-
tal right that is “basic to the integrity of
a human being,” Frischmann adds.
Digital technology has inexorably
changed the face of privacy. Today,
there is a perception—and plenty of
evidence to support it—that personally
identifiable information (PII) is under
assault as never before. A Pew Research
Center survey found that in the U.S.,
93% of adults say being in control of
who can get information about them
is important; 90% say controlling what
information is collected is important.
The figures in Europe and other parts
of the world are the same.
In a 2016 interview in Recode, Europe’s Competition Commissioner
Margrethe Vestager said, “There is no
such thing as a free lunch. You pay with
one currency or another—either cents,
or you pay with your data, or you pay
Weighing the Impact
The EU data regulation will affect computer, Internet,
and technology usage within and outside the EU;
how it will play out remains to be seen.
Society | DOI: 10.1145/3276744 Samuel Greengard