BRUSSELS – Europe's new privacy law came into force on Friday, prompting high-profile websites to suspend access throughout the region as data protection regulators prepared to wield their new ones application powers.
editor of the Los Angeles Times, New York Daily News and other US newspapers. UU., Was among those who blocked the access of readers of the European Union to the sites, as they rushed to comply with the radical regulation.
"We are committed to the issue and we are committed to finding options that support our full range of digital offerings for the EU market," the company said in ads displayed when users tried to access their news sites of the EU on Friday morning.
Other regional newspapers of EE. UU property of
as well as the Instapaper bookmark application, owned by Pinterest. Inc., were also blocking access in the EU.
The EU General Data Protection Regulation provides for heavy fines for companies that do not comply with the new rules, aimed at giving European users more control over the data companies themselves.
Companies have competed to comply with the new law, but surveys indicate that most may not be ready.
It is unlikely that companies will be punished with severe sanctions on Friday, because the rules are not applied retroactively- but some companies are deciding that it is safer to suspend access in Europe than risk sanctions, which is The EU's main privacy regulator On Thursday he warned that it could arrive soon.
"I'm sure you will not have to wait a couple of months," said Andrea Jelinek, about when the first fines could fall. On Friday, Ms. Jelinek is expected to be elected head of a new European Data Protection Board, which includes national data protection regulators from each of the EU member countries.
Since Friday, companies that violate the EU privacy rules risk fines of up to 4% of their global income.
Companies must comply with the provisions of the GDPR to report data infractions within several days. In addition, companies will often need to obtain the consent of users to process their personal information. Customers will have the right to see what data companies have about them and can request that some be deleted. Companies are responsible for demonstrating that they are fulfilling their obligations.
Signatures of all sizes have been reviewing their systems in time for the deadline to show that the way they collect and handle information about Europeans follows the rules.
at a press conference, Jelinek said that companies should have had enough time to comply with the new law, since the regulation was adopted in 2016. Lawmakers delayed the implementation of the law by two years to give time to the companies. "The situation is not new," he said.
Potential aggressive sanctions are likely to affect some business decisions. Large companies that acquire small companies that use personal data may decide not to launch a service in Europe, for fear that the startup will expose parents to a fine based on the income of the entire company.
"If I could choose between [launching a data-related business] in Paris and in New York … At least I'll advise entrepreneurs to do it in New York," said David Hoffman, global privacy officer, Intel Corp.
GDPR it comes as
It is still struggling to contain the consequences of the revelations that the Cambridge Analytica data badysis firm improperly obtained the personal information of up to 87 million users of the social network.
CEO of Facebook
He visited the European Parliament on May 22 to answer questions about the scandal, which EU officials say only reconfirmed the need for new privacy rules and helped promote legislation to the general public.
The national privacy regulators of the EU, which are also in are not likely to charge tasks such as authorizing transfers of business data abroad have the necessary bandwidth to crack down on a large number of companies in different sections. Technology companies that benefit from user data are likely to be the main targets, said the EU Justice Commissioner.
Ireland's data protection authority has said it will prioritize cases where a large amount of user data is processed, which it considers to be the most risky.
An unresolved question is exactly what data companies can collect. The companies argue that certain types of information are necessary to fulfill a contract with the user; Meanwhile, activists are planning to challenge some big companies for that matter.
Dale Sunderland, deputy commissioner of Ireland's privacy regulator, said the agency was leading a group of data protection authorities that are investigating that particular issue. He said he expects EU privacy regulators to publish a document on the subject in the fall.
"We believe that collectively we need to badyze and address this issue to provide clarity on the use of the contractual need for free online services," Mr. Sunderland said.
On Thursday, Mr. Zuckerberg of Facebook told a technology conference that his company had worked hard to comply with the GDPR, including asking users to opt-in to view targeted ads on Facebook based on their use. from other websites and applications.
"The vast majority of people choose to participate," Zuckerberg said, "because the reality is that if they're going to see ads in a service, they'll want them to be relevant and good ads."
Businesses are not the only ones that struggle to get in shape with the new law. The European Commission, the bloc's executive body, said eight countries, including Belgium, Bulgaria and Hungary, were slow to implement the necessary national legislation for GDPR. The commission can initiate legal proceedings against any member state that does not implement EU legislation.
Regulatory agencies in other countries fear they do not have sufficient resources for the expected workload, said Ms. Jourova, the commissioner of justice. .
When asked about the issue of resources, Ms. Jelinek of the data protection board said: "We will try our best and act in a very professional manner"
Natalia Drozdiak at [email protected] and Sam Schechner at [email protected]