What does it mean to click “accept”?

How many times have you opened your favourite website, only to be greeted by a pop-up message reading “We’ve updated our privacy policy. Click here to Accept”?

The GDPR (General Data Protection Regulation) was agreed by the European Parliament in 2016, and came into force on the 25th May 2018. The purpose of this regulation is to “Harmonize data privacy laws across Europe, protect and empower all EU citizens’ data privacy and reshape the way organizations across the region approach data privacy.”

But what does all that exactly mean?

The new law replaces the 1995 Data Protection Derivative, which was becoming outdated with the development of new technologies and the expansion of the Internet. While parts of the GDPR remain the same, the new rules expand the old in two fundamental ways.

First, the new regulation sets the bar for obtaining and using personal information higher than ever before. This causes companies to need explicit consent from EU customers for these companies to collect your personal data. This is why your favourite websites, but in particular social media such as Facebook or Twitter, have asked users to agree to their “updated privacy policy”.

Most users click the “Accept” button without thinking twice, not knowing why or what they are accepting. After all, who actually reads the 20-page-long policy?

If you click “Accept”, you are allowing the website to collect and retain your data for access to services or for targeted advertising.

“Cookies” that track your online behaviour are then installed individually on each browser, but you do have to go through the same “accept” system when you use another device running a different browser.

If you refuse consent, you might find the website prevents you from accessing some of its features, as the new law has introduced some very hefty fines if not followed.

This is the second major change to the Data Protection rules: the new legislation fines any company that violates them – up to four percent of a company’s global turnover or $20m, depending on whichever is the larger sum of money. This is potentially billions of dollars for big companies such as Google and Facebook, and the impact is potentially fatal for smaller companies that rely on traffic from these corporate giants.

Some companies outside the EU, particularly American companies, have opted out entirely, and block access to EU users because their websites are not GDPR compliant. Other companies have removed their website’s ability to collect or track data entirely, and for EU users, now offer sites completely free of advertisements. For instance, USA Today now offers a website completely free of advertisements for EU users.

Next time you see an “updated privacy policy” alert, make sure you read even one of the dozens of pages to find out just what that website does with your data.

Giovanni Bernardi
December 2018