GDPR – Users regain control
GDPR seeks to clarify and harmonize the methods of processing personal data while placing the individual at the heart of the legal framework. The latter thereby sees its rights strengthened. How many times have you received an email from an unknown company offering an unknown product that you have absolutely no use for? How many times have you asked a single company to remove you from their database, not wishing to receive their newsletters or promotional offers anymore? How many times have you seen your data used "against" you? In your private and/or professional life? How many times? Thanks to the new European regulation, you will no longer encounter such problems. At least, companies will be severely sanctioned in the event of a breach.
Full control over your personal data
In 2015, over 75% of internet users were concerned about their privacy in the digital age, and 70% felt they had only partial control over their personal data, despite the existing laws. Every European citizen will now have the possibility to enforce the application of the GDPR and assert the rights and guarantees that accompany it against any company (European or not) that collects their personal data, thereby limiting intrusions into the private and/or professional life of the individual.
The right to be forgotten
You were already aware of the right to modify and retract your data, which consists of, as its name suggests, modifying your personal data or removing it from a company's database. The GDPR adds the right to be forgotten: "the data subject has the right to obtain from the controller the erasure, without undue delay, of personal data concerning them, and the controller shall have the obligation to erase such data without undue delay" (Article 17). It can be requested for 6 reasons:
data are no longer necessary
the data subject withdraws their consent
they object to the processing of their data for prospecting purposes
the data have been subject to unlawful processing
the data must be erased to comply with a legal obligation
the data were collected in the context of a service offer directed at minors
This means that you can request companies to erase your personal data, cease distribution, and thus prevent third parties from accessing and exploiting them.
Profiling
According to recitals 71 of the GDPR "any form of automated processing of personal data aimed at evaluating certain aspects concerning an identified or identifiable natural person, in particular to analyze or predict aspects regarding the performance at work of the data subject, their economic situation, health, personal preferences or interests, reliability or behavior, or their location and movements, insofar as it produces legal effects concerning the data subject or similarly significantly affects them." The GDPR will also intervene on this point. This is all the more important as the vast majority of personal data concerning us available on the web is not the result of a conscious deposit of data from us but rather of a complete traceability of all our browsing on the web. It was then easy for companies to offer you relevant content and products based on your tastes and interests. Starting from May 25, 2018, you will be able to request the erasure of your data for commercial purposes, thus preventing Big Brother from watching you and regaining control of your consumption and private life.
Consent
If a company or organization is not in a contractual relationship or a legal obligation, does not aim at the general interest or the vital interests of a person, or does not have a legitimate reason to hold personal data about them, it does not have the right to process them unless the user has given explicit consent in advance. The company will now have to obtain explicit consent from the data subjects for processing their personal data for commercial purposes (or marketing, statistical analysis, resale to third parties, etc.) and create a register to prove it to the CNIL and the concerned individuals. The right to be forgotten is fundamental for respecting privacy, especially in the digital age where everything remains hidden somewhere on the net and can have negative repercussions for the user. Previously, you had to justify through this or that means the request for deletion of your personal data; today, the emphasis is on the data controller, who must justify the refusal of the request. As an individual, if you notice a breach of the regulation, you can complain to the relevant legal institutions (CNIL). The General Data Protection Regulation aims to protect consumers and individuals from any abuse by companies and institutions, to restore control over their personal data while simplifying the regulatory environment for businesses. A good news in the digital age!
