How the EU plans to transform data privacy

ID: Under new GDPR rules, anything that can be used to identify you counts as “personal data”.

Who should own our data? With just days to go before Europe introduces tough new privacy laws, yesterday Mark Zuckerberg apologised (again) for any “harm” caused by Facebook.

“I’m sorry for it.”

Yesterday, Facebook CEO Mark Zuckerberg stood in front of key members of the European Parliament and apologised for the way his platform had been “misused”. In a lengthy Q&A, the EU quizzed him on everything from political bias to tax affairs — but most were left frustrated by his lack of response.

Many privacy campaigners have hoped that Europe can curb Facebook’s immense power, particularly after scandals over fake news and Cambridge Analytica.

On Friday that could get a lot easier as new EU-wide privacy rules come into force. Lawmakers in the European Parliament spent four years drafting the new law, known as the GDPR; it is longer than Hamlet and Othello combined.

In short, the law means that companies must gain consent to process people’s personal data. (This is why your inbox is probably full of emails asking you to “keep in touch”.) It also means that people can ask companies to delete all of the data currently held about them.

The law was designed with tech giants like Facebook and Google in mind — companies who use personal data to sell targeted advertising. The European data protection supervisor, Giovanni Buttarelli, called such companies “digital sweat factories” and accused them of farming people “for their attention, ideas and data in exchange for so called ‘free’ services.”

GDPR is supposed to tip the power back towards ordinary people.

However, some argue that it does not go far enough. Facebook and Google have already been accused of trying to get around the new rules. And when there is so little competition for their services, it becomes harder and harder to opt out — Facebook’s usage went up this year, despite numerous scandals and a #deletefacebook campaign.

More and more people are calling for a complete overhaul of the system. Who should own your data?

Information overload

We should, say some. Companies like Facebook have proved time and again that they do not have ordinary people’s interests at heart. Instead, each of us should hold all of our data ourselves. That way, we can only allow access to the companies or government services that we trust to genuinely help us. We could even sell it — if Zuckerberg can use our data to become one of the world’s richest men, why shouldn’t we get a cut?

Data should be open to all, argue others. There are ways to make it anonymous so that individuals cannot be identified. If it was all held in one secure place, by the government or an independent trust, then it could be analysed to improve life for everyone. That includes creating products that people want, tracking the spread of diseases, or improving the flow of traffic around a city. The future is transparent.

You Decide

  1. Do you trust big companies like Facebook and Google to keep your personal information secure?
  2. Should we all own our data?


  1. Imagine that you were one of the European Parliament members interviewing Mark Zuckerberg yesterday. Write down the three most important questions you would have for him.
  2. Get into groups and imagine that you are building the internet from scratch. What rules would you set about personal data?

Some People Say...

“Those who rule data will rule the entire world.”

Masayoshi Son

What do you think?

Q & A

What do we know?
The deadline for companies to comply with the GDPR is this Friday. Yesterday, Zuckerberg told the European Parliament that Facebook would comply with it fully by that deadline, and extend the policies to the rest of the world too.
What do we not know?
Whether he is telling the truth. There are reasons to be suspicious — the company recently moved responsibility for the data of all of its non-European users outside of its Ireland branch, possibly to avoid complying with the rules. We also do not know the answers to many of the EU’s most detailed questions. This was due to the Q&A’s format, which allowed all of the MEPs to ask their questions before Zuckerberg gave his answers. This meant that he did not get to all of them in time.

Word Watch

Key members
Zuckerberg was questioned by the European Parliament’s “conference of presidents” — a committee of the leaders of its eight main political groups.
Fake news
In the wake of the US presidential election in 2016, Facebook was accused of allowing fake news stories to spread rapidly across its site, potentially swaying the result in Donald Trump’s favour. (However, the true effect of these stories is still unclear.)
Cambridge Analytica
A British company which used data from 87 million Facebook profiles to create highly targeted political adverts. The data was obtained without users’ permission.
General Data Protection Regulation. It covers any company that processes the data of Europeans, which includes US companies like Facebook.
Targeted advertising
Adverts which are seen by the people who are most likely to respond well to them. This could be based on something as broad as their age or gender, or more personal information.
Went up
According to analysis by Goldman Sachs, Facebook’s mobile use went up by 7% in the US in April, when the Cambridge Analytica scandal was at its height.

PDF Download

Please click on "Print view" at the top of the page to see a print friendly version of the article.