If you've received such emails or update notices, it's helpful to understand what it means and the reason for updating their privacy.
The GDPR wishes to upgrade the standards on how your information and privacy are handled.
Companies operating in various regions, including the EU, the United States, Australia, Brazil, etc., have improved their standards of protecting user privacy.
If you use the internet or visit websites, you must have come across a request from a website asking you to agree to their terms of service. Whether you agree or disagree with the terms, you’ll get a button that allows you to click depending on your decision.
The policy dictates everything from the collection of user data, its storage, use, and sharing.
Most websites make terms of service easily accessible to users. As such, the user is fully aware of the type of data the company intends to collect all through to how they'll share it with other third-parties.
You must read and understand the terms before you sign up for the terms of service.
The policy should outline in detail what it intends to do with your confidential information. The terms and conditions should be written in an easy-to-understand language and avoid legal jargons that the user may not be familiar with.
Websites updates their terms and conditions or privacy policies to comply with data protection laws. They also inform users of their rights and how the company intends to collect data, store it and use it.
Among the latest data protection regulations include California Consumer Privacy Act (CCPA) and GDPR.
The laws require websites that collect user data to be transparent about collecting, storing, and sharing the data and making users aware of their rights.
What Is General Data Protection Regulation?
In 2016, the European Parliament came up with a registration where they age website users more control over their personal information and data. According to the legislation, it was a law requiring all companies to protect the confidential data and privacy of European Union citizens for all transactions based in the European Union.
Some of the most significant changes regarding how companies and organizations deal with personal information and data include:
- Data portability
- Right to be forgotten
- Breach notification
- Privacy by design
- Right to access
Breach of Notification
According to article 33 of the GDPR, a company or organization should report a data breach to a supervisory authority in a span of 72 hours of noticing it. The process requires data controllers to determine who is affected by the data breach and the type of information that has been compromised.
If the company deals with large-scale and high-risk data that risks the user's financial, identity, and other data, the company should inform them.
The regulation also requires the organization to be clear and comprehensive when communicating an active situation to the users. In some countries, the companies may be required to provide proof of communication to the relevant supervisory authorities.
Right to Access
According to chapter 15 of the privacy policies regulation, the customers have the right to access the following information:
- Purpose of the processing of personal data
- Categories of the specific data
- The right to file a complaint with the necessary supervisory authority
- Envisioned duration for which the personal information will be stored
- Existence of automated decision making and profiling
- The right to request erasure or ratification of personal data from the controller
Data Protection by Design
Article 25 of the regulation states that user privacy and security shouldn't be an afterthought. Controllers responsible for creating websites should prioritize data protection.
Article 20 allows users to transfer personal data from one controller to another.
Right to be Forgotten
This right is also referred to as the right to erasure. It is not an absolute right, and it is only applicable in certain circumstances. The new law gives the user the right to have personal information permanently erased.
When Should you Update your Terms?
What Should I Look for within the Updates?
How Data Is Collected and Shared
For example, if you want to sign up for Facebook, you must provide various details, including your name, birth date, mobile phone number, email, etc.
However, Facebook also tracks your online behaviour.
When you are logged in, Facebook will collect data about:
- The IP address you use to log in to your account
- All third-party apps that you link to your account
- All connected devices you have used to log into your account, etc
- Researchers and academics
- Legal requests and law enforcement
- Third-party apps and apps with Facebook integration
Giving User Control Over Advertising
Although you won't absolutely get rid of advertisements on your timeline, Facebook has given you the ability to control the information that is used to target you.
Before the privacy protection regulations, Facebook would use all the information you provided to generate targeted ads.
After the regulations, the company will prompt you to disable or enable targeted ads based on the religious, relationship, and political information you provide.