Last month, I wanted to book a flight on Southwest Airlines. I was blocked from the website. I also wanted to read about news in my childhood hometown, but the Chicago Tribune denied me access to its website. I couldn’t even read the story I wrote in November for The Pilot. I was, again, denied access. I probably won’t get to read this one either after it is published.
I wasn’t blocked because of passwords. My computer wasn’t hacked. It turns out that along with every other person located in a European Union country, I was denied access. All this thanks to new regulation from the EU. Like all great monster pieces of bureaucracy, it has a very forgettable acronym: GDPR.
That stands for General Data Protection Regulation. It is intended to protect the privacy of individuals by giving them control over data that is collected about them.
The law applies to any company, organization or person anywhere in the world that processes personal data of people in the EU. It says anyone collecting data must seek approval from the individuals. It may not process or share the data without clear consent. Sounds promising.
So what businesses are affected? The most obvious include all our global social media services. Facebook, LinkedIn, Twitter, etc. Consumer companies such as grocery stores, retail stores, and anything with a reward system have to comply. So do organizations including schools and churches. Newspapers and anything that gathers your data are included. Even our regional newspaper, The Pilot, can no longer be seen by anyone in Europe because its web vendor blocked access.
Life after GDPR hasn’t been easy for anyone. Companies have spent more than $9 billion trying to comply, according to the International Association of Privacy Professionals. And keeping compliant will cost more. Now, if there is a data breach the company has to notify users within 72 hours. No more finding out months after the fact, like we have seen for Facebook, Adobe, Blue Cross and others in the United States.
Individuals have had to click more than ever on the Internet to accept new rules for “cookies” and tracking. There are dozens of different ways retail stores have moved to comply. Some have you sign up again for rewards, some have switched to linking to your phone number only. Others won’t let you shop on their rewards program without a picture ID. Imagine a world where Harris Teeter won’t give you the e/Vic special price without a photo ID!
And multinationals like myself have been hit particularly hard. Services coming from outside the EU have vacillated from doing nothing to completely leaving the EU market. The fear is that if companies are found non-compliant they could be fined up to 4 percent of global sales.
We still can’t read The Los Angeles Times and dozens others. I can’t access NC Quick Pass to cancel my sticker. Blocked.
To be sure, good intentions were driving the creation of GDPR. Now anyone in the EU can request that a company or organization supply a copy of all the information on them, show how it was used and with whom it was shared. In theory, anyone living in the EU should be able to request this from Experian or the IRS, or any organization that offers a service to residents of the EU.
It will be interesting to see the requests and complaints that get filed as this law takes hold. Under GDPR, if Harris Teeter has data compiled on someone in Europe, the shopper can request that it be revealed in 30 days or face a complaint, which can lead to the fine.
For now, though, I book Southwest with the help of family stateside and I read The Pilot when friends take screenshot of stories and text them to me. The world has become global. Yet, most regulation is written for the local population. In fact, regulation in a global world can have some terrible consequences. This article was about such European regulation.
We Americans might laugh and complain about foreigners’ love for rules. But many of us will be surprised at how new rules from the USA are hurting people all over the world, mostly its own citizens. It is so bad that it is making thousands of U.S. citizens abroad line up to cede citizenship. I’ll save that for the next column.