*People in The Industry probably don't think they have to obey this European scheme, and yeah, it's not gonna be patrolled very well, but every once in a while, somebody who screws up is gonna get absolutely, massively, terribly fined. And they'll collect, too.
(...)
Silicon Valley giants have expanded their presence across the Continent, partly in response to the new privacy rules.
And for lawyers, the GDPR’s gestation period has amounted to a cash bonanza. Legal professionals refer to the 88-page law as the “gift that keeps on giving” due to the rich stream of billable hours and contractual work that come with it.
But despite its global consequences, few people outside the public policy sphere know what the GDPR is really about, and how it will impact their companies and lives.
POLITICO is here to help.
Here’s a guide to the law, breaking down “what it says” and “what it means.”
Right to be forgotten
What the text says: Officially called “the right to erasure,” the GDPR says “the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.” (Article 17)
What it means: Those embarrassing pictures from years ago could finally disappear. Europeans can ask companies to tell them everything they know about them, and delete it all. Businesses will have to set up their datasets in ways that they can trace and delete all the data they have on someone — a challenging engineering task for some.
The right to be forgotten is not entirely new. It goes back to a 2014 lawsuit in Spain by someone who complained that Google’s search engine linked his name to an incident dating back to 1998. While the court case concerned search results, EU lawmakers took the concept to another level by imposing a “right to erasure” across the bloc.
The extent to which Europeans can take this is still being litigated. Two cases against Google are to be heard before the EU’s highest court later this year. One involves the right to have information about past criminality and political affiliations removed. The other concerns whether such information should remain accessible outside of the EU.
Consent
What it says: A company or authority “shall be able to demonstrate that the data subject has consented to processing of his or her personal data” and the consent has to be “freely given” and asked in an “intelligible and easily accessible form, using clear and plain language.”
What it means: Websites have been serving internet users with annoying pop-ups asking if they agree to the terms and conditions. Clicking “I have read [these] and agree” has been dubbed “the biggest lie on the internet” by academics...
