(CN) — Europe has become ground zero in a major legal and regulatory tug-of-war over control of the personal data of internet users — the everyday clicks, finger swipes, browsing habits, “likes” and communications of people on the web, the very DNA of a future built around technology.
The Old Continent is witnessing a very modern conflict between those seeking to make the internet a regulated public space — some even talk about nationalizing parts of the internet, such as social media and e-commerce platforms — and others who argue that taming the use of personal data is undesirable and that doing so will stifle innovation and hurt consumers.
In this conflict, European regulators and privacy activists are pitted against the United States’ biggest tech titans — Google, Facebook, Apple and Amazon — and the business of striking it rich by selling and exploiting digital data, often called the “new oil.”
Concern about data protection is growing in an age of data exploitation — as companies gather vast amounts of information about people, and make fortunes off that data. Among a dizzying array of uses, data is being used to track people's behavior; it's used in advertising and in politics; it’s used to predict consumer trends, and even to determine someone's income and creditworthiness.
At the same time, massive data breaches and the theft of personal data and questionable use of data growing threats. Concerns have been reinforced by a string of scandals such as a breach at Marriott hotels (hackers got information on 500 million guests) and the ongoing Cambridge Analytica revelations of data-mining for political purposes, including on behalf of Donald Trump in 2016.
“I think there is a global wake-up call that we need to better regulate our data,” said Estelle Massé, a senior policy analyst at Access Now, a digital rights group, in a telephone interview. “This needs to be done to protect the internet.”
Europe escalated the conflict in May when it began enforcing a new set of regulations designed to give internet users more protections and rights over how their data is stored, used and sold.
The rules, known as the General Data Protection Regulation, are vast. Supporters say they help to make the internet an open, free and secure place.
But critics contend the rules do little to change the way data is collected and used, force companies to waste billions of dollars to comply with the rules, are largely silent about remedies for people whose privacy has been compromised, hurt small startup companies unable to meet the rules’ demands, and restrict innovation, at a time when artificial intelligence is becoming the next frontier in technology.
“GDPR pushes companies away from using data to be more productive, just as many businesses are beginning to leverage technologies like data analytics and machine learning to increase productivity,” said Daniel Castro, director of the Washington, D.C.-based Center for Data Innovation, in an email.
Machine learning is a term used to describe a form of artificial intelligence in which computers improve themselves by processing data.
Castro dismissed claims that the regulations make the internet safer.
“In fact, the opposite may be true,” he said. He said the rules force “businesses to focus on check-the-box compliance rather than actually protecting user data.”
Here are some of what the rules call for:
● They allow people more say over how their personal data can be used and by whom.
● People can seek to have information about them removed from the internet.
● They can seek to have information about them corrected.
● They can ask companies to show what data they have about them.
● Internet companies are required to report data breaches within 72 hours and face hefty fines for failing to protect data. Fines can reach $22.5 million or 4 percent of global revenue, whichever is greater. Previously, there was no requirement to report breaches and fines were much smaller.