Statement by the President of the European Parliament, Antonio Tajani, on the entry into force of the General Data Protection Regulation
As from 25 May, our private lives and our personal data will be protected in a much more effective way from abuse and manipulation. This thanks to the entry into force of new rules, pushed forward by the European Parliament, to be applied by all Member States.
From now on, the companies and online platforms to which we entrust our data, will have to inform us about their intentions to use our data and obtain our explicit consent, regardless of the country in which they operate. No more silent consent, shaded areas or loopholes that allow circumvention of rules on the protection of our private life.
These rules will prevent the repetition of cases such as Cambridge Analytica, which used data from millions of users to influence election outcomes. Any form of unauthorized use of our data must, in fact, be notified within 72 hours.
Each of us can now oblige digital platforms to erase, once and for all, personal information that we do not want to leave on the web. We will also be able, finally, to re-establish full control over the online circulation of our videos and photos. From today, where the grounds exist, we have the right to ask for the deletion of audiovisual material uploaded on the net. At our request, search engines will also have to remove every link that leads to the said materials. In this way it will be possible to avoid the many cases of, often very young, users who have compromised their reputation and social life, sometimes with profound consequences as a result of unauthorized circulation of photos or videos detrimental to their dignity.
For those who do not respect the new rules, there are very heavy penalties: up to 4% of the total annual turnover. For the main web giants this could amount to fines of up to 7 billion dollars.
This is the biggest reform of privacy legislation since the birth of the Internet. It is a decisive step to protect our citizens by allowing them to use the network with serenity and freedom.
Once again, the European Parliament has played a central role in defining and approving state-of-the-art standards. We certainly do not intend to stop here. Our priority is to achieve true governance of the technological revolution, introducing an appropriate framework of rules as soon as possible. We need to see clear responsibilities for operators and to ensure the proper functioning of the digital market, with a fair tax, and the full protection of personal data, copyright and consumer rights.
The European Parliament officially adopted the General Data Protection Regulation (GDPR) on 14 April 2016. The Regulation will enter into force on 25 May and gave companies two years to get compliant.
Here is a list of the main rights and obligations introduced by the new Regulation:
- The right for the user of to be "forgotten" (in particular, the right to ask that links leading to personal information about the user be removed from search engines);
- The right for the user to transfer his/her data to other social networks ("data portability") – a provision which might stimulate the emergence of alternatives to exisiting online platforms;
- The right to know when personal data have been hacked (and corresponding obligation for companies to notify data breaches within 72 hours);
- The right to object to profiling (use of personal data for targeted advertising);
- The obligation for online platforms to inform about how they plan to use people's data;
- The obligation for online platforms to get explicit consent ("clear and affirmative consent");
- Fines up to 4% of firms' total annual turnover, as a deterrent to breaking the rules.