Skip to Content
MIT Technology Review
  • Featured
  • Topics
  • Newsletters
  • Events
  • Podcasts
    • Sign in
    Tech policy

    GDPR is finally here, and it’s already chaos

    May 25, 2018

    The General Data Protection Regulation, or GDPR, goes into effect today, threatening huge fines for businesses that abuse Europeans’ data.

    The dos: From now on, companies everywhere must:

    • get EU citizens’ consent to collect their personal data and explain what it will be used for
    • let them see, correct, and delete it upon request
    • make it easy for users to shift their data to other firms

    The don’ts: Companies must not ignore regulators’ requests to fix GDPR failings, nor take more than 72 hours to report a security breach involving personal data. Many still aren’t fully ready for the new regime.

    The punishment: The worst offenders can be fined up to 20 million euros ($23 million) or 4 percent of their revenue from the prior year, whichever is greater. There are smaller penalties for less serious transgressions.

    The panic: Some American media groups have already blocked EU users from their sites rather than run the risk of fines. The rules also have huge implications for social-media companies like Facebook, which has asked people to update their privacy settings. Privacy activists have already filed complaints against Facebook and Google.

    Why this matters: Europe’s tough standards could influence how America and other countries shape their data protection regimes.

    More background: Here’s the EU’s GDPR site; some implications for marketers; and an analysis of the new rules’ impact on publishers. And for fans of gamification, why not try a GDPR quiz?

     

    Deep Dive

    Tech policy

    How Russia killed its tech industry

    The invasion of Ukraine supercharged the decline of the country’s already struggling tech sector—and undercut its biggest success story, Yandex.

    How to preserve your digital memories

    Following recent announcements by Google and Twitter, more data deletion policies are coming.

    Your digital life isn’t as permanent as you think it is

    Google will delete accounts after two years of inactivity, and experts expect more data deletion policies to come

    Catching bad content in the age of AI

    Why haven’t tech companies improved at content moderation?

    Stay connected

    Illustration by Rose Wong

    Get the latest updates from
    MIT Technology Review

    Discover special offers, top stories, upcoming events, and more.

    Thank you for submitting your email!

    Explore more newsletters

    It looks like something went wrong.

    We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.