Need a web designer, SEO advisor or other ecommerce expert?
Quickly and conveniently find solutions for your online business before making your next planning or purchasing decisions. Gather key insights and information before selecting your vendors.
Visit ALL EC today.
The new EU General Data Protection Regulations, which go into effect on May 25, will make things even more complicated.
If you have any customers who are EU residents, the new GDPR will impact you.
What Happened to Facebook?
The GDPR, an overhaul of the 1995 European Data Protection Directive (Directive 95/46/EC), extends extraterritorial jurisdictions and unambiguously affirms certain decisions asserted by European case law.
Informed consent is specific under EU rules. Article 4(11) of the GDPR defines consent as
“any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
Five criteria must be met to constitute consent:
- freely given
Unambiguous consent must include a statement or a clear affirmative action indicating agreement, which is primarily where Facebook ran afoul.
Facebook and many U.S. websites use default privacy settings. The German court found several of those settings were difficult for the user to find and change. By implementing default settings, Facebook had failed to get informed consent.
What Did Facebook Do?
The intent of this article is not to attack Facebook. In fact, Facebook has made several changes to the way it handles privacy protections since the German case was filed. It is meant to be a wake-up call to other companies that may have a similar approach to pushing privacy settings by default and assuming that privacy declarations buried in their terms-of-service will suffice.
“If consent is bundled up as a non-negotiable part of terms and conditions it is presumed not to have been freely given,” states Article 29 of the Data Protection Working Party Guidelines on Consent under Regulation 2016/679.
Said another way, if a…