Privacy, Euro Style
On 25 May 2018, the GDPR came into effect in the EU. I practise law in Australia. What’s it got to do with me? Well, it applies to “personal identifiable information” of anyone located in the EU. That includes their name and email address. And, two years ago, I did some work for a UK company. I have the contact person’s information on file: their name, email address and phone number. Therefore, the GDPR applies to that information and to me.
Is it very different to Australian privacy laws? Yes and no. It uses the same basic concepts: personal information is defined, and the use, storage and disclosure of that information is controlled. But the GDPR imposes a higher level of responsibility on holders of personal information than current Australian laws do.
There has been a lot of activity surrounding the launch of the GDPR. By now, you would have received a few emails from social media companies, online bookstores, and all sorts of other organisations telling you they have updated their privacy policies. People are also concerned about the fact that fines of up to 20 million euros can be imposed by the EU data commissioner for breaches of the GDPR. Even on people outside the EU.