What is GDPR?

There is a good chance that you have received a ton of emails lately from web sites and products stating that they have updated their privacy policy & terms of use. But did you know why this was happening now, all of a sudden? It turns out that the General Data Protection Regulation (GDPR) (EU) went into effect on May 25th, 2018. The flurry of emails you received bringing attention to policy updates were from web sites and applications scrambling to bring themselves up to code, to avoid putting themselves at risk of running into fines (as some already have — more on this later).

The bill that has been passed into law is of course quite extensive, so please note that the information being presented here is heavily abridged and watered down in order to give an overview of the situation. So what that said, here’s some information on what GDPR is in a nutshell.

What does it do?

GDPR essentially regulates the data that applications can gather from a user, and to what extent that user can be tracked and how. There are other aspects such as the way the data is to be stored, allowing users the ability to request a portable downloadable copy of their data from the company that has gathered it, and the right for the user to be “forgotten”, i.e. have their data deleted from the company, to name just a few. These regulations however apply to EU residents at this time, so web sites and applications are moving quickly to add features to their products in which they detect where the user is coming from, and if they are from an EU country, they are treated differently, in accordance to GDPR regulations. Even if the web site or application is hosted in the U.S. or any other country which doesn’t have GDPR, they must still abide by the GDPR rules & regulations if the user is from an EU country.

A huge difference in user experience

A lot of people ask “so how will this effect my user experience?” and perhaps the most telling way to answer this question is with this example, as posted by users on Hacker News & reddit threads. Users found that if you are a user visiting the regular USA Today web site, it will take you approximately 14 seconds to load the web site, during which 331 requests will be made to different scripts, transferring a total of 2.5 MB of data. In comparison, if you were an EU user visiting the new USA Today web site for EU residents, your web site would load in 1.36 seconds, making requests to just 33 scripts and transferring an incredible 286 KB of data. This just goes to show the scope and magnitude at which tracking & advertising scripts have taken over the web, adding as much as 10x bloatware.

The future

This could potentially be the jumping off point for others to follow suit. After the immense impact the Facebook debacle had and the global spotlight which it earned, it became clear that regulations were required to protect users and their privacy. As with everything else, there is an evolutionary period that needs to take its course in order to get to a certain point. With Facebook apps and other third party app development platforms like iOS and Android, the early days were the wild west (we know, we were there). There was little to no oversight and developers were going crazy abusing the platforms’ abilities, as evidenced by the Cambridge Analytica data scandal. The same could be said about the state of the web over the last decade or more. However, I believe that we have now reached a point in history where enough light has been shed on this topic to get governments and regulatory bodies involved, and with this massive step taken by the EU, other governments will be keeping a close eye on the situation moving forward.

Conclusion

My personal opinion is that this is a great step forward taken by the EU and its residents are in agreement. There has been near unanimous praise for the steps put in place by the GDPR and the initial outlook is quite positive. We are optimistic that this will pave the way for such bodies in the future to protect the users on the web through stricter privacy laws.