One of the greatest shake-ups for the Internet since its widespread introduction in the 1990s took place on 25 May this year. The European Union has begun to enforce the General Data Protection Regulation (GDPR); something that has serious implications for Kiwis.
The new laws govern the gathering, processing, storage, and use of personal data of EU residents; something done not only by companies based in the region, but also by companies around the world, including some in New Zealand.
The GDPR means a few digital changes for Kiwis, including those who enjoy playing online casino games. While some of the effects might dull the shine of some of the services offered, they ultimately ensure that the personal details those who surf the web for business or pleasure are protected.
What the New Laws Do
The sole purpose of the EU’s new data laws is to protect the zone’s Internet users from misuse of personal data. This has far-reaching implications and serious consequences for companies and individuals who fail to comply with the GDPR, whether they are based in Europe, New Zealand, or elsewhere.
According to the laws, data collection must be justifiable. Companies can collect only the data that is proportionally necessary for interests connected to its offerings. The laws also enshrine EU residents’ right to know, change, and even transfer any data of theirs collected by companies.
Importantly, the GDPR also recognises the right of residents to be forgotten digitally; something known as data erasure. This means they can have any search results about themselves produced by Google and other engines erased.
The laws also state that, in addition to being given without compulsion, consent for data collection must be well informed, clear, and specified. Explicit consent must be received by companies before they can share or sell residents’ personal data to other companies.
Stiff penalties may be imposed upon companies found guilty of breaching the GDPR. Depending on the nature of the offence, companies may be fined as much as 4 per cent of their annual global turnover or an amount of €20 million.
Data Protected By the GDPR
The EU’s new data protection laws do not leave the term Personal Data open to interpretation. Instead, they specify the types of data they protect.
This includes names, addresses, identification numbers, physical locations, cookies, IP addresses, RFID tags, health and genetics information, biometric data, information regarding political views, sexual orientation and sexual activity, data regarding ethnicity or race, and membership of trade unions.
How This Affects New Zealand
While the GDPR is focussed on the EU and its residents, the new laws have global implications due to the global nature of the Internet. Company websites based in New Zealand, Australia, the Americas, Asia, or Africa that accept EU residents as users are also affected.
Basically, the new laws apply to companies based in the zone, as well as any company or individual that sells goods or makes services otherwise available, even if they are free of charge, in the EU or to the region’s citizens, even if they are not located in the zone.
Many companies will no doubt find it easier to make global changes to their privacy and data collection policies, as indeed some have already done so. This immediately benefits Kiwis, who are also protected by laws regarded as sufficient by the EU.
However, not all effects of the new laws may be welcomed by online gambling enthusiasts in New Zealand. Casinos usually collect personal data to help them craft personalised special offers for players. With less data at their disposal, such sites may find themselves offering less-accurate promotions, or simply returning to standard, one-size-fits-all offers. The real far-reaching effects of the GDPR remain to be seen.