The GDPR portion, which takes effect on May 25 in the UK, not only attempts to ensure that data collection and sales are more transparent to the end user, but that users have greater control over their own data. Many of the requirements are similar to proposed U.S. FCC privacy rules the Trump administration scuttled at the behest of industry lobbyists (https://motherboard.vice.com/en_us/article/534pj5/heres-how-trumps-fcc-privacy-rollback-puts-your-internet-data-at-risk) last year.

The GDPR rules require that companies:


Provide working opt-out tools
Clearly disclose data breaches to end users (within 72 hours of learning about it)
Allow users the ability to download and retain a complete copy of their own private data


Under the rules, users also have the authority to withdraw their consent at any time, in stark contrast to policies of the past.

The GDPR also empowers regulators to fine any company that does business in the EU if it misuses, exploits, or otherwise mishandles private consumer data. It also expands the definition of “personal data” to include location data, online identifiers (such as IP addresses) and other metadata.

"The new rules will give users back the right to decide on their own private data,” said Green Party GDPR advocate Jan Philipp Albrecht at the time. “Businesses that have accessed users' data for a specific purpose would generally not be allowed to transfer the data without the user being asked. Users will have to give clear consent for their data to be used.https://motherboard.vice.com/en_us/article/xwmx3n/what-is-gdpr

https://motherboard.vice.com/en_us/article/xwmx3n/what-is-gdpr

Good luck with that in the US.

Lobbyists outnumber congress several dozen to one.

At this point, I am boutons level cynical about anything ever passing in Congress that would benefit regular people over any special interest.

People should be aware that in principle something could be done, and is being done to protect their data-- elsewhere.

as always, there are unintended consequences in the real world:


When the GDPR was being debated, we warned (https://www.techdirt.com/articles/20151029/07290832661/how-eus-proposed-new-privacy-rules-will-be-tool-massive-censorship.shtml) that it would be a disaster for free speech (https://www.techdirt.com/articles/20170505/17475037310/dear-europe-please-dont-kill-free-speech-name-privacy-protection.shtml). Now that it's been in effect for about six months, we're seeing that play out in all sorts of ways. We've talked about how it was used to disappear public court documents (https://www.techdirt.com/articles/20180920/17133740682/gdpr-being-used-to-try-to-disappear-public-us-court-docket.shtml) for an ongoing case, and then used to disappear a discussion (https://www.techdirt.com/articles/20181003/17171040774/now-twitters-report-function-being-used-to-disappear-complaint-about-gdpr-being-used-to-disappear-public-court-document.shtml) about that disappearing court document. And we wrote about how it's been used against us (https://www.techdirt.com/articles/20181003/23545140776/thomas-goolnik-gets-google-to-forget-our-story-about-him-getting-google-to-forget-stories-about-thomas-goolnik.shtml) to hide a still newsworthy story (and that leaves out one other GDPR demand we've received in an attempt to disappear a story that I can't even talk about yet).


When I wrote about all of this both here on Techdirt and on Twitter, I had a bunch of "data protection experts" in Europe completely freak out at me that I had no idea what I was talking about, and how any negative impact was simply the result of everyone misreading the GDPR. I kept trying to point out to them that even if that's true in theory, out here in the real world, the law was being used to disappear news stories and was creating massive chilling effects and burdens on journalists. And the response was the same: nah, you're reading the law wrong.


And now we have an even more horrifying story of the damage the GDPR is doing to journalism. There's a Romanian investigatory journalism publication called RISE Project (https://www.riseproject.ro/) that has reported on corruption in Romanian politics. Not surprisingly, not everyone is happy about that. OCCRP -- the Organized Crime and Corruption Reporting Project -- a partner to RISE Project has the worrisome details about how the very Romanian government that RISE Project has been breaking corruption stories on has magically found the need to use the GDPR to demand the journalists turn over their sources (https://www.occrp.org/en/40-press-releases/presss-releases/8875-occrp-strongly-objects-to-romania-s-misuse-of-gdpr-to-muzzle-media).https://www.techdirt.com/articles/20181114/01491541047/yet-another-gdpr-disaster-journalists-ordered-to-hand-over-secret-sources-under-data-protection-law.shtml