Content deleted Content added
GreenC bot (talk | contribs) Move 1 url. Wayback Medic 2.5 per WP:URLREQ#motherboard.vice.com |
m Open access bot: url-access updated in citation with #oabot. |
||
Line 264:
IT professionals expect that compliance with the GDPR will require additional investment overall: over 80 percent of those surveyed expected GDPR-related spending to be at least US$100,000.<ref name="Babel, 7/11/2017 High Cost of GDPR">{{cite web|last1=Babel|first1=Chris|title=The High Costs of GDPR Compliance|url=https://www.darkreading.com/endpoint/the-high-costs-of-gdpr-compliance/a/d-id/1329263?|website=InformationWeek|publisher=UBM Technology Group|access-date=4 October 2017|date=11 July 2017|archive-url=https://web.archive.org/web/20171005051046/https://www.darkreading.com/endpoint/the-high-costs-of-gdpr-compliance/a/d-id/1329263|archive-date=5 October 2017|url-status=live}}</ref> The concerns were echoed in a report commissioned by the law firm [[Baker & McKenzie]] that found that "around 70 percent of respondents believe that organizations will need to invest additional budget/effort to comply with the consent, data mapping and cross-border data transfer requirements under the GDPR."<ref>{{cite web |title=Preparing for New Privacy Regimes: Privacy Professionals' Views on the General Data Protection Regulation and Privacy Shield |url=http://f.datasrvr.com/fr1/416/76165/IAPP_GDPR_and_Privacy_Shield_Survey_Report.pdf |website=bakermckenzie.com |publisher=Baker & McKenzie |access-date=4 October 2017 |date=4 May 2016 |archive-url=https://web.archive.org/web/20180831164743/http://f.datasrvr.com/fr1/416/76165/IAPP_GDPR_and_Privacy_Shield_Survey_Report.pdf |archive-date=31 August 2018 |url-status=live }}</ref> The total cost for EU companies is estimated at €200 billion while for US companies the estimate is for $41.7 billion.<ref>{{Cite web|url=https://www.gigacalculator.com/calculators/gdpr-compliance-cost-calculator.php|title=GDPR Compliance Cost Calculator|last=Georgiev|first=Georgi|website=GIGAcalculator.com|url-status=live|access-date=16 May 2018|archive-url=https://web.archive.org/web/20180516224335/https://www.gigacalculator.com/calculators/gdpr-compliance-cost-calculator.php|archive-date=16 May 2018}}</ref> It has been argued that smaller businesses and [[startup companies]] might not have the financial resources to adequately comply with the GDPR, unlike the larger international technology firms (such as [[Facebook]] and [[Google]]) that the regulation is ostensibly meant to target first and foremost.<ref>{{Cite web|url=https://www.theguardian.com/technology/2018/apr/19/gdpr-facebook-google-amazon-data-privacy-regulation|title=How Europe's 'breakthrough' privacy law takes on Facebook and Google|last=Solon|first=Olivia|date=19 April 2018|website=The Guardian|access-date=25 May 2018|archive-url=https://web.archive.org/web/20180526112914/https://www.theguardian.com/technology/2018/apr/19/gdpr-facebook-google-amazon-data-privacy-regulation|archive-date=26 May 2018|url-status=live}}</ref><ref>{{Cite news|url=https://www.politico.eu/article/gdpr-rules-europe-facebook-data-protection-privacy-general-data-protection-regulation-cambridge-analytica/|title=Europe's new privacy rules are no silver bullet|date=22 April 2018|work=Politico.eu|access-date=25 May 2018|archive-url=https://web.archive.org/web/20180526041653/https://www.politico.eu/article/gdpr-rules-europe-facebook-data-protection-privacy-general-data-protection-regulation-cambridge-analytica/|archive-date=26 May 2018|url-status=live}}</ref> A lack of knowledge and understanding of the regulations has also been a concern in the lead-up to its adoption.<ref>{{Cite news|url=https://www.computerweekly.com/microscope/news/2240234469/Lack-of-GDPR-knowledge-is-a-danger-and-an-opportunity|title=Lack of GDPR knowledge is a danger and an opportunity|work=MicroscopeUK|access-date=25 May 2018|archive-url=https://web.archive.org/web/20180526041200/https://www.computerweekly.com/microscope/news/2240234469/Lack-of-GDPR-knowledge-is-a-danger-and-an-opportunity|archive-date=26 May 2018|url-status=live}}</ref> A counter-argument to this has been that companies were made aware of these changes two years prior to them coming into effect and should have had enough time to prepare.<ref>{{Cite news|url=https://www.theverge.com/2018/5/22/17378688/gdpr-general-data-protection-regulation-eu|title=No one's ready for GDPR|first=Sarah|last=Jeong|work=The Verge|date=22 May 2018|access-date=1 June 2018|archive-url=https://web.archive.org/web/20180528022510/https://www.theverge.com/2018/5/22/17378688/gdpr-general-data-protection-regulation-eu|archive-date=28 May 2018|url-status=live}}</ref>
The regulations, including whether an enterprise must have a data protection officer, have been criticized for potential administrative burden and unclear compliance requirements.<ref>{{Cite news|url=https://www.irishtimes.com/business/technology/new-rules-on-data-protection-pose-compliance-issues-for-firms-1.3397742|title=New rules on data protection pose compliance issues for firms|first=Elaine|last= Edwards|newspaper=The Irish Times|date=22 February 2018|access-date=25 May 2018|archive-url=https://web.archive.org/web/20180526041717/https://www.irishtimes.com/business/technology/new-rules-on-data-protection-pose-compliance-issues-for-firms-1.3397742|archive-date=26 May 2018|url-status=live}}</ref> Although data minimisation is a requirement, with [[pseudonymization|pseudonymisation]] being one of the possible means, the regulation provides no guidance on how or what constitutes an effective data de-identification scheme, with a grey area on what would be considered as inadequate pseudonymisation subject to Section 5 enforcement actions.<ref name="looking-to">{{cite web |publisher=IAPP |first=Matt |last=Wes |date=25 April 2017 |url=https://iapp.org/news/a/looking-to-comply-with-gdpr-heres-a-primer-on-anonymization-and-pseudonymization/ |title=Looking to comply with GDPR? Here's a primer on anonymization and pseudonymization |access-date=19 February 2018 |archive-url=https://web.archive.org/web/20180219150511/https://iapp.org/news/a/looking-to-comply-with-gdpr-heres-a-primer-on-anonymization-and-pseudonymization/ |archive-date=19 February 2018 |url-status=live }}</ref><ref>{{Cite journal |last=Chassang |first=Gauthier |date=2017 |title=The impact of the EU general data protection regulation on scientific research |journal=ecancermedicalscience |volume=11 |pages=709 |doi=10.3332/ecancer.2017.709 |issn=1754-6605 |pmc=5243137 |pmid=28144283}}</ref><ref>{{cite web |last=Tarhonen |first=Laura |year=2017 |url=https://www.edilex.fi/viestintaoikeus/18073 |title=Pseudonymisation of Personal Data According to the General Data Protection Regulation |access-date=19 February 2018 |archive-url=https://web.archive.org/web/20180219150702/https://www.edilex.fi/viestintaoikeus/18073 |archive-date=19 February 2018 |url-status=live }}</ref> There is also concern regarding the implementation of the GDPR in [[blockchain]] systems, as the transparent and fixed record of blockchain transactions contradicts the very nature of the GDPR.<ref>{{Cite web|url=https://www.siliconrepublic.com/enterprise/blockchain-gdpr-report-bai|title=A recent report issued by the Blockchain Association of Ireland has found there are many more questions than answers when it comes to GDPR|website=siliconrepublic.com|date=23 November 2017 |access-date=5 March 2018|archive-url=https://web.archive.org/web/20180305202537/https://www.siliconrepublic.com/enterprise/blockchain-gdpr-report-bai|archive-date=5 March 2018|url-status=live}}</ref> Many media outlets have commented on the introduction of a "[[right to explanation]]" of algorithmic decisions,<ref>{{Cite news|url=https://www.theguardian.com/technology/2017/jan/27/ai-artificial-intelligence-watchdog-needed-to-prevent-discriminatory-automated-decisions|title=AI watchdog needed to regulate automated decision-making, say experts|last=Sample|first=Ian|date=27 January 2017|work=The Guardian|access-date=15 July 2017|issn=0261-3077|archive-url=https://web.archive.org/web/20170618031432/https://www.theguardian.com/technology/2017/jan/27/ai-artificial-intelligence-watchdog-needed-to-prevent-discriminatory-automated-decisions|archive-date=18 June 2017|url-status=live}}</ref><ref>{{Cite web|url=http://www.techzone360.com/topics/techzone/articles/2017/01/25/429101-eus-right-explanation-harmful-restriction-artificial-intelligence.htm|title=EU's Right to Explanation: A Harmful Restriction on Artificial Intelligence|website=techzone360.com|access-date=15 July 2017|archive-url=https://web.archive.org/web/20170804005751/http://www.techzone360.com/topics/techzone/articles/2017/01/25/429101-eus-right-explanation-harmful-restriction-artificial-intelligence.htm|archive-date=4 August 2017|url-status=live}}</ref> but legal scholars have since argued that the existence of such a right is highly unclear without judicial tests and is limited at best.<ref>{{Cite journal|last1=Wachter|first1=Sandra|last2=Mittelstadt|first2=Brent|last3=Floridi|first3=Luciano|date=28 December 2016|title=Why a Right to Explanation of Automated Decision-Making Does Not Exist in the General Data Protection Regulation|ssrn=2903469|journal=International Data Privacy Law}}</ref><ref name=":3">{{Cite journal|last1=Edwards|first1=Lilian|last2=Veale|first2=Michael|year=2017|title=Slave to the algorithm? Why a "right to an explanation" is probably not the remedy you are looking for|url=https://ssrn.com/abstract=2972855|journal=Duke Law and Technology Review|doi=10.2139/ssrn.2972855|ssrn=2972855|url-access=subscription}}</ref>
The GDPR has garnered support from businesses who regard it as an opportunity to improve their data management.<ref>{{cite web|url=https://www.forbes.com/sites/forbestechcouncil/2018/03/29/five-benefits-gdpr-compliance-will-bring-to-your-business/#3c8e415f482f|title=Five benefits GDPR compliance will bring to your business|first=Michael|last=Frimin|work=Forbes|date=29 March 2018|access-date=11 September 2018|archive-url=https://web.archive.org/web/20180912054700/https://www.forbes.com/sites/forbestechcouncil/2018/03/29/five-benefits-gdpr-compliance-will-bring-to-your-business/#3c8e415f482f|archive-date=12 September 2018|url-status=live}}</ref><ref>{{cite web|url=https://www.vox.com/the-big-idea/2018/3/26/17164022/gdpr-europe-privacy-rules-facebook-data-protection-eu-cambridge|title=Europe's tough new digital privacy law should be a model for US policymakers|first=Trevor|last=Butterworth|publisher=Vox|date=23 May 2018|access-date=11 September 2018|archive-url=https://web.archive.org/web/20180912054623/https://www.vox.com/the-big-idea/2018/3/26/17164022/gdpr-europe-privacy-rules-facebook-data-protection-eu-cambridge|archive-date=12 September 2018|url-status=live}}</ref> [[Mark Zuckerberg]] has also called it a "very positive step for the [[Internet]]",<ref>{{cite web|url=https://www.cnet.com/how-to/what-gdpr-means-for-facebook-google-the-eu-us-and-you/|title=What the GDPR means for Facebook, the EU and you|first1=Justin|last1=Jaffe|first2=Laura|last2=Hautala|website=CNET|date=25 May 2018|access-date=11 September 2018|archive-url=https://web.archive.org/web/20180912091915/https://www.cnet.com/how-to/what-gdpr-means-for-facebook-google-the-eu-us-and-you/|archive-date=12 September 2018|url-status=live}}</ref> and has called for GDPR-style laws to be adopted in the US.<ref>{{Cite web|url=https://www.cnbc.com/2019/04/01/facebook-ceo-zuckerbergs-call-for-gdpr-privacy-laws-raises-questions.html|title=Facebook CEO Zuckerberg's Call for GDPR Privacy Laws Raises Questions|website=www.cnbc.com|date=April 2019|access-date=8 April 2019|archive-date=4 April 2019|archive-url=https://web.archive.org/web/20190404041806/https://www.cnbc.com/2019/04/01/facebook-ceo-zuckerbergs-call-for-gdpr-privacy-laws-raises-questions.html|url-status=live}}</ref> Consumer rights groups such as [[The European Consumer Organisation]] are among the most vocal proponents of the legislation.<ref>{{cite magazine|url=https://www.wired.com/story/europes-new-privacy-law-will-change-the-web-and-more/|title=Europe's new privacy law will change the web, and more|first=Nitasha|last=Tiku|magazine=Wired|date=19 March 2018|access-date=11 September 2018|archive-url=https://web.archive.org/web/20181015205629/https://www.wired.com/story/europes-new-privacy-law-will-change-the-web-and-more/|archive-date=15 October 2018|url-status=live}}</ref> Other supporters have attributed its passage to the whistleblower [[Edward Snowden]].<ref>{{cite news|url=https://www.washingtonpost.com/news/monkey-cage/wp/2018/05/25/today-a-new-eu-law-transforms-privacy-rights-for-everyone-without-edward-snowden-it-might-never-have-happened/?|title=Today, a new E.U. law transforms privacy rights for everyone. Without Edward Snowden, it might never have happened.|first1=Nikhil|last1=Kalyanpur|first2=Abraham|last2=Newman|newspaper=The Washington Post|date=25 May 2018|access-date=11 September 2018|archive-url=https://web.archive.org/web/20181011173700/https://www.washingtonpost.com/news/monkey-cage/wp/2018/05/25/today-a-new-eu-law-transforms-privacy-rights-for-everyone-without-edward-snowden-it-might-never-have-happened/|archive-date=11 October 2018|url-status=live}}</ref> Free software advocate [[Richard Stallman]] has praised some aspects of the GDPR but called for additional safeguards to prevent technology companies from "manufacturing consent".<ref>{{cite news|url=https://www.theguardian.com/commentisfree/2018/apr/03/facebook-abusing-data-law-privacy-big-tech-surveillance|title=A radical proposal to keep your personal data safe|first=Richard|last=Stallman|newspaper=The Guardian|date=3 April 2018|access-date=11 September 2018|archive-url=https://web.archive.org/web/20180912091923/https://www.theguardian.com/commentisfree/2018/apr/03/facebook-abusing-data-law-privacy-big-tech-surveillance|archive-date=12 September 2018|url-status=live}}</ref>
Line 317:
=== Website views and revenue ===
A 2024 study found that GDPR reduced both EU user website page views and website revenue by 12%.<ref>{{Cite journal |last1=Goldberg |first1=Samuel G. |last2=Johnson |first2=Garrett A. |last3=Shriver |first3=Scott K. |date=2024 |title=Regulating Privacy Online: An Economic Evaluation of the GDPR |url=https://www.aeaweb.org/articles?id=10.1257/pol.20210309 |journal=American Economic Journal: Economic Policy |language=en |volume=16 |issue=1 |pages=325–358 |doi=10.1257/pol.20210309 |issn=1945-7731|url-access=subscription }}</ref>
== Timeline ==
| |||