For many entrepreneurs dreaming of reaching the global sphere with their initiative/platform/app/business, the European Union’s ‘strict’ privacy regulatory standard is the guideline. This short article will outline key factors in Europe’s Privacy regulations and stress basic do’s and don’ts for entrepreneurs wishing to expand their business market abroad.
Whether you are specifically aiming your product at the European market, have an obsession with privacy standards, or are simply thinking outside the box because “who knows where the business will take off to?” – there are several key terms you need to know and understand, such as “The right to be forgotten”, “The Right to Privacy”, “The Data Protection Directive”, and “The Privacy Directive”.
The Right to be forgotten
The Right to be forgotten – a largely known innovative term among entrepreneurs and the tech-savvy crowd, emerged from a European Court of Justice ruling. In 2014, in a case involving Google, the right to be forgotten was recognized as a human right. In this specific case, Google Spain was found responsible for the content displayed and processed by third party websites, and must consider requests by individuals who ‘want to be forgotten’.
The case of Google Spain v. Casteja became synonymous with the right to be forgotten. The idea that, in spite of all the tempting technological advancements (and their onset of personal data collection), one may request the removal of certain links directly from the search engine was considered groundbreaking. Especially, when the requesting individual may appeal to relevant authorities should the search engine decline the request.
All the Data Protection authorities in the EU work together to form the “Article 29 Working Party”. The Working Party stresses the difference between ‘delisting’ and ‘forgetting’ – as delisting the name of a private individual (if legitimate claims were made and accepted) does not necessarily mean the content on the third party website disappears completely.
The Right to be forgotten was mooted in the EU’s General Data Protection Regulation, however it has existed without a definitive legal description as it was derived from the concepts outlined in Article 7 (respect for private and family life) and Article 8 (protection of personal data) of the Charter of Fundamental Rights of the EU (http://ec.europa.eu/justice/fundamental-rights/charter/index_en.htm).
In late 2014, Google claimed it would review requests via an online form specifically tailored by the company for users who wish to remove personal data. On the first day Google received over 12,000 forms from EU individuals who asked to be removed from the search engine.
As of 4th of May this year, administrative fines are given in compliance with the Data Protection Regulations. These take into consideration the nature of the infringement, local and global implications, personal details, and changing circumstances that differ between cases. The maximum fine is 10,000,000 Euros.
Do’s and Don’ts of Privacy for your initiative
If your platform requires information of any sort, you must first understand that in terms of European standards, personal information may include any of the following: name, home address, phone number, age, photograph, donation information, location and e-mail address.
So the first DON’Ts are easy:
DON’T collect and store information which you do not need. If you DO need personal information of any sort, be absolutely sure that you;
DON’T transfer it freely. In the global sphere there are different requirements for registering and running a database with any of the aforementioned details. In Israel, one must register the database as soon as a personal detail of any nature is collected (such as an e-mail address), or the database contains more than 1,000 names. EU legislation requires strict security standards of companies outside the EU that have institutions/corporations receiving personal data from the EU. Should the receiving end be found inapt for protecting said personal data, the transfer will be seen as illegal and subject to immense infringement administrative fines.
DON’T force your users to enable Location-Based Services (LBS) when using your platform, but DO mention that the User Experience is enhanced when LBS are enabled.
DO consult legal counsel when thinking about the implications of collecting various data. When you do understand the needs of your business, and how crucial the information is before making the decision to collect it.
In conclusion, Europe’s unique and thorough address to various privacy issues is considered the most strenuous and strict. It is important to understand key issues for obtaining a high level of protection in regards to customers’ and users’ information, seeing as the European market ‘keeps an eye out for privacy issues’. Especially, when approaching the international arena. In an age when online privacy is of rising importance and is greatly debated, be sure to keep your eye out for how your initiative maintains user satisfaction, enables the most enhanced and optimal user experience, whilst keeping to strict privacy guidelines in all aspects related to collection, storage, and transfer of data. The information presented is not legal advice, is not to be acted on as such, may not be current and is subject to change without notice.
The information presented is not legal advice, is not to be acted on as such, may not be current and is subject to change without notice.