Gimme a G! Gimme a D! Gimme a P! Gimme an R!

There’s a new law brewing in the EU that takes personal data seriously. It’s called the EU General Data Protection Regulation (GDPR) and it’s a law to be genuinely excited about.

The European Parliament and European Council drafted the GDPR in April 2016 and it will be in a transitional implementation period until final enforcement begins on May 25, 2018. What happens afterwards will impact the future of digital rights.

The GDPR is a monumental step in giving Internet users privacy and control over their own online actions. In an age where stealing and exploiting personal data is commonplace, it’s important for organizations to be held accountable for their use of others’ data and for users to feel safe in providing it.

As of now, most Internet users don’t even realize how much of their personal data is owned by other entities. According to the Harvard Business Review, only 14% of people know they’re sharing their browsing history and only 25% know they’re sharing their location.

GDPR advocates strongly on behalf of individuals, giving them more autonomy and control than ever before. The EU Justice commissioner Viviane Reding said that “a strong, clear, and uniform legal framework at EU level will help to unleash the potential of the Digital Single Market and foster economic growth, innovation, and job creation.”

This is not to say that big data is harmful and companies that collect information on Internet users are malicious. GDPR only recommends that using personal data should be a last resort. Other options to be implemented first are using pseudonymous data, which separates identifying information from the rest of the data points, or deleting data after use instead of storing it.

Other rights in GDPR include:

• Consent: individuals must be aware of and agree to their information being collected or stored
• Data breach notification: companies must alert anyone affected by a breach within 72 hours, so that the customers can take action to protect themselves
• Protection: companies will have to perform routine audits of all data collection services, as well as how data is being processed and stored, with some hiring a Data Protection Officer (DPO) to monitor GDPR compliance
• Right to be forgotten: individuals can request to have information about them deleted

GDPR is a great first step toward a healthier Internet. This year’s MozFest will have a lot of sessions about data privacy, digital rights, and consent. Marília Monteiro’s “Information and Consent: how do we create real data control?” will involve a roleplaying game of policy decisions and data protection law. Sherry Lehane’s “Fearless Approaches to Explaining Privacy and Security” raises awareness about data tracking and will collaboratively create a manifesto of best practices for sharing data while staying safe online. Harry Trimble’s “User-centred consent” will brainstorm ways companies can use design to help users make informed decisions about their personal information.

We’re excited to delve deep into this important topic at MozFest 2017. Which sessions will you choose?