BRUSSELS (AFP) – New European Union data protection laws take effect on May 25 to protect users’ online information, in what Brussels touts as a global benchmark after the Facebook scandal.
The laws will cover large tech companies like Google, Twitter and Facebook that use personal data as an advertising goldmine, as well as firms like banks and also public bodies.
One major change is that consumers must explicitly grant permission for their data to be used, while they can also specifically ask for their personal information to be deleted.
Firms face huge fines of up to 20 million euros ($24 million) or four percent of annual global turnover for failing to comply with the EU’s General Data Protection Regulation (GDPR).
“It’s your data – take control,” the European Commission, the EU’s executive arm, urges the bloc’s 500 million citizens in guidelines for the new rules.
The case for the new rules has been boosted by the recent scandal over the harvesting of Facebook users’ data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election.
Facebook chief Mark Zuckerberg told US lawmakers last month the firm plans to fall into line with the EU rules as it seeks to rebuild its reputation after the breach, which affected 87 million users.