Know Your Consumer Rights under the European Union GDPR
European Union Regulations apply to all member states. We have to implement them in Ireland, and the regulations override any existing laws on the topic we may already have. The EU General Data Protection Act (GDPR) is no exception. Thus, it will be great news for consumers when it comes into force on 25 May 2018.
What the General Data Protection Act Aims to Protect
The GDPR affirms a very important principle for consumers. It says we are the owners of our personal information, and it is private to us until we choose to selectively share. Any government agency (outside of law enforcement) and all businesses must first ask our permission before they add it to their database. Moreover, we have the right to inspect it, correct it, and even remove it completely.
The responsibility to implement the GDPR in Ireland falls in the remit of the Data Protection Commissioner. They are making the process as transparent as possible, and have very sharp teeth to make sure businesses listen. We believe these consumer rights back-fit to any time in the past. Thus, you should also be able to interrogate your personal information captured before the GDPR inception date of 25 May 2018.
Why the European Union Decided We Need a GDPR
The European Union was increasingly concerned about breaches of consumer rights concerning handling of their personal information. Google, and the social media especially Facebook having been tracking our movements so they can influence our thinking. Every time you find a commercial message popping up during a Google search, or on your Facebook timeline about a product you are interested in, this is proof that this is happening.
Clear evidence is emerging that people from certain countries influenced the outcome of the U.S. President Election, and probably the UK Brexit, by targeting like-minded people with fake news that influenced their thinking. We believe the GDPR is an appropriate mechanism for controlling this centrally, and thus a step in the right direction.
Business has been up to something equally upsetting probably for longer. While it is quite okay for our supplier to use our purchasing history to suggest a related product, it is totally out of turn if it shares this with a third party. This is behind some of the unsolicited phone calls and emails that still occasionally pester us. Since the EU General Data Protection Act crosses Union boundaries, we will soon the able to help prevent cross-border violations too.
Our Rights as Consumers under the GDPR in More Detail
We will have a right to insist that banks, insurance companies, government bodies, medical professionals, telephone companies, and other service providers keep our personal details private, and in secure storage. They will also have a duty to tell us before they capture the information, and explain what they plan to do with it.
This is not something brand new. It has been good governance practice in larger organisations for some time. However, the weak link is often in the follow-through, for example, how they prevent a third party from hacking, and stealing what is rightfully ours. Some smaller companies have not seen customer data protection as a priority until now.
The GDPR regulates personal information on a computer, in a manual paper filing system, or in the form of video / voice recordings or photographs. From 25 May 2018, we will have a perfect right to check this personal information is correct, to know who has access to it, and to insist it is only used for purposes we agreed when providing it.
The Data Protection Commissioner will rule the event of a dispute once they decide who is right. They may also penalise the organisation holding the information if they were wilfully negligent. Here are their contact details you may like to keep on file: