Philip Jong

The General Data Protection Regulation (GDPR) has ushered in a new era in personal data privacy in Europe. Implemented in May 2018, it provides comprehensive protection for consumers against organizations that seek to collect personally identifiable information and gives consumers explicit control on how the collected data are being stored and used by these organizations. Importantly, consumers now have the right at any time to revoke consent for their data to be accessed and to even request permanent erasure (with few exceptions) of their data with these organizations. Unlike previous privacy frameworks, the new regulation is binding and enforceable with severe financial sanctions against individuals and organizations that fail to comply. Moreover, privacy proponents have argued that the downstream effects of GDPR will likely reach worldwide, including Canada where I live, since many organizations that are outside of Europe but conduct businesses there will unlikely be tolerant of any criticism for allowing a double standard concerning data privacy to perpetuate. As a privacy advocate, I welcome strong regulations that protect the public from businesses that misuse personal data of their customers, intentionally or unintentionally, especially those that are collected without explicit consent through social media. Ultimately, however, I believe that consumers must take increasing responsibility of their digital footprint so to ensure that their own sensitive personal data are never unduly exposed or compromised.