The European Union's formidable data privacy law comes into force today. EU Justice Commissioner Vera Jourova has likened it to a "loaded gun" in the hands of regulators. The General Data Protection Regulation (GDPR), as it is formally known, packs a punch in the service of a "strong and more coherent data protection framework".
At a time when tech giants like Facebook and Google have grown increasingly powerful, it will be a handy tool to have to restore the balance of power. At over 200 pages, the GDPR also has extra-territorial reach and stiff penalties to force companies to exercise greater care over the harvesting, use and maintenance of consumer data they collect. Companies wherever they are located will be held responsible when they process the data of citizens of EU countries. Among other things, they will need to obtain consent from individuals for the collection of data on them; users have a right to withdraw their consent at any point and to have their information deleted from databases. Failure to comply could result in fines of up to 4 per cent of a company's global revenue or €20 million (S$31.5 million), whichever is higher.