Venmo, Yahoo, Fitbit, Soundcloud, Airbnb and many more.
There is a reason they are coming now — and it is not because of the Facebook data scandal.
It is because of a new European Union law that is set to go into effect on May 25, 2018, called G.D.P.R. — General Data Protection Regulation.
“G.D.P.R. is all about notice and disclosure,” said Bob Cattanach, a partner at Dorsey & Whitney LLP who specializes in cybersecurity.
The law requires companies to tell users about data breaches that could affect them. It also requires terms of service agreements to be more reader-friendly.
It gives Europeans the right to access their data, the right to update/change/correct data, the right to figure out who is processing their data, the right to have it erased and the right to complain about it.
“In the U.S., we do not necessarily have all those rights,” said Paul Luehr, a partner at FaegreBD who specializes in cybersecurity. “We have them in certain areas.”
G.D.P.R applies to all businesses in Europe, including U.S. companies with customers or an office over there.
The law will protect only European citizens right now, but some experts believe this is where the U.S. could be headed.
“Some companies are saying, ‘We think we see down the road that this regulation is going to gain popularity around the world, we’re all in,’” Luehr said. “Other companies are separating it out, saying, ‘That specific question is really just for Europeans.’”
Facebook CEO Mark Zuckerberg said during his congressional testimony that his company would apply the G.D.P.R. standards its business across the world.
University of Minnesota privacy expert Bill McGeveran says consumers do not necessarily need to read to the new terms of service agreement, but should take this as an opportunity to do so.
“It’s kind of like checking your batteries in your smoke detector,” McGeveran said. “It’s a good time to do a check-up.”