Interactive

On May 25, the European Union’s new data and privacy law takes effect. The EU’s General Data Protection Regulation (GDRP) changes the rules for companies that collect, store or process large amounts of information on residents of the EU, requiring more openness about what data the companies have and with whom they share it.

The notices are flooding people’s inboxes en masse, from large technology companies, including Facebook and Uber, and even from parent teacher associations, children’s soccer clubs and yoga instructors. “Here is an update to our privacy policy,” they say. All are acting because the European Union enacts the world’s toughest rules to protect people’s online data. And with the internet’s borderless nature, the regulations are set to have an outsize impact far beyond Europe.

The European Union’s General Data Protection Regulations (GDPR) go into effect May 25, and privacy groups are pushing companies to commit to the same standard for their US operations. More than two dozen privacy groups sent letters to "edge providers" Amazon, Facebook and Google, and ad giants Walmart, Nestle and others asking them to use the EU regime as a baseline for their own US data protection policies. 

The Justice Department and the FBI are investigating Cambridge Analytica, the now-defunct political data firm, and have sought to question former employees and banks that handled its business. Prosecutors have questioned potential witnesses in recent weeks, telling them that there is an open investigation into Cambridge Analytica — which worked on President Trump’s election and other Republican campaigns in 2016 — and “associated U.S.

Democrats on the House Intelligence Committee made public for the first time the full cache of more than 3,000 ads that Facebook said were purchased by a pro-Kremlin group, the Internet Research Agency. The ads, fewer than 50 of which had previously been revealed, offer the clearest window yet into the evolving tactics used by the group as it sought to amplify social and political tensions in the US. The Russian-backed pages initially deployed relatively simple techniques, buying ads targeted to reach large segments, such as all Facebook users living in the US.

Google has emailed publishers an update to their ad serving platform, called "Ad Technology Provider (ATP) Controls," that allows publishers to select GDPR-compliant ad tech vendors moving forward. Google is essentially giving publishers two options for selecting GDPR compliant ad tech vendors moving forward: 1) Publishers choose their own providers. 2) A list of roughly 200 providers (mainly ad buyers) that contribute the most revenue to publishers. All providers listed have shared certain information that is required by the GDPR. Google says it will re-evaluate the list every quarter.

Facebook’s failure to compel Cambridge Analytica to delete all traces of data from its servers – including any “derivatives” – enabled the company to retain predictive models derived from millions of social media profiles throughout the US presidential election, the Guardian can reveal. Leaked emails reveal that when Cambridge Analytica told Facebook almost a year before the election that it had deleted data harvested from tens of millions of Facebook users, it stopped short of agreeing to also erase derivatives of the data.

Politics and data are now inextricably linked. Cambridge Analytica was part of a world increasingly fueled by vast troves of personal data that billions of Internet users emit every day. Politicians now have the tools to target us each individually — based on data suggesting our race, religion, income, shopping habits, sexual orientation, medical concerns, personality traits, current location, past locations, pet preference or Zodiac sign if they'd like.

In Europe and the United States, the conventional wisdom is that regulation is needed to force Silicon Valley’s digital giants to respect people’s online privacy. But new rules may instead serve to strengthen Facebook’s and Google’s hegemony and extend their lead on the internet. That’s because wary consumers are more prone to trust recognized names with their information than unfamiliar newcomers.

Facebook has moved more than 1.5 billion users out of reach of European privacy law, despite a promise from Mark Zuckerberg to apply the “spirit” of the legislation globally. In a tweak to its terms and conditions, Facebook is shifting the responsibility for all users outside the US, Canada and the European Union from its international HQ in Ireland to its main offices in California. It means that those users will now be on a site governed by US law rather than Irish law.