What is GDPR? In a time when more people are entrusting their personal data with cloud services and breaches are occurring on a regular basis, the European Union is demonstrating its commitment to data privacy and security. In particular for small and medium-sized businesses(SMEs), GDPR compliance is a frightening proposition due to the regulation's scale, scope, and relative lack of specifics. With the development of technology and the accelerating globalization that comes from the Internet, the EU realized the necessity of modern safeguards. So, in 1995, it passed the European Data Protection Directive, which established baseline criteria for data privacy and security and served as the foundation for implementing laws in each of the member states. After being approved by the European Parliament in 2016, the GDPR came into effect, and as of May 25, 2018, all enterprises had to comply.
Comprehensive data protection laws are essential for protecting human rights – most obviously, the right to privacy, but also many related freedoms that depend on our ability to make choices about how and with whom we share information about ourselves. The European Union General Data Protection Regulation (GDPR) is one of the strongest and most comprehensive attempts globally to regulate the collection and use of personal data by both governments and the private sector. It was enacted in 2016 by the European Union.
In the digital age, everything a person does online generates or implicates data that can be highly revealing about their private life. The GDPR provides new ways people can protect their personal data, and by extension their privacy and other human rights. It gives everyone more control, and requires businesses, governments, and other organizations to disclose more about their data practices, and regulates the way they collect, process, and store people’s data.
By now you probably have no doubt – yes, your website has cookies, GDPR requires you to control them and you’re looking to become compliant. However, it's quite possible that your website uses multiple cookie types. This is significant because different types of cookies and tracking technologies used on the Internet must comply with varied GDPR cookie standards.The General Data Protection Regulation (GDPR), which serves as the foundation for the EU's data protection legal framework, is supported by other legal precedents, including the ePrivacy directive on electronic communications (also known as the EU cookie law), and by recommendations from both national data protection agencies and the European Board of Data Protection (EDPB). The overall effect of this legal framework in the EU is that users must give express, unambiguous consent. This consent must be specific, voluntarily supplied, and cannot be obtained in exchange for goods or services.
However, in spite of the regulation demanding companies to make its users aware of what they are complying with once they click the accept button, does the average user actually understand such contract, the implications of it, and most importantly, its rights under it? Our group posed itself this question, but in order to analyze better the topic at hand, we decided to reduce the scope of our research and instead formulate our question in the following way:
For this research project we decided to create a website and gather first hand data from the youth population residing in the EU. Our targeted demographic to send out the Google Forms to were individuals between the ages of 12 to 25 years old.
The survey questions came in the form of close and short open ended questions We chose this format in order to have quick and concise responses from the concerned party.
Further, we created the survey in 4 different languages in order to conclude the data collection process with a diverse array of responses that would concretely solidify our argument and aid us with formulating a strong thesis.
That being said our surveys were in the German, Spanish, French and English language to be sent out to highschool and university students in EU countries, but chiefly France, Spain and Belgium. Certainly, this geographic focus of where we chose to send out the forms, was a deliberative choice, explained by the fact that our research and argument contains a geographical focus solely targeting “EU regulation on GDPR”; and that this affects data subjects within the EU -and not necessarily only EU citizens.
Our main hypothesis at the beginning was that, in spite of having been raised in the digital era, digital natives are still little knowledgeable about their digital rights and about how their data is treated under the net.
We also expected to see some nuance between ages -those being older presenting a higher level of understanding- and between educational stages. However, we decided to do a comprehensive enough survey that would allow us to nuance our conclusions even more. Are European citizens more aware than those simply living in the EU? Does the fact of going to a private or a state educational institution play a role? Are people interested in technology as a whole more likely to be aware of their digital rights, or is it rather the legal scholars?