There is a growing realization that our data is under attack. From breaches at Equifax to Cambridge Analytica’s misuse of the profile information of more than 87 million Facebook users, it seems as if none of our personal data is safe. And more and more about us is being captured, stored and processed by smart devices like thermostats, baby monitors, WiFi-connected streetlights and traffic sensors.
In the United States, people who are concerned are looking to Europe. They see Europe’s “right to be forgotten,” by which citizens can force companies to erase some of their personal data, as a step toward regaining ownership of their online selves. And on May 25, the European Union will bring into force the most sweeping regulation ever of what can be done with people’s data.
This law, the General Data Protection Regulation, will give citizens greater control over their data while requiring those who process personal data in the European Union or about its citizens to take responsibility for its protection. The G.D.P.R. will give Europeans the right to data portability (allowing people, for example, to take their data from one social network to another) and the right not to be subject to decisions based on automated data processing (prohibiting, for example, the use of an algorithm to reject applicants for jobs or loans). Advocates seem to believe that the new law could replace a corporate-controlled internet with a digital democracy.