Over half of American companies are still unsure if they're up to standards for the incoming regulations.
(TNS) — Big data has taken over the world, though a huge new data law will stretch across borders.
The European Union's General Data Protection Regulation, or GDPR, is set to take force on Friday, and will have impacts far beyond the continent where it was crafted.
A sprawling law passed by the bloc's parliament in Brussels that will be enforced by "data protection authorities" in the capitals of member states such as Berlin and Paris.
Though the longer-term effects of countries' implementation of GDPR remain a question, though the law does inject a little order into an Internet world that has been lacking in a bill of rights and includes provisions allowing people to ask to have their data deleted, "purpose limitation" saying that data can only be used for what it was collected for, and strict rules on getting consent to use data.
It has received attention in the run up to the day when it jumps from paper to the law of cyber-land because of the Facebook data scandal, which highlighted how the U.S. has neither a major data law or a specific data protection authority.
The Silicon Valley company has also moved users outside of Europe under the control of its American office in a change that limits the exact legal consequences of GDPR, though Facebook has said it will apply the "spirit" of the law worldwide.
Founder Mark Zuckerberg repeated that he would be compliant during a session with EU parliamentarians on Tuesday where the format allowed him to glide past many questions about its business model of advertising targeted with users' data.
But companies that are not busy trying to pirouette their way through public scrutiny and regain their stock prices are also affected by the law, which affects all companies that have data for those in Europe.
Businesses and publications in both Europe and the U.S. about listservs that users have signed up about whether they still want to get messages that would come under the purview of GDPR.
"These companies find it often difficult to follow different privacy standards in different markets and therefore tend to apply the strictest international standards across the board. At times, it is technologically difficult to separate data involving European and non-European citizens," said Columbia Law School professor Anu Bradford in a Q&A.
"It can also be hard to justify offering better privacy protections for some users than others, further pushing companies towards a single global standard."
Bradford coined the term "Brussels effect" to describe the larger phenomenon of companies in industries outside data sticking to EU regulations in order to have access to the giant market, an extension off a similar idea that U.S. companies follow a "California effect" to do business in the Golden State.
Beyond businesses looking at customers who live in Europe, some suggest that the regulation can also apply to Americans who are spending even a short time in the EU and demand information of U.S. companies.
Though it undoubtedly will affect many businesses in the U.S. uncertainty over the law was rampant as recently as one month ago, according to a survey from technology association CompTIA.
The survey found more than half of American companies were unsure if they were GDPR-compliant, thought that the law didn't apply to them or were still exploring the possibilities, with only 13 percent asserting that they were fully compliant.
It said that nearly two-thirds of businesses were not very familiar with the hefty fine structure for breaches of the law.
Whether European data regulators will go after U.S. businesses is an open question, though penalties under the law can run as high as 20 million euros ($24 million) or 4 percent of global turnover.
©2018 New York Daily News Distributed by Tribune Content Agency, LLC.