On May 25, 2018, the EU's General Data Protection Regulation (GDPR) is enforced by regulators across 28 countries.
The data regime increases protections on EU's citizens' personal data, and left many companies targeting Europe to struggle meeting its requirements.
For that reason, many had to revamp their privacy policies - planning the change months ahead of the date, to make sure their business model remains intact.
All companies large and small, as well as other organisations such as public bodies and charities, are affected by GDPR. And among them, most notably, are the giants of the web. They are Apple, Google, Facebook, Microsoft, Amazon And Twitter.
These companies thrive with their own means, and have been known to hold a colossal amounts of information about billions of people around the world. Each of these 6 companies have taken different approach to GDPR - with some variations between them.
Read: EU's GDPR Law Takes Affect: The Biggest Data Protection Laws Since The 1990s
Apple
The company best known as the iPhone maker, generally collect less data than others on this list. The reason is because Apple is more of a hardware company that a software, and sells its products for a price. What this means, it has less dependencies on users' data to get revenue.
Unlike Facebook and Google, for example, the company doesn't rely on advertising to make money.
However, the company does take information from anything users have saved on their devices. Ahead of GDPR, the company has updated its privacy terms and introduced a page where users in Europe can download all of their data that Apple holds about them.
Breaking them down, they include those using Apple services, like Photos, Apple Pay, contacts and more.
Users can download them in the form of zipped folders containing CSV and JSON files. that can be reused.
Apple has also introduced users the ability to temporarily deactivate their account. This way, users can stop all Apple services from working.
The giant of the web that thrives on users' data and information. Nothing collects more information than Google, and this is why the company has come under heavy criticisms.
Ahead of the GDPR, the company has updated terms for products where Google acts as a processor of personal data. They include:
Ads Data Hub, AdWords Customer Match, AdWords Store sales (direct upload), Android Enterprise, DoubleClick Digital Marketing (including DoubleClick Bid Manager, DoubleClick Campaign Manager, and DoubleClick Search), Google Analytics Suite (including Google Analytics, Tag Manager, Optimize, Data Studio, Attribution, Audience Center, and Google Analytics for Firebase), Google Cloud Platform and G Suite.
Google has also updated terms for products where Google and the customer each act as independent controllers of personal data. They include:
AdMob, AdSense, AdWords (including Shopping and Hotel Ads, but not AdWords features where Google acts as a processor of personal data), DoubleClick Ad Exchange, DoubleClick for Publishers, Google Customer Reviews and Google Maps APIs.
"It's important to understand that most of our ad business is search, where we rely on very limited information — essentially what is in the keywords — to show a relevant ad or product," said Google CEO Sundar Pichai.
Facebook can be said to be the one blamed here. Since Cambridge Analytica scandal, the EU starts noticing that a new law has to be set quickly to prevent any future data misuses. This has given Mark Zuckerberg a hard time since Facebook thrives on users data.
The social giant has twisted the law that fell upon it, and took this as an opportunity to turn on facial recognition to users in Europe. Facebook has also moved the registration of about 1.5 billion users outside of the U.S., Canada and the EU to the United States from Dublin.
What this means, users locate Africa, Asia, Australia and Latin America won't be covered by the GDPR law.
The social media giant also offers privacy tools to each and every Facebook users. However, the tools aren't the same for every nation.
Facebook also gave an explanation about how it should work when it's acting as a data controller. This includes Facebook in having the responsibility of deciding why and how (the "purposes" and "means") the personal data is processed. Under the GDPR, these data controllers have to adopt compliance measures to cover how data is collected, what it's used for and how long it's retained. Facebook is also making sure that users can access the data Facebook has on them.
And when Facebook acts as a data processor, the company processes personal data on behalf of a data controller. Under the GDPR, data processors have obligations to process data safely and legally.
Microsoft
Microsoft has also a privacy dashboard that allows people to review their user settings, delete data, and download information that Microsoft has on them. It has also highlighted what it has updated in its Privacy Statement for GDPR.
Microsoft extends the new privacy rights to all users worldwide.
Microsoft has also updated its privacy statement that governs users, making it easier for them to read and inclusive of specific information related to GDPR. Additions to the statement include Microsoft in highlighting new categories surrounding personal data the company collects. This include data from voice, content consumption data, and browsing history.
The updated privacy statement also explains how Microsoft uses personal data generally and describes how customers can access and control their data.
Amazon
Amazon is known as the largest e-commerce the web has ever seen. However, it's also known to power many parts of the web, mainly through its Amazon Web Services (AWS). The product is one of the bigger parts of Amazon's many services.
At the end of March, Amazon announced AWS was ready for GDPR.
"AWS services give you the capability to implement your own security measures in the ways you need in order to enable your compliance with the GDPR," the company.
AWS also announced its compliance with the CISPE Code of Conduct, which helps cloud customers assess how their cloud infrastructure provider complies with its data protection obligations under the GDPR. AWS has declared that Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), Amazon Relational Database Service (Amazon RDS), AWS Identity and Access Management (IAM), AWS CloudTrail, and Amazon Elastic Block Storage (Amazon EBS) are fully compliant with the CISPE Code.
This should provides customers with additional assurances regarding their ability to control their data.
Twitter has updated its terms of service and privacy policy ahead of GDPR, to "focus on the controls we offer you over your personal data," mainly on three subjects:
- Product: For EU users, Twitter's product is updated to meet the requirements of the GDPR. The company offers increased transparency around what the company does with users' data.
- Policy: Updated to be in line with the GDPR. Changes include data portability, the overarching terms of access for EU users, and data anonymity requirements.
- Transparency: Twitter makes the experience of transparency to be a process that is clear to users. To do this, Twitter is keeping users updated through in-product prompts, updated blog content, and ensuring our public-facing materials are digestible and fit-for-purpose.
Twitter has also terminated its apps for streaming service Roku, Android TV and Xbox.