3 Things You Should Know About Europe's Sweeping New Data Privacy Law

The U.S. takes credit for creating the Internet, and the European Union seems determined to govern it. On Friday, a sweeping new directive goes into effect called the General Data Protection Regulation, or GDPR. Taken together, its 99 articles represent the biggest ever change to data privacy laws. The new rules have implications for U.S. Internet users too.

Here are answers to three questions you might have about the new law and its potential impacts.

What is GDPR?
It's a new law that protects residents of the EU — people living there, including Americans. (If you're a European and live in the U.S., you're not protected.) Under GDPR, all companies that have an Internet presence — including large American companies like Google, Microsoft and Facebook — have to comply.

At the most basic level, GDPR expands what counts as personal data and your rights over that data. Your data is, for example, what you post on social media, your electronic medical records and your mailing address. It's also your IP address (a string of numbers that's unique to your smartphone or laptop), as well as GPS location. 

The directive says people have to give permission for a company to collect their data. A company can't just sign you up without explicitly asking. And the more personal the data — say, biometrics, which is considered a special category under the law — the ask must be even more clear.

Europeans have a right to have their data deleted if they don't want a company to keep it. Companies have to delete the data without undue delay, or face a penalty - More, NPR

3 Things You Should Know About Europe's Sweeping New Data Privacy Law

Sweeping Internet Privacy Protection Regulations To Take Effect