WEBVTT

00:00:00.120 --> 00:00:01.520
Thanks for watching Techquickie.

00:00:01.520 --> 00:00:05.920
Click the subscribe button, then enable notifications with the bell icon, so you won't miss any

00:00:05.920 --> 00:00:07.720
future videos.

00:00:07.720 --> 00:00:12.640
So do you feel like whenever you type personal information into a webpage, it probably ends

00:00:12.640 --> 00:00:16.940
up in the hands of an executive with dollar signs in his eyes holding court at a mad tea

00:00:16.940 --> 00:00:20.400
party of advertisers and people with agendas?

00:00:20.400 --> 00:00:26.240
Well, sadly, that's less of a paranoid delusion than I'd like, and it's exactly the kind

00:00:26.240 --> 00:00:32.600
of thing that the European Union's new General Data Protection Regulation is trying to stop.

00:00:32.600 --> 00:00:36.980
And because it was implemented so recently, plenty of large tech firms have been scrambling

00:00:36.980 --> 00:00:40.100
to make sure they don't get caught on the wrong side of the law.

00:00:40.100 --> 00:00:42.140
But what exactly does the law do?

00:00:42.140 --> 00:00:46.800
So the basic idea is that any organization or business that either operates in the EU

00:00:46.800 --> 00:00:51.240
or handles data relating to people in the EU has a few responsibilities.

00:00:51.240 --> 00:00:54.900
Meaning that even a business here in Canada like Linus Media Group could find itself in

00:00:54.900 --> 00:00:56.240
hot water with the European authority.

00:00:56.240 --> 00:01:00.940
If I did something like, let's say, sell your email address to a company that makes explosive

00:01:00.940 --> 00:01:02.480
discount power supplies.

00:01:02.480 --> 00:01:04.480
But I wouldn't do anything like that to you guys.

00:01:04.480 --> 00:01:07.220
Wait a minute.

00:01:07.220 --> 00:01:09.580
But that doesn't mean your data can't be sold.

00:01:09.580 --> 00:01:13.460
One of the biggest linchpins of the GDPR is consent.

00:01:13.460 --> 00:01:17.140
If you're in the EU, you have a right to be informed about what type of data is being

00:01:17.140 --> 00:01:21.260
collected and why it's being collected before you hit OK.

00:01:21.260 --> 00:01:23.460
And this pertains to lots of different types of data.

00:01:23.460 --> 00:01:27.180
A single photo, a comment you made on a public social media post.

00:01:27.180 --> 00:01:28.960
And even your name are covered.

00:01:28.960 --> 00:01:33.360
GDPR requires companies to specifically lay out each piece of data they're collecting

00:01:33.360 --> 00:01:35.820
from you for your consent to be valid.

00:01:35.820 --> 00:01:39.240
After you've given your consent and the zuck or whoever else gets their mitts on your sweet

00:01:39.240 --> 00:01:42.840
sweet personal information, there are some more rules concerning how they have to store

00:01:42.840 --> 00:01:43.840
it.

00:01:43.840 --> 00:01:46.020
Specifically, it has to be protected in some way.

00:01:46.020 --> 00:01:49.480
Whether it's through encryption or by keeping the data separate from other data that could

00:01:49.480 --> 00:01:52.520
be used together to identify an individual person.

00:01:52.520 --> 00:01:56.940
So for example, a national ID number should be sequestered from other information.

00:01:56.940 --> 00:02:01.060
That could enable an attacker to work out who it belongs to.

00:02:01.060 --> 00:02:05.600
And if an attacker does breach a database, or if someone was just careless with a USB

00:02:05.600 --> 00:02:10.700
stick, the organization has to inform a data protection authority within three days of

00:02:10.700 --> 00:02:12.180
when it found out.

00:02:12.180 --> 00:02:16.980
And they'd also be on the hook to notify you, yes you Otto Schmidt from Berlin, in the case

00:02:16.980 --> 00:02:18.680
of a really serious breach.

00:02:18.680 --> 00:02:23.680
But if a mere notification isn't enough for you and you just want the data off their servers,

00:02:23.680 --> 00:02:26.880
the GDPR also obligates companies to give you access to it.

00:02:26.880 --> 00:02:30.760
So you can either do it on demand, or to delete your data upon request.

00:02:30.760 --> 00:02:35.620
Partly stemming the tide of the internet is forever, with a right to be forgotten.

00:02:35.620 --> 00:02:39.980
Though bear in mind that if one of your terrible hot takes gets retweeted a million times, there's

00:02:39.980 --> 00:02:43.860
nothing you can do to force private internet users to delete their screencaps.

00:02:43.860 --> 00:02:45.180
But back to businesses.

00:02:45.180 --> 00:02:46.760
Why would they comply with this?

00:02:46.760 --> 00:02:51.140
Well, as it turns out, there are serious consequences for businesses that don't handle your data

00:02:51.140 --> 00:02:52.400
with respect.

00:02:52.400 --> 00:02:55.060
For willful violations or for repeat offenders, the fines can be as high as 4% per year.

00:02:55.060 --> 00:02:56.060
And that's a lot of money.

00:02:56.060 --> 00:02:56.100
That's a lot of money.

00:02:56.880 --> 00:03:02.800
And that may not sound like much, but for large enterprises like Google, that could

00:03:02.800 --> 00:03:06.420
amount to billions, yes, billions of dollars.

00:03:06.420 --> 00:03:08.860
So this sounds pretty good if you're an EU resident.

00:03:08.860 --> 00:03:12.260
But what if you live in the US, Japan, or Guinea-Bissau?

00:03:12.260 --> 00:03:18.800
Well, some tech firms like Facebook and Microsoft are implementing GDPR-compliant features worldwide,

00:03:18.800 --> 00:03:22.580
giving users outside the EU the same level of access and control.

00:03:22.580 --> 00:03:25.180
But don't imagine this is out of the goodness of their hearts.

00:03:25.180 --> 00:03:26.060
In reality, it probably has more to do with the fact that they don't have access to data

00:03:26.060 --> 00:03:27.060
protection.

00:03:27.060 --> 00:03:29.520
It probably has more to do with it being more streamlined and having different policies

00:03:29.520 --> 00:03:30.520
for different locations.

00:03:30.520 --> 00:03:34.760
And it's also not a great look from a public relations perspective to give users in certain

00:03:34.760 --> 00:03:38.960
places less robust data protection just because they can.

00:03:38.960 --> 00:03:42.620
So that's a great step towards a more global internet because I, for one, have had just

00:03:42.620 --> 00:03:45.420
about enough of geo-blocking anyway.

00:03:45.420 --> 00:03:47.220
Are you interested in computer science?

00:03:47.220 --> 00:03:51.320
Well then check out Brilliant, a problem-solving website that teaches you to think like a computer

00:03:51.320 --> 00:03:52.320
scientist.

00:03:52.320 --> 00:03:56.220
Instead of just passively listening to lectures, you get to master concepts by solving fun,

00:03:56.220 --> 00:03:57.720
and challenging problems.

00:03:57.720 --> 00:04:01.340
And Brilliant provides the tools and framework you need to tackle those challenges.

00:04:01.340 --> 00:04:05.080
Brilliant's thought-provoking content based around breaking up complexities into bite-sized

00:04:05.080 --> 00:04:08.740
understandable chunks will lead you from curiosity to mastery.

00:04:08.740 --> 00:04:12.420
And you'll be in the company of over five and a half million members who share your

00:04:12.420 --> 00:04:14.800
curiosity and love for math and science.

00:04:14.800 --> 00:04:16.000
So what are you waiting for?

00:04:16.000 --> 00:04:19.000
You can support Techquickie and learn more about Brilliant by clicking the link in the

00:04:19.000 --> 00:04:23.700
video description or by going to brilliant.org slash LinusTechTips and signing up for free.

00:04:23.700 --> 00:04:25.220
The first 200 people to go to the link will get 20% off at the end of the day.

00:04:25.220 --> 00:04:25.240
Thanks for watching.

00:04:26.220 --> 00:04:35.620
I'll see you next time.