{"id":12368,"date":"2019-05-05T20:59:41","date_gmt":"2019-05-06T01:59:41","guid":{"rendered":"http:\/\/sites.law.duq.edu\/juris\/?p=12368"},"modified":"2019-05-05T21:00:29","modified_gmt":"2019-05-06T02:00:29","slug":"eus-gdpr-places-a-global-check-on-data-collection-practices","status":"publish","type":"post","link":"https:\/\/sites.law.duq.edu\/juris\/2019\/05\/05\/eus-gdpr-places-a-global-check-on-data-collection-practices\/","title":{"rendered":"EU\u2019s GDPR Places a Global Check on Data Collection Practices"},"content":{"rendered":"<figure id=\"attachment_12369\" aria-describedby=\"caption-attachment-12369\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-12369\" src=\"http:\/\/sites.law.duq.edu\/juris\/wp-content\/uploads\/2019\/05\/me.jpg\" alt=\"\" width=\"400\" height=\"262\" srcset=\"https:\/\/sites.law.duq.edu\/juris\/wp-content\/uploads\/2019\/05\/me.jpg 960w, https:\/\/sites.law.duq.edu\/juris\/wp-content\/uploads\/2019\/05\/me-300x197.jpg 300w, https:\/\/sites.law.duq.edu\/juris\/wp-content\/uploads\/2019\/05\/me-768x503.jpg 768w, https:\/\/sites.law.duq.edu\/juris\/wp-content\/uploads\/2019\/05\/me-84x55.jpg 84w, https:\/\/sites.law.duq.edu\/juris\/wp-content\/uploads\/2019\/05\/me-800x524.jpg 800w, https:\/\/sites.law.duq.edu\/juris\/wp-content\/uploads\/2019\/05\/me-580x380.jpg 580w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-12369\" class=\"wp-caption-text\"><em>Image Credit: Pixabay.com<\/em><\/figcaption><\/figure>\n<p style=\"text-align: center;\"><strong>By Natalia Holliday, Editor-in-Chief<\/strong><\/p>\n<p>The digital age brought the digitization of just about every aspect of our lives into data points, to be analyzed and used by businesses, researchers, and the government to further their respective causes. Our \u201cdigital fingerprints\u201d allow entities to predict our behaviors <em>en masse<\/em> and target us online in ways to optimize beneficial outcomes to those entities. Certainly, this data can be used for respectable purposes \u2013 to improve customer relationships, optimize customer experiences, and create extraordinary convenience \u2013 but with this new online platform comes incredible vulnerability and opportunity for abuse.<\/p>\n<p>Between 2005 and 2018, the United States saw 9,700 data breaches resulting in the exposure of 1,537,040,000 records.<a href=\"#_ftn1\" name=\"_ftnref1\"><sup>[1]<\/sup><\/a> Among the different types of data breach incidents that exist,<a href=\"#_ftn2\" name=\"_ftnref2\"><sup>[2]<\/sup><\/a> identity theft is the most common worldwide.<a href=\"#_ftn3\" name=\"_ftnref3\"><sup>[3]<\/sup><\/a> These breaches are sometimes monumental in scale. For instance, every single Yahoo account that existed in August of 2013 \u2013 all 3 <em>billion<\/em> of them \u2013 fell victim to a breach of names, email addresses, and passwords.<a href=\"#_ftn4\" name=\"_ftnref4\"><sup>[4]<\/sup><\/a> In 2011, an \u201c\u2018illegal and unauthorized\u2019\u201d person stole the names, home and email addresses, birth dates, passwords and usernames of 77 million Sony PlayStation Network users,<a href=\"#_ftn5\" name=\"_ftnref5\"><sup>[5]<\/sup><\/a> prompting Sony to pull the PlayStation Network offline for nearly one month.<a href=\"#_ftn6\" name=\"_ftnref6\"><sup>[6]<\/sup><\/a> The Facebook\/Cambridge Analytica data harvesting scandal showed the world how this extraordinary commodity can even affect the roots of America\u2019s democracy.<a href=\"#_ftn7\" name=\"_ftnref7\"><sup>[7]<\/sup><\/a><\/p>\n<p>In the wake of seemingly endless stories about misuse and breaches of data, the European Union drafted what would become the General Data Protection Regulation (\u201cGDPR\u201d). The GDPR is a comprehensive regulation designed to \u201charmonize data privacy laws across Europe, protect and empower all EU citizens\u2019 data privacy, [and] reshape the way organizations across the region approach data privacy.\u201d<a href=\"#_ftn8\" name=\"_ftnref8\"><sup>[8]<\/sup><\/a> For organizations controlling and processing personally identifiable information (PII) of so-called \u201cdata subjects\u201d (\u201can identified or identifiable natural person\u201d<a href=\"#_ftn9\" name=\"_ftnref9\"><sup>[9]<\/sup><\/a>), the GDPR imposes strict rules on such processing.<a href=\"#_ftn10\" name=\"_ftnref10\"><sup>[10]<\/sup><\/a><\/p>\n<p>As a default, processing the personal data of a natural person is illegal <em>unless<\/em> a legal basis applies.<a href=\"#_ftn11\" name=\"_ftnref11\"><sup>[11]<\/sup><\/a> The seven legal bases are: consent, contract, legal obligations, vital interests of the data subject, public interest, and legitimate interests as stated in a related article of the GDPR.<a href=\"#_ftn12\" name=\"_ftnref12\"><sup>[12]<\/sup><\/a><\/p>\n<p>Additionally, the regulation emphasizes certain \u201cprinciples of data processing\u201d that are meant to guide organizations in proper data processing under the GDPR. The \u201clawfulness, fairness and transparency\u201d principle dictates that \u201cany information and communication relating to the processing [of personal] data be easily accessible and easy to understand, and that <em>clear and plain language<\/em> be used.\u201d<a href=\"#_ftn13\" name=\"_ftnref13\"><sup>[13]<\/sup><\/a> The \u201cdata minimization\u201d and \u201cpurpose limitation\u201d principles work together to limit what data is actually processed as well as the purposes of the processing.<a href=\"#_ftn14\" name=\"_ftnref14\"><sup>[14]<\/sup><\/a> Other principles include accuracy, storage limitation, integrity and confidentiality, and accountability.<a href=\"#_ftn15\" name=\"_ftnref15\"><sup>[15]<\/sup><\/a><\/p>\n<p>One of the most profound provisions of the regulation is the applicable territorial scope. The GDPR is said to give control back to EU residents<a href=\"#_ftn16\" name=\"_ftnref16\"><sup>[16]<\/sup><\/a> by protecting \u201cfundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.\u201d<a href=\"#_ftn17\" name=\"_ftnref17\"><sup>[17]<\/sup><\/a> To give this \u201ccontrol\u201d to EU residents, the regulation attaches to the processing of an EU resident\u2019s personal data, <em>no matter the location of the resident, the processing company, or the processing itself<\/em>.<a href=\"#_ftn18\" name=\"_ftnref18\"><sup>[18]<\/sup><\/a><\/p>\n<p>To illustrate, say an EU resident decides to visit sunny Pensacola, Florida for vacation. She finds a great rate at the Courtyard by Marriott, a company headquartered in Bethesda, Maryland.<a href=\"#_ftn19\" name=\"_ftnref19\"><sup>[19]<\/sup><\/a> She books the deal online and enjoys a delightful vacation. Any data Marriott collects in relation to the transaction with the EU resident is subject to the GDPR\u2019s rules, despite the fact that Marriott is headquartered in the United States. Why? Because the GDPR protects EU residents, <em>regardless of location<\/em>.<a href=\"#_ftn20\" name=\"_ftnref20\"><sup>[20]<\/sup><\/a><\/p>\n<p>When you consider what a company must do to comply with the GDPR, as well as the penalties for failing to comply, the consequences of this extraterritorial scope hit like a tsunami. Among the many obligations of companies under the regulation, some of the major ones include:<\/p>\n<ul>\n<li>conducting an \u201cinformation audit\u201d to determine the source of all personal data held and whether it was shared with another;<\/li>\n<li>implementing a comprehensive data protection management program, which would require an overhaul of internal processes and procedures relating to data management;<\/li>\n<li>designating a data protection officer and a controller (who is responsible for compliance);<\/li>\n<li>modifying procedures for obtaining consent to process personal data;<\/li>\n<li>creating systems to provide copies of processed personal data to the data subject and to erase personal data or restrict their processing; and<\/li>\n<li>carrying out a \u201cdata protection impact assessment\u201d before going forward with \u201cprocessing that is likely to result in a high risk to the rights and freedoms of [a] natural person.\u201d<a href=\"#_ftn21\" name=\"_ftnref21\"><sup>[21]<\/sup><\/a><\/li>\n<\/ul>\n<p>Additionally, an organization must implement special safeguards and procedures when it comes to processing the data of children.<a href=\"#_ftn22\" name=\"_ftnref22\"><sup>[22]<\/sup><\/a><\/p>\n<p>The above list is not exhaustive, and the protocols an organization must put into place largely depends upon the organization itself.<a href=\"#_ftn23\" name=\"_ftnref23\"><sup>[23]<\/sup><\/a> However, the penalties for failure to comply with the GDPR rules are staggering, enough to terrify a company into maximum compliance.<\/p>\n<p>The fine for \u201clower level\u201d violations can go up to \u20ac10 million or 2% of the company\u2019s global annual revenue measured by the prior financial year, whichever is <em>higher<\/em>.<a href=\"#_ftn24\" name=\"_ftnref24\"><sup>[24]<\/sup><\/a> An \u201cupper level\u201d violation can land an organization with a \u20ac20 million fine or 4% of the previous year\u2019s global annual revenue, whichever is higher.<a href=\"#_ftn25\" name=\"_ftnref25\"><sup>[25]<\/sup><\/a> France slammed Google with a \u20ac50 million fine for failing to comply with the GDPR (by providing inadequate information to consumers about data use and consent policies), which converts to about $57 million.<a href=\"#_ftn26\" name=\"_ftnref26\"><sup>[26]<\/sup><\/a> This is a relatively small fine on the GDPR\u2019s penalty scale \u2013 Google\u2019s 2018 revenues reached $136.22 billion.<a href=\"#_ftn27\" name=\"_ftnref27\"><sup>[27]<\/sup><\/a> A 4% fine would\u2019ve cost the monster company nearly $5.5 billion.<\/p>\n<p>With the global reach of the GDPR, one must wonder just how much this regulation will influence the law of non-EU jurisdictions. Prior to the GDPR\u2019s May 2018 effective date, the United States Federal Communications Commission (\u201cFCC\u201d) attempted a privacy rule to protect consumer data.<a href=\"#_ftn28\" name=\"_ftnref28\"><sup>[28]<\/sup><\/a> Similar to the GDPR, the FCC rule gave consumer\u2019s control over their personal data and provided a framework for requirements such as consent, transparency, and \u201ccommon-sense data breach notification requirements.\u201d<a href=\"#_ftn29\" name=\"_ftnref29\"><sup>[29]<\/sup><\/a> However, Congress and President Trump signed a resolution to nullify the rule in 2017.<a href=\"#_ftn30\" name=\"_ftnref30\"><sup>[30]<\/sup><\/a><\/p>\n<p>The FCC rule setback aside, notable leaders in the tech industry, including Apple CEO Tim Cook, have vocalized support for an American version of the GDPR.<a href=\"#_ftn31\" name=\"_ftnref31\"><sup>[31]<\/sup><\/a> Similar principles of data minimization, the right to know what data is processed and for what purpose, the right to access and delete processed data, and the right to data security would apply.<a href=\"#_ftn32\" name=\"_ftnref32\"><sup>[32]<\/sup><\/a><\/p>\n<p>Consumer trust in companies and the government to protect personal data is sunk, but consumers expect both the government and companies to <em>do more<\/em>.<a href=\"#_ftn33\" name=\"_ftnref33\"><sup>[33]<\/sup><\/a> So although the 2016 FCC rule went down with the Trump administration, it may be the case that the GDPR becomes a model for non-EU jurisdictions to further the cybersecurity interests of their constituents. One might argue that since non-EU companies are already working on compliance, it would be an easy transition. Maybe you\u2019ve already noticed the upswing in consent boxes on websites requesting permission to collect data or, like many, received those \u201cOur privacy policy has changed\u201d emails from various organizations and companies with online operations. Indeed, perhaps it\u2019s the case that all it took was the GDPR to set the world\u2019s businesses on the right track toward respect for consumer data. As the global effects of the GDPR play out, we\u2019ll see whether non-EU legal systems are compelled to make a similar move.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Sources<\/strong><\/p>\n<hr \/>\n<p><a href=\"#_ftnref1\" name=\"_ftn1\">[1]<\/a> Statista, <em>Cyber crime: number of breaches and records exposed 2005-2008<\/em>, Statista.com, <a href=\"https:\/\/www.statista.com\/statistics\/273550\/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed\/\">https:\/\/www.statista.com\/statistics\/273550\/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed\/<\/a> (last visited April 10, 2019).<\/p>\n<p><a href=\"#_ftnref2\" name=\"_ftn2\">[2]<\/a> Statista, <em>Share of global data breaches H1 2018, by type<\/em>, Statista.com, <a href=\"https:\/\/www.statista.com\/statistics\/329593\/frequency-share-incident-classifiaction-patterns\/\">https:\/\/www.statista.com\/statistics\/329593\/frequency-share-incident-classifiaction-patterns\/<\/a> (last visited April 10, 2019).<\/p>\n<p><a href=\"#_ftnref3\" name=\"_ftn3\">[3]<\/a> <em>Id<\/em>.<\/p>\n<p><a href=\"#_ftnref4\" name=\"_ftn4\">[4]<\/a> Selena Larson, <em>Every single Yahoo account was hacked \u2013 3 billion in all<\/em>, CNN Bus. (Oct. 4, 2017, 6:36 AM EDT), <a href=\"https:\/\/money.cnn.com\/2017\/10\/03\/technology\/business\/yahoo-breach-3-billion-accounts\/index.html\">https:\/\/money.cnn.com\/2017\/10\/03\/technology\/business\/yahoo-breach-3-billion-accounts\/index.html<\/a>.<\/p>\n<p><a href=\"#_ftnref5\" name=\"_ftn5\">[5]<\/a> Liana B. Baker and Jim Finkle, <em>Sony PlayStation suffers massive data breach<\/em>, Reuters (April 26, 2011, 8:56 PM),<\/p>\n<p><a href=\"https:\/\/www.reuters.com\/article\/us-sony-stoldendata\/sony-playstation-suffers-massive-data-breach-idUSTRE73P6WB20110427\">https:\/\/www.reuters.com\/article\/us-sony-stoldendata\/sony-playstation-suffers-massive-data-breach-idUSTRE73P6WB20110427<\/a>; Tom Phillips, <em>Five years ago today, Sony admitted the great PSN hack<\/em>, Eurogamer (April 26, 2016), <a href=\"https:\/\/www.eurogamer.net\/articles\/2016-04-26-sony-admitted-the-great-psn-hack-five-years-ago-today\">https:\/\/www.eurogamer.net\/articles\/2016-04-26-sony-admitted-the-great-psn-hack-five-years-ago-today<\/a>.<\/p>\n<p><a href=\"#_ftnref6\" name=\"_ftn6\">[6]<\/a> John Gaudiosi, <em>Why Sony didn\u2019t learn from its 2011 hack<\/em>, Fortune (Dec. 24, 2014), <a href=\"http:\/\/fortune.com\/2014\/12\/24\/why-sony-didnt-learn-from-its-2011-hack\/\">http:\/\/fortune.com\/2014\/12\/24\/why-sony-didnt-learn-from-its-2011-hack\/<\/a>.<\/p>\n<p><a href=\"#_ftnref7\" name=\"_ftn7\">[7]<\/a> Carole Cadwalladr and Emma Graham-Harrison, <em>Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach<\/em>, The Guardian (March 17, 2018, 6:03 PM EDT), <a href=\"https:\/\/www.theguardian.com\/news\/2018\/mar\/17\/cambridge-analytica-facebook-influence-us-election\">https:\/\/www.theguardian.com\/news\/2018\/mar\/17\/cambridge-analytica-facebook-influence-us-election<\/a>.<\/p>\n<p><a href=\"#_ftnref8\" name=\"_ftn8\">[8]<\/a> Trunomi and Commvault, <em>EU GDPR \u2013 Information Portal<\/em>, EUGDPR.org <a href=\"https:\/\/eugdpr.org\/\">https:\/\/eugdpr.org\/<\/a> (last visited April 10, 2019).<\/p>\n<p><a href=\"#_ftnref9\" name=\"_ftn9\">[9]<\/a> GDPR, Ch. 1, Art. 4(1).<\/p>\n<p><a href=\"#_ftnref10\" name=\"_ftn10\">[10]<\/a> Kris Lahiri, <em>What Is General Data Protection Regulation?<\/em>, Forbes (Feb. 14, 2018, 1:21 PM), <a href=\"https:\/\/www.forbes.com\/sites\/quora\/2018\/02\/14\/what-is-general-data-protection-regulation\/#3b97dbd862dd\">https:\/\/www.forbes.com\/sites\/quora\/2018\/02\/14\/what-is-general-data-protection-regulation\/#3b97dbd862dd<\/a>.<\/p>\n<p><a href=\"#_ftnref11\" name=\"_ftn11\">[11]<\/a> <em>GDPR Consent<\/em>, Intersoft Consulting, <a href=\"https:\/\/gdpr-info.eu\/issues\/consent\/\">https:\/\/gdpr-info.eu\/issues\/consent\/<\/a> (last visited April 10, 2019).<\/p>\n<p><a href=\"#_ftnref12\" name=\"_ftn12\">[12]<\/a> <em><a href=\"https:\/\/gdpr-info.eu\/issues\/consent\/\">Id.<\/a><\/em><\/p>\n<p><a href=\"#_ftnref13\" name=\"_ftn13\">[13]<\/a> <em>Recital 39: Principles of data processing<\/em>, Intersoft Consulting, <a href=\"https:\/\/gdpr-info.eu\/recitals\/no-39\/\">https:\/\/gdpr-info.eu\/recitals\/no-39\/<\/a> (last visited April 10, 2019).<\/p>\n<p><a href=\"#_ftnref14\" name=\"_ftn14\">[14]<\/a> GDPR, Ch. 2, Art. 5.<\/p>\n<p><a href=\"#_ftnref15\" name=\"_ftn15\">[15]<\/a> <em><a href=\"https:\/\/gdpr-info.eu\/art-5-gdpr\/\">Id.<\/a><\/em><\/p>\n<p><a href=\"#_ftnref16\" name=\"_ftn16\">[16]<\/a> <a href=\"https:\/\/www.forbes.com\/sites\/quora\/2018\/02\/14\/what-is-general-data-protection-regulation\/#3b97dbd862dd\">Lahiri,<\/a> <em>supra<\/em> note 11.<\/p>\n<p><a href=\"#_ftnref17\" name=\"_ftn17\">[17]<\/a> GDPR, Ch. 1 Art. 1(2).<\/p>\n<p><a href=\"#_ftnref18\" name=\"_ftn18\">[18]<\/a> GDPR, Ch. 1 Art. 3.<\/p>\n<p><a href=\"#_ftnref19\" name=\"_ftn19\">[19]<\/a> <em>Corporate Overview<\/em>, Marriott, <a href=\"https:\/\/marriott.gcs-web.com\/corporate-overview\">https:\/\/marriott.gcs-web.com\/corporate-overview<\/a> (last visited April 10, 2019).<\/p>\n<p><a href=\"#_ftnref20\" name=\"_ftn20\">[20]<\/a> GDPR, <em>supra<\/em> note 19.<\/p>\n<p><a href=\"#_ftnref21\" name=\"_ftn21\">[21]<\/a> <em>The Overview of 15 GDPR Compliance Obligations for a Company Processing Personal Data<\/em>, Data &amp; IT Law, <a href=\"https:\/\/www.dataitlaw.com\/overview-15-gdpr-compliance-obligations\/\">https:\/\/www.dataitlaw.com\/overview-15-gdpr-compliance-obligations\/<\/a> (last visited April 10, 2019).<\/p>\n<p><a href=\"#_ftnref22\" name=\"_ftn22\">[22]<\/a> <em><a href=\"https:\/\/www.dataitlaw.com\/overview-15-gdpr-compliance-obligations\/\">Id.<\/a><\/em><\/p>\n<p><a href=\"#_ftnref23\" name=\"_ftn23\">[23]<\/a> <em>Id<\/em>.<\/p>\n<p><a href=\"#_ftnref24\" name=\"_ftn24\">[24]<\/a> <em>Fines and Penalties<\/em>, GDPREU.org, <a href=\"https:\/\/www.gdpreu.org\/compliance\/fines-and-penalties\/\">https:\/\/www.gdpreu.org\/compliance\/fines-and-penalties\/<\/a> (last visited April 10, 2019).<\/p>\n<p><a href=\"#_ftnref25\" name=\"_ftn25\">[25]<\/a> <em><a href=\"https:\/\/www.gdpreu.org\/compliance\/fines-and-penalties\/\">Id.<\/a><\/em><\/p>\n<p><a href=\"#_ftnref26\" name=\"_ftn26\">[26]<\/a> Emily Price, <em>France Fines Google $57 Million for GDPR Violations<\/em>, Fortune (Jan. 21, 2019), <a href=\"http:\/\/fortune.com\/2019\/01\/21\/france-fines-google-57-million-for-gdpr-violations\/\">http:\/\/fortune.com\/2019\/01\/21\/france-fines-google-57-million-for-gdpr-violations\/<\/a>.<\/p>\n<p><a href=\"#_ftnref27\" name=\"_ftn27\">[27]<\/a> Statista, <em>Google: revenue worldwide 2002-2018<\/em>, Statista.com <a href=\"https:\/\/www.statista.com\/statistics\/266206\/googles-annual-global-revenue\/\">https:\/\/www.statista.com\/statistics\/266206\/googles-annual-global-revenue\/<\/a> (last visited April 10, 2019).<\/p>\n<p><a href=\"#_ftnref28\" name=\"_ftn28\">[28]<\/a> Fed. Commc\u2019n Comm\u2019n, <em>FCC Adopts Broadband Consumer Privacy Rules<\/em>, FCC.gov, <a href=\"https:\/\/www.fcc.gov\/document\/fcc-adopts-broadband-consumer-privacy-rules\">https:\/\/www.fcc.gov\/document\/fcc-adopts-broadband-consumer-privacy-rules<\/a> (last visited April 10, 2019).<\/p>\n<p><a href=\"#_ftnref29\" name=\"_ftn29\">[29]<\/a> <em>Id<\/em>.<\/p>\n<p><a href=\"#_ftnref30\" name=\"_ftn30\">[30]<\/a> Glenn G. Lammi, <em>The Nullification of FCC\u2019s Broadband Privacy Rules: What It Really Means for Consumers<\/em>, Forbes (April 12, 2017, 3:18 PM), <a href=\"https:\/\/www.forbes.com\/sites\/wlf\/2017\/04\/12\/the-nullification-of-fccs-broadband-privacy-rules-what-it-really-means-for-consumers\/#6343959179ba\">https:\/\/www.forbes.com\/sites\/wlf\/2017\/04\/12\/the-nullification-of-fccs-broadband-privacy-rules-what-it-really-means-for-consumers\/#6343959179ba<\/a>.<\/p>\n<p><a href=\"#_ftnref31\" name=\"_ftn31\">[31]<\/a> Tim Cook, <em>You Deserve Privacy Online. Here\u2019s How You Could Actually Get It<\/em>, Time (Jan. 16, 2019) <a href=\"http:\/\/time.com\/collection-post\/5502591\/tim-cook-data-privacy\/\">http:\/\/time.com\/collection-post\/5502591\/tim-cook-data-privacy\/<\/a>; Emily Price, <em>Time Cook Thinks Consumers Should Have More Control Over Their Data<\/em>, Fortune (Jan. 17, 2019),<br \/>\n<a href=\"http:\/\/www.fortune.com\/2019\/01\/17\/tim-cook-thinks-consumers-should-have-more-control-over-their-data\/\">http:\/\/www.fortune.com\/2019\/01\/17\/tim-cook-thinks-consumers-should-have-more-control-over-their-data\/<\/a>.<\/p>\n<p><a href=\"#_ftnref32\" name=\"_ftn32\">[32]<\/a> <a href=\"http:\/\/www.fortune.com\/2019\/01\/17\/tim-cook-thinks-consumers-should-have-more-control-over-their-data\/\">Price,<\/a> <em>supra<\/em> note 32.<\/p>\n<p><a href=\"#_ftnref33\" name=\"_ftn33\">[33]<\/a> PricewaterhouseCoopers, <em>How consumers see cybersecurity and privacy risks and what to do about it<\/em>, PwC.com, <a href=\"https:\/\/www.pwc.com\/us\/en\/services\/consulting\/library\/consumer-intelligence-series\/cybersecurity-protect-me.html\">https:\/\/www.pwc.com\/us\/en\/services\/consulting\/library\/consumer-intelligence-series\/cybersecurity-protect-me.html<\/a> (last visited April 10, 2019).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Natalia Holliday, Editor-in-Chief The digital age brought the digitization of just about every aspect of our lives into data points, to be analyzed and used by businesses, researchers, and the government to further their respective causes. Our \u201cdigital fingerprints\u201d allow entities to predict our behaviors en masse and target [\u2026] <\/p>\n<div class=\"clear\"><\/div>\n<p><a class=\"more_link clearfix\" href=\"https:\/\/sites.law.duq.edu\/juris\/2019\/05\/05\/eus-gdpr-places-a-global-check-on-data-collection-practices\/\" rel=\"nofollow\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":12369,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2092],"tags":[86,2252,2912,2911,2257,930,928,2910,2256,2181],"class_list":["post-12368","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-features-articles","tag-data-breaches","tag-data-privacy","tag-data-processing","tag-eu","tag-european-union","tag-fcc","tag-federal-communications-commission","tag-gdpr","tag-general-data-protection-regulation","tag-natalia-holliday"],"_links":{"self":[{"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/posts\/12368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/comments?post=12368"}],"version-history":[{"count":1,"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/posts\/12368\/revisions"}],"predecessor-version":[{"id":12370,"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/posts\/12368\/revisions\/12370"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/media\/12369"}],"wp:attachment":[{"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/media?parent=12368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/categories?post=12368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/tags?post=12368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}