If you haven’t heard of the GDPR yet, you surely will have by this time next year. The General Data Protection Regulation, the new cornerstone of EU’s data protection legislation, is currently set to come into effect on 25 May 2018 and will radically change the data protection landscape both within the EU and outside of European borders.
Companies like Apple, which serve millions of customers within the EU while being based in the US, will have to deal with new, stricter rules regarding the collection, storage and processing of personal data, especially with respect to beloved services like iCloud. But what exactly does the GDRP entail and what does it mean for iCloud customers?
A Comprehensive Set of Stricter Data Protection Rules
EU officials have spent years drafting the new Regulation, set to replace a previous set of rules that were already considered strict by many within and outside the EU, such as the EU Directive 95/46 EC. The new regime is even more thorough, imposing obligations on organizations and companies gathering and utilizing personal data. A closer look at GDPR article 25 reveals the general principles that run as an undercurrent through the Regulation: data privacy by design and data privacy by default.
The first is meant to describe taking appropriate organizational and technical measures – such as pseudonymization and data minimization – to make sure that an organization’s process, products, and services, follow the principles of data security and privacy from start to finish. Data privacy by default limits the amount and type of personal data stored and processed only to what is necessary, while it also limits the number of people that have access to this data. These key principles spill over to other GDPR articles – for example, Article 5 requires data processing to be confined to what is necessary according to the initial purpose for which the data was collected in the first place, reflecting the privacy by design rule.
GDPR Rules a Challenge for Apple – but not so much for Apple Users
The new rules do not apply only to EU companies, but also to overseas organizations that are processing personal data of people who find themselves on EU soil, according to Article 3 of the GDPR. This effectively means that if a US citizen uses iCloud while within EU borders, they are protected by the new rules – which is a challenge for US-based companies, to say the least. Apple’s cloud services have long dominated the US market, staying ahead of both Dropbox, Amazon Cloud and Google Drive, and iCloud has over 782 million users all over the globe – quite a few of them active within the EU.
You will find more statistics at Statista
Apple has not yet revealed how it intends to deal with the GDPR with regard to iCloud yet, nor has it publicly disclosed how much personal data it collects and stores in order for its cloud services to run smoothly. When the company decides to makes changes, if any, it is arguable that user experience will not be affected, but operational and technical safeguards will need to invisibly be put in place to ensure compliance.
Yet with the GDRP deadline looming in, Apple needs to move quickly in order to ensure that its services satisfy EU data protection requirements – and the company will be expected to prove that in order to continue serving EU customers.