This is quite an interesting peace on a topic that deserves quite a bit of attention.
What Is the General Data Protection Regulation (GDPR)?
Requirements of the GDPR
Under the rules, visitors must be notified of data the site collects from them and explicitly consent to that information-gathering, by clicking on an Agree button or other action. (This requirement largely explains the ubiquitous presence of disclosures that sites collect “cookies”—small files that hold personal information such as site settings and preferences.)
But then again, the process itself is quite complicated for the common user. It use to be that sites would simply disclose the cookie file usage and if the user was not ok, he would only change the settings. A sign that it was not easy to understand or manage, since April 1st 2021, a third option was given to the user; refuse all cookies and access the content. But there is more to GDPR…
Other Rules and Mandates of the General Data Protection Regulation (GDPR)
As further protection for consumers, the GDPR also calls for any personally identifiable information (PII) that sites collect to be either anonymized (rendered anonymous, as the term implies) or pseudonymized (with the consumer’s identity replaced with a pseudonym). The pseudonymization of data allows firms to do some more extensive data analysis, such as assessing average debt ratios of its customers in a particular region—a calculation that might otherwise be beyond the original purposes of data collected for assessing creditworthiness for a loan.
But I still strongly believe that regulations should be about the data collection more than the data usage. I feel that legislators are failing the consumers by not limiting, or not regulating the level of information absorbed by companies. Once they have the data, it’s difficult to go back. It should be clear on what is being used (location, device, UID, etc) and users decide on what the accept and what they refuse.
Read the complete article : Source