INSUBCONTINENT EXCLUSIVE:
Image copyrightGetty ImagesImage caption
It is easy to feel overwhelmed by the flood of new privacy policies
Many app users' inboxes are bulging with requests to review new terms of service and privacy conditions.And it is no coincidence that so
many developers have revamped their small print at the same time.In just under a month, the EU will introduce a new privacy law that gives
Europeans new data protection rights and threatens giant fines for organisations that do not comply.But making sense of the new terms poses
a challenge.Some companies, including Facebook, are asking members to give explicit consent to new features such as facial
recognition.Others - such as Twitter, Fitbit and Yahoo - have told members that simply continuing to use their products will be interpreted
as agreement to the tweaked conditions.The time-strapped public would be forgiven for thinking the easiest thing to do is to tick the
necessary boxes and otherwise plough on regardless, despite the advent of the General Data Protection Regulation (GDPR).After all, who
normally reads this stuffBut that would be to pass up an opportunity to understand and place limits on how your personal details are being
exploited for profit.And there is value in knowing what you have signed up for in advance of the next data privacy scandal.Image
copyrightGetty ImagesImage caption
A quick search for key phrases can help users hone in on the key details
Digital rights campaign group Privacy International suggests that one way to handle the deluge of documents is to search for instances of
the following terms:'Data providers'The phrase may be mentioned in sections that explain what data is being collected and how that is
In particular, users should watch out for details of personal information being acquired from third parties that could let the services
profile them in unexpected ways.'Location data'The new law explicitly defines the places a person visits in their past and present as being
a type of personal data for the first time
Organisations are therefore required to detail how such information will be used to identify individuals.'Affirmative act'When consent is
required, it must now be given via a clear action
The days of automatically signing up people to a marketing campaign because they did not untick a box are over.But it's worth
double-checking how consent is being sought to avoid clicking a button without realising its consequences.'Controller'Users based outside
the EU should check where the entity is based
Facebook recently switched millions of its users out of the control of its Irish office, which means they will no longer be protected by the
European watchdogs enforcing the new legislation.'Purposes' and 'Recipients'These terms are often used to inform users what a business will
do with their data and with whom they will share it.The UK's Consumers' Association - known more commonly as Which - has published its own
guide to GDPR.It highlights some of the ways you can take advantage of GDPR's new rights.These include the right to object to any decisions
taken by organisations based solely on algorithms having analysed your personal data
For instance, you can appeal against a decision to refuse you a job interview based solely on computer analysis of your CV.You can also
request a copy of the personal data being processed to make software-driven decisions.Which's computing editor told the BBC that people
should be aware that if they are unhappy at how their personal information is being used to target ads at them, they can now demand part or
all of it to be erased.She added that people should also watch out for illegitimate enticements."I saw on Twitter the other day somebody
share an email saying you'd get a free pizza if/when you consented," commented Kate Bevan
"That is a big fat nope - consent can't be bundled with something else."Image copyrightGetty ImagesImage caption
You may
need to ask follow-up questions to get the answers you want
Those that take the time to wade through all the paperwork may
still have questions.For example, while an app might have to disclose that it shares data with third parties, it does not necessarily have
to name them unless a user personally requests the information."They should always give you a point of contact," explained Nicola Fulford,
head of data protection and privacy at the law firm Kemp Little."If they sent you an email and you have questions, then they should respond
to it, although obviously at the moment they may be very busy."
