Discover more from Expat in Portugal
Data Privacy: US vs. Europe
They won't "forget about it"...
In 2018 I attempted to remove my Facebook account. I read that California had passed a law that required Facebook to remove and delete your data if you requested such in a very specific way. I did … they appeared to … but they did not.
You Never Die
I used to spend far too much time on Facebook. It was a good thing I retired before the 2016 election because I had no time for work. Yes, we posted travel photos from time to time, but we weren’t the “let me show you what I am eating at this moment” kind of people. Instead, I was the “let me tell you who you should vote for unless you want the country to go to hell in a handbasket” type of person. For the record, I was right.
But there was also a morning I remember looking at my iPad and weeping when Facebook suggested I wish happy birthday to my nephew, who had passed away. Perhaps there are people who find such remembrances comforting … but not me! I spoke with his widow. I learned it was damn near impossible to remove a Facebook account, even if it was yours or the loved one of the deceased. So when I read the article about the California law (no, it was not a scam advertised on Facebook…it was an actual law) I took it upon myself to carefully follow all of the instructions. And it seemed to work!
I did experience “withdrawal” for several weeks. I borrowed Denise’s cell phone and actually looked at her account when the symptoms were too overwhelming. But with time, it passed. After we moved to Portugal, and friends convinced me to start this blog, I created what I hoped would be a place for ExpatinPortugal to post links to the blog and related items. I must have done it wrong…creating a fictitious person rather than a page. Over time I got locked out and unable to access the account again because I couldn’t prove I was ExpatinPortugal. At that point, I decided it was a good thing…and now often Denise posts the links.
However, by attempting to prove who I was I somehow awakened Nancy Whiteman’s old account. Suddenly, my email was flooded with friend requests, Facebook notifications, and the like. Using Denise’s account I looked myself up and there I was…younger, yes, but still there. So they never really deleted my data. Bastards!
Data Privacy in Europe
So when I came across a YouTube video that mentioned that the EU had strict data privacy laws I was intrigued. I had to look into this…and share what I learned with you. I learned that the EU created the General Data Protection Regulation (GDPR) in 2016 and that the California Consumer Privacy Act (CCPA), adopted in 2018, is very similar to it. Within the GDPR, there is actually something referred to as “the right to be forgotten”.
The right to control one’s data is meaningless if people cannot take action when they no longer consent to (the) processing, when there are significant errors within the data, or if they believe information is being stored unnecessarily. — GDPR.eu
Essentially, you have the right to be forgotten (erased) if the organization no longer needs the data to comply with a legal function, perform a contractual obligation, comply with a vital public interest, etc. My friends at Facebook don’t seem to care…
Thanks for reading Expat in Portugal! Subscribe for free to receive new posts every week.
So why, one wonders, is the US less concerned about personal data privacy (ranked 18 of 20 for individual data privacy while the top 14 spots go to European countries)? Perhaps it reflects recent European history: the Nazis using personal data to round up Jews, the East German Stasi, Salazar’s undercover police attacking the opposition, the US passing The Patriot Act after 9/11… Perhaps it is simply the price Americans are willing to pay to have Google recommend a cheaper place to buy that item they were just shopping for yesterday.
Of course, the US Congress, best buds of US business as they are beholden to them to fund their campaigns, also enacted the CLOUD Act1:
GDPR was adopted on April 14, 2016, and before it became enforceable on May 25, 2018, the U.S. Congress enacted the Clarifying Lawful Overseas Use of Data (CLOUD) Act on March 23, 2018. Rather than being compatible with the GDPR, the U.S. CLOUD Act overrules it.
Federal law requires U.S.-based software companies and IT service providers to ensure that authorities can have access to all stored data, including data stored on foreign servers. Furthermore, it guards U.S. service providers from having to tell customers whether authorities have requested their data. European companies can object to any data transfer, but the chances are it will end up with the U.S. government, which can share the data as it likes. — Forbes
I think that last sentence pretty much sums it up.
Até à próxima semana, tchau
MORE SURVEY FEEDBACK: I asked, “What posts are most helpful, do you like the best?”
When I look at the responses it is difficult for me to separate my “Observations as an American living in Portugal” from learning about “Portuguese culture” … obviously, my perceptions of the latter are based mainly on where I was born and raised. Most of the tiny slivers echoed the green “all of the above”. There were some specific suggestions offered, and I will start to tackle them next week.