But now, the law is having unforeseen ramifications in the private sector underscoring how much private data is available online and how protecting this data is being viewed as everyone’s business. In this case, a family dispute has led to what may be a landmark court ruling.
GDPR Law Used Against Grandmas
In this particular situation, a woman in the Netherlands posted pictures of her grandchildren on Facebook. While this may sound harmless, the woman was also having a personal disagreement with her estranged daughter, the children’s mother. So, when the mother demanded the grandmother delete the photos, the grandmother refused saying that she had the right to do so as they were personal pictures. However, her daughter then took her to court arguing that under the GDPR law, her mother did not have the right to post these pictures without her approval.
While the actual lawsuit may have been surprising, no one was prepared for the court’s ruling in siding with the mother. According to the court’s ruling, “With Facebook, it cannot be ruled out that placed photos may be distributed and may end up in the hands of third parties.”
Has the GDPR Evolved from Its Original Purpose?
While the GDPR has only applied in the past to business management of personal data and information, this now opens up the law to include personal interpretations. The grandmother has been ordered to take down the photos within 10 days or face a daily fine of €50, or roughly $55. (The fine maxes out at €1000 total.)
The GDPR was originally intended to force businesses to more closely protect customer data and to inform customers in a timely manner of data breaches. Under the law, organizations such as businesses and non-profits, must make sure that personal data is gained legally and that customers are informed when this data is collected.
It also requires those groups that gather data to safeguard it from hackers and data breaches. Failure to comply with the law results in heavy penalties. This has already caused problems for some businesses because, even if they are not located in the European Union, they must comply with the law if they do business with any citizens of the EU.
What Is the Lesson Learned from This GDPR Lawsuit?
The law, which went into effect in 2018, has already netted $126 million in fines. Additionally, over 160,000 data breach notifications have been issued as part of the law.
This new ruling is leading many experts to remind people that they need to think twice before they post personal pictures or other personal information online. Even something as innocuous as pictures of grandchildren on Facebook can be deemed personal data that could result in legal action.