A couple of weeks ago, we notified the Raspberry Pi users of VNC Connect that we will be deactivating the accounts of minors. This measure was taken to comply with the new General Data Protection Regulation (GDPR) that comes into force on May 25th.
The reason for the deactivation is that under the new GDPR framework, organisations will require explicit consent to process data from users older than 16 years of age. Users that don’t meet the minimum age requirement cannot provide consent, so we will not be able to retain their accounts and store their data.
Our policy changes for existing account holders of VNC Connect for Raspberry Pi have been met with genuine curiosity and a little scepticism from some users, as current events such as the recent Facebook-Cambridge Analytica scandal make peoples’ ears prick up when it comes to subjects related to online data processing.
However, in the case of GDPR the conversation is full of positives, as the changes introduced by the upcoming framework are truly beneficial to all of us. Here are some of the reasons why we’re happy to welcome our new GDPR obligations (and our users should be too!):
1) Your data is more secure. To tackle cybercrime, GDPR requires companies to take additional precautions to prevent the theft or the loss of customers’ data. Additional measures include the obligation to document data retention processes, report any data breach within 72 hours, and encrypt all customer data being stored.
2) Children are especially protected. Companies won’t be able to store data related to users younger than 16. They also have the obligation to clarify the privacy terms in a plain and easy-to-understand language accessible to children, and to make a reasonable effort to verify that consent was given by a parent or a guardian on their behalf.
3) Companies will have to earn consent for data processing. Prior to GDPR, implicit consent was widely assumed. This meant that a company assumed the right to the users’ data unless they explicitly opt-out. With GDPR, the consent becomes explicit, so the users will need to proactively say “yes” to data collection before they are subscribed to newsletters and marketing communications (there is no implied consent).
4) Users’ data can be forgotten. Once a user has willingly given consent to the use of their data, that doesn’t mean that companies can store it forever. With GDPR, users will be able to withdraw their consent at any point, and to request that their data is permanently deleted. There is a clear right to be forgotten and companies must have documented processes to enable this change in status.
For RealVNC, meeting GDPR compliance has been a year-long mission, but despite all the hard work required by the process, we are looking forward to seeing the new regulation coming into effect. After all, we are all active internet users who occasionally allow companies to store our data and it’s very comforting to know that we all now have more control over the use of our personal data.