13 things to know about the GDPR

Has your email inbox been filling up with privacy policy updates? It seems like every service, app or subscription I’ve signed up for (including more than a few I’ve forgotten about) is sending me one. And the reason is that on Friday, May 25, 2018, a new law takes effect in Europe — the General Data Protection Regulation aka the “GDPR.” If you don’t know what that means or how it affects you, read on.

1. The General Data Protection Regulation gives the European Union the power to hold businesses and organizations accountable for how they collect and handle personal data — your data.

Businesses and organizations have had two years to get ready. This wasn’t a sneak attack by the European institutions. The GDPR went on the books in May 2016, giving anyone who collects customer data plenty of time to prepare.

2. Even though it’s driven out of Europe, the GDPR impacts the whole world.

If you live outside of Europe, you’re probably wondering what a European law has to do with you. Thanks to something called “territorial scope,” any organization that deals with data of EU residents must comply with the GDPR for those individuals, which impacts global organizations like Apple and Facebook. Even though they are not strictly required, some organizations are taking a principled (and perhaps easier) approach, providing the same set of controls and protections to non-EU residents.

3. It’s filling up in your inbox.

We’ve all been bombarded with emails about updated privacy policies and terms of service. It’s (mostly) not fallout from the Cambridge Analytica scandal, it’s because organizations are getting their policies and practices into GDPR compliance. Bonus points: All those emails are a hint to disconnect from services you’ve forgotten about.

4. You already have control of your privacy in Firefox, Firefox Focus, Pocket and all our products.

Our organization and its people are rooted in in a commitment to privacy. Since we were founded, Mozilla has always stood for and practiced a set of data privacy principles that are at the heart of privacy laws like the GDPR. And we have applied those principles, not just to Europe, but to all our users worldwide. We feel like the rest of the world is catching up to where we have been all along. Read the full story about our process and policy.

Here’s more about how we put your privacy first in Firefox, Firefox Focus, and Pocket.

5. Data privacy is by design and by default.

Organizations collecting or using personal data will have to consider privacy throughout the entire lifecycle of products and services. That means that from the day teams start designing a product, service or feature, privacy must be top of mind. It also means that initial app and service settings will be set toward privacy by default so as to comply with the GDPR, and it will be your choice to change or turn them off as you prefer.

6. Policies and Terms of Service should be easier to understand.

The GDPR requires data policies to be written in plain language so you can better understand what you’re consenting to. Now is a good time to revisit the privacy and data policies of the services you use and update your settings. Here are a few to get you going:
Facebook, Messenger and Instagram
– Google: Privacy Policy update; Your Account
My Fitness Pal

7. You have the right to take your data with you to another service.

This principle of “data portability” means that you (1) have visibility into the data an organization has collected about you, (2) can move that data to a different service provider (such as a competitor) without losing the data history you’ve built up, and (3) are getting closer to being the keeper and beneficiary of your own data. How that will happen isn’t totally clear yet.

8. You have the right to be forgotten.

In addition to having the right to your data, you also have the right to request its erasure

9. Data breaches will be reported to regulators much faster.

The GDPR has a “72-hour rule” which means that controllers must report a breach to its supervisory authority within three days after becoming aware of it. In theory, you should find out more quickly as well, when there are high risks to your “rights and freedoms” as laid out in the 72-hour rule.

10. Violations will cost big.

Like, really big. In the past, penalties for irresponsible data collection and management were low enough that it was, perhaps, more profitable for big players to eat the fines. Now, however, “organizations in breach of the GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).” While it’s still unclear what a “significant” violation would be, here’s how a fine could add up for for Alphabet, the holding company of Google. Alphabet made $110 billion in 2017, so a significant violation against the GDPR could result in a whopping $4.4 billion fine. (!!!)

11. What’s good for users is also good for business.

Storing personal data isn’t without risk (see #9.) Stronger data and security practices decrease the risks associated with personal data collection and processing for both users and organizations. This is not negligible: in 2015 data breaches have cost on average USD 3.79 million per impacted company, without mentioning lost customer trust and public relations fallout.

12. Less data, more trust.

It’s sad but true that some organizations don’t even know what data they have or where it’s being stored, and the GDPR encourages organizations to think twice about the amount of data they collect. Plus, they need to justify their purposes for collecting it. At Mozilla, we put these principles into action and advocate for businesses to adopt lean data practices. The GDPR represents an opportunity for more businesses to be leaders when it comes to data collection by choosing to collect only what is necessary for providing a product or service, rather than casting the widest possible net.

13. The GDPR is a floor, not a ceiling.

Mozilla wants users to have meaningful controls and for there to be sensible privacy settings that aligns with users’ expectations. The GDPR provides a baseline set of rules, which helpfully lay the groundwork for more ethical approaches to data collection and processing. It’s is a step in the right direction, but the devil will be in the details for most organizations. New privacy controls, even if they technically comply with the GDPR, won’t help if they are too difficult to use and if organizations aren’t committed to the underlying principles that shaped this regulation. Still, we like that it will encourage a culture of responsible privacy, empowering the individual to have control and choice over their online experience, something Mozilla has stood for since our beginnings.


The new Firefox. Fast for good.

With 2x the speed, built-in privacy protection and Mozilla behind it, the new Firefox is the better way to browse. Get the new Firefox.

Mozilla is the not-for-profit behind Firefox, the original alternative browser. We create products and policy to keep the internet in service of people, not profit.

No comment at this time

GDPR is really another means of keeping time-serving paper shufflers in the EU beaurocracy in a job. It’s cleared some clutter from my PC as I haven’t ticked all the boxes, but I’ve even had to fill in the appropriate form to receive the newsletter from my local church. I suppose it will prevent the C of E hacking the Methodists and the RC causing havoc for the Baptists.

Keep doing what your doing

thanks a lot

No comment ,just upgraded recently to a mozilla fast browser.

What is happening to all this? Do not you have another job Keep updating each time. It has become a very useless browser. firebug does not work too.

Mr Harry

Ah, another refreshing acknowledgement that the EU’s decrees only apply to EU citizens and anyone who resides in an EU state but do NOT apply to citizens of these United States who do NOT reside in an EU state. Particularly, AMERICAN companies doing business with US citizens residing with in the territory of these United States, do NOT have to force the decree on said citizens. The EU has absolutely no jurisdiction within these United States of AMERICA!

Likewise the USA has no right to take action against organizations, companies or individuals living and working outside the jurisdiction of the USA who wish to continue with friendly relations with countries the USA seems to want to be at war with. The UK always maintained good relations with Cuba despite USA policies and long may this continue. I fully support USA isolationism as this will allow the rest of the world to develop peace and harmony.

Admit it .. Donald Chump is doing a good job of isolating the US of A. Keep it up, pal! We, the Rest Of The World, enjoy your absence.

Really Justin? Get a grip and try to stay on topic. Thanks Mozilla for your moral compass!

Aberhonddu, yeah, sure. Let’s live in Pax Americana than wish for it to end. European states have been waging wars against each other long before 1776.

George Washington himself warned against U.S. entanglement in European, and, more generally, global affairs before leaving office. Isolationism is the traditional American stance in foreign policy. The rest of the world can collapse and the U.S. can still thrive.

Very nicely put, I only wish that the Australian Government would not follow the Americans blindly!

… And that’s too bad, in this case, because those protections are really what we need from the predatory practices of the corporations that increasingly dominate our lives here in the United States.

Monsieur Swaney, you are so very right about jurisdictions. USA better not have any jurisdiction over EU.

Piyush Tando, the U.S. is not a member of the E.U., so E.U. laws do not apply. (Whether they are reasonable is a different story.) U.S. laws are drafted and debated in Washington, D.C., not Brussels.

I’m sorry to say that this also applies to the US. I just got a lock out from Discus……Twitter is working on it……..


When you login with Disqus, we process personal data to facilitate your authentication and posting of comments. We also store the comments you post and those comments are immediately viewable and searchable by anyone around the world.

I agree to Disqus’ Terms of Service
I agree to Disqus’ processing of email and IP address, and the use of cookies, to facilitate my authentication and posting of comments, explained further in the Privacy Policy

Don’t know what I am doing in this class, but I am trying to get better informed. THNX DGH

Awesome. I’m glad about this change. I also forgot several accounts and what I did was to delete the entire account. Account declutter time! 😉

It’s a real pain in the A having to reply to all these requests for permission to continue memberships.

I simply love these new regulations and how they give us a better sense of privacy compared to basically nothing of significance being in place before. The timing couldn’t be more perfect as it is just a month or two after the Cambridge Analytica situation.. and ofcourse kudos to mozilla for always respecting their user’s privacy ❤


Yes, you’re right – yet another long email. I applaud those who used shorter ones.

Many Thanks,

Good reading

How does one control the power of thought or an idea ? A tax on thinking is impossible to determine or collect unless converted to a visual documentation with storage. The harm or good from that idea or thought is measured with infinity as the end product and one is left with nothing ultimately.

Must remain in database at Mozilla, because I use all the time.

Wil graag de updates blijven ontvangen.

Because Moz://a values privacy is why I use Firefox Quantum. Thanks for this article! Was wondering why my inbox has been inundated with privacy policy updates. I had assumed it was because of Cambridge Analytical and facebook. Glad to know it’s Europe’s General Data Protection Regulation and that it applies worldwide. The Old World is more progressive and moral than the New World.

Dziaugiuosi naudodama,, Mozilla” narsykle.

I’ve been with firefox approximately 5yrs,another brother VET told me all about the privacy,speed, updates, forum for questions plus the big thing is keeping nosey people out of my business I’m on aV.A. site daily exchanging messages this is a very private site only for Vets,and I don’t need nose bags.so he helped me switch to firefox, for safe browsing and speed love the extension privacy badger. I don’t regret leaving the other browser behind, in the history books…sorry but they need to get up in the now and present there dinosaurs..This is a good Browser one of the BEST#1 Thanks Anthony prov R.I.

i would love to stay with your news letter i understand the GDPR

Although I’m often less than thrilled with Mozilla’s too frequent changes to the Firefox UI, I have known and trusted Mozilla for far more many years than I can recall. Of all the major players on the internet today, I would vote you the most trustworthy of the bunch. As already stated, I don’t trust you to always make the right changes to your products when you start piddling and fiddling around with them, but I unconditionally trust you in matters of ethics and concern for your user base.

For this, I sincerely thank you.
William (Bill) Branner, President
Hi-Tech Data Systems, Inc.

Thanks for the heads up.


I realize Firefox/Mozilla people deserve to be the best of all in web

در باره موزیلا مرور گرهای بدون نقصی است باید باز دانلود کنم تا بتوانم بیشتر تجربه پیدا کنم با تشکر از زحمات شما عزیزان ناصر

1. Not at all. The big ones will find a way out! Only the small ones suffer!
2. May be.
3. True.
4. May be, but has nothing to do with GDPR – it’s your decision. A good one. Thank you!
5. Should be, but aren’t there other ways?
6. I do not believe. See 1.
7. Who cares?
8. I have many rights – but in real practice?
9. OK, nice.
10. Even small ones – a big problem for small companies, NGOs etc. Congratulations!
11. Definitely NOT! GDPR is the wrong instrument.
12. OK
13. “a baseline set of rules” which will cost you millions if you deviate a mm from it – even if your business is NOT data.

GDPR is the wrong instrument. It is a law thing not a technical one. It produces only millions of tons of paperwork for JUST ABOUT NOTHING. No one will get more privacy because of GDPR. See 1.

Please do your best but all users have to be protected regardless of location.

No to thee GDPR , the consortium will review and delete this when they can if it is too far along for great founders as myself are far to busy to dive deep into the regulation false . Considering the first thing I don’t like is the basis of all of it. Totalitarianism is Europe with kings and queens .My Great Founders powers are Totalitarian only.

I’ve used Mozilla Firefox for more than a decade and very much appreciate your ethics, as well as the service you provide to all of us. Many, many thanks. The online world would be a far better place if all providers had your sense of ehtics and of he public good.

GDPR is typical of the emanations from Brussels which do nothing for client service delivery, which giving a number of companies and individuals of limited ability the opportunity to fleece the unwary into following procedures and processes that the rest of us have been following since time immoral!!! (SIC)


It’s all about are bill of rights especially the 1st and 2nd,I WILL GO DOWN FIGHTING, THE AMERICAN PEOPLE AREN’T AS STUPID AS THE ONE PERCENT THINK WE ARE!! Thanks mozilla👍


Firefox, my compliments on detailing the matter WITHOUT legal jargon. Much appreciated.

i use chrome and mozilla’s firefox won’t work? what do i do?

Update Firefox?

I need to remain in Mozilla

Thank you very much

Firefox works slow and does not delete read or unwanted mails as wanted.

Je ne vois pas pourquoi vous m’écrivez en anglais.

The implementation is en has been quite difficult to follow and in certain cases incomprehensible (in my case: Firefoxes and Time inc) and difficult to see what is achieved… for me it is simple: I only want information when I say yes, all the rest is BS

Firefox is good. I like it.
Would like to see an email notification program.

You’re doing a fantastic job with your awesome browser. Too many people are not happy unless they have something to gripe about. Fidiots.

I would have more respect for Mozilla if it practiced what it preaches. In your email to me (the one with the link to this page) you say “Mozilla has always stood for and practiced data privacy principles that are at the heart of privacy laws like the GDPR.”. BUT in the latest version of Firefox you know allow sites to permanently store data on my computer unless I take deliberate action to delete it myself. In previous versions of Firefox setting up ‘delete cookies on leaving firefox’ did just that and cleared everything out.
You have taken a step backwards in my opinion.
Roy Read

I do not see this change as a step backward in Firefox, probably because I haven’t needed to rely that option. I do have Firefox delete its cache when it closes. For cleaning out cookies, I use the freeware program CCleaner, which allows me to protect those cookies from websites that I commonly use.

thanks a lot

You go Mozilla, making it right for the people is Job one. We’re right there with you.. Maybe it’ll straitened out the rest of the tech world…😎💨 Maybe going back to message in a bottle.

Screw the EU, the new world order, and the UN. I live in the USA and if someone outside the USA wants to look at my website(s), they can damn well abide by MY RULES and Read MY TOS and Privacy Statements. If that ain’t good enough for them, the can go somewhere else.

Quit letting the E.U. and NGO’s a foothold on your services. Don’t be like Google. Tell these governments and NGO’s to make their own browsers. I’m with Rufus.

Great job Mozilla … Thats why i love your products .. Go Firefox !!!

Excellent initiative. An example of how an international body is required when it comes to tackling multi-national issues such as data privacy in the face of mega-companies.

Please, send me this mail in german, thank you



ok thanks

vous pensez que tout le monde parle et lit la langue anglaise. Ce n’est pas mon cas et il est dommage que je sois pas en mesure de vous comprendre.

Je suis bien hereux d’utiliser Mozilla Firevox et les services lieé

Thank you very much, great job with Mozilla Firefox.

Thank you very much.

Questa è veramente una legge del cazzo!

Dear Mozilla,

First, please know that I am a fervent defender of freedom and that for this reason, I try to only use Firefox as a web browser. I think that you have done an outstanding job so far and I encourage you to continue in this direction. I am grateful that organisations like yours exist.

The following is thus not so much criticism: you should much more consider it as suggestions and maybe as a list of (arguably) potential law breaches which you might want to address.
Please note that I am no lawyer and that I might be wrong in the way I interpret the GDPR or parts of it.
Please also note that I am an experienced software engineer, with more than a decade of web app development and design experience.

In the context of GDPR, I think that sending “browser fingerprint” information to website servers without receiving user consent for every single website is illegal processing of data – either from Mozilla’s Firefox or from the website itself (I don’t know for sure).

I would enjoy seeing in Firefox a feature which would allow users to avoid browser fingerprinting. I would like to decide by myself what data the browser shares and with which website it shares the data.

According to GDPR, consent must be a positive, well described, easily understandable action done by the user. Thus, by default, sharing any data with a website other than what is strictly required should be disabled until the user specifies his consent.

Of course, keeping proof and records of consents should also be done.

By the way, web browsing works:
– without sharing the list of system fonts – this is not essential and is thus subject to user’s consent.
– without sharing the screen size and colour depth – this is not essential and is thus subject to user’s consent.
– without sharing browser plugin detail – this is not essential and is thus subject to user’s consent.
– without sharing hash of canvas fingerprint – this is not essential and is thus subject to user’s consent.
– without allowing supercookies at all – this is not essential and is thus subject to user’s consent.
– without sharing the timezone – this is not essential and is thus subject to user’s consent.
– without sharing the Hash of WebGL fingerprint – this is not essential and is thus subject to user’s consent.
– without sharing the platform (Linux, windows…) – this is not essential and is thus subject to user’s consent.
– without sharing the user agent – this is not essential and is thus subject to user’s consent.
– without sharing touch support – this is not essential and is thus subject to user’s consent.
– without specifying if cookies are enabled or disabled – this is not essential and is thus subject to user’s consent.

These features are often not really useful to implement web applications, and many web applications could be or are implemented without these.

I know that this is an incredibly complicated matter, as it would mean that it would break some features of websites, but that is what is required by the GDPR.

This kind of feature would enable users to regain control of their data (and here, it is data that most users ignore that they share).

If any website of Mozilla collects this data, I would also recommend that you require explicit user consent before you collect it and process it in any way.

You have my email, if you have any questions, don’t hesitate to contact me.

I like Firefox and seem to have few problems I try to avoid all the social networks whom I do not trust. Keep up your good work, thank you.

please send me this email in arabic,then i can understand the 13 and i like to comment it.
thanks for the teem work.

I really like Firefox, but I can’t use it. Whenever I start a search in Firefox Google takes over. Please help me solve this Google intrusion.

I like the Europe law. They seems to provide more value to their citizens. Hats Off.

All is well

I thank you four concerns and good measures to fight fraud,

Original article written by M.J. Kelly >