The European Union’s GDPR, or General Data Protection Regulation comes into force in May, 2018.

GDPR will have a significant effect on business models that rely on “surveillance capitalism“.

Samuel Gibbs:

Messaging services such as WhatsApp, Facebook Messenger and Gmail will face tough new rules on the tracking of users under a revision to the ePrivacy Directive proposed by the European Commission on Tuesday.

The new legislation seeks to reinforce the right to privacy and control of data for European citizens, with messaging, email and voice services – such as those provided by Facebook, Google and Microsoft – forced to guarantee the confidentiality of conversations and metadata around the time, place and other factors of those conversations.

Listening to, tapping, intercepting, scanning or the storing of communications will not be allowed without the consent of the user, unless it is critical for billing or other purposes. Companies will have to ask for the explicit consent of users before being able to use their data for advertising purposes, which most use to fund services provided for free to end-users.

Matt Burgess:

The focus of the GDPR is to give greater protections to individuals as well as tougher rules on those who handle data.

“One of the things we have high hopes for significant change under the GDPR is how transparency is really delivered to users, particularly by these internet companies,” Dixon tells WIRED. “We know from our engagement with them that a lot of them are looking very proactively at how they are going to do the transparency under the GDPR.”

This is likely to entail how people can access and view the information that is gathered about them by some of the internet’s biggest firms. “They’re working with designers to look at how they can quickly engage a user quickly but also deliver them with what they need to ensure when they sign-up they’re fully informed,” Dixon says.

In recent years, her office has been heavily involved in some of Europe’s biggest data protection cases, including the Safe Harbour case, where Europe’s top court ruled a 15-year agreement for companies to transfer information to the US was unlawful. Technology companies including Facebook, Google, Apple, Twitter and Amazon have European headquarters in Ireland. That means almost all data privacy complaints against them cross Dixon’s desk before being passed to higher courts in Europe.

The real estate process offers a target rich environment for surveillance capitalism.

I thought it might be interesting to review the privacy policies of a few service providers:

Dot loop (owned by Zillow):

“We do not sell your personal information to third parties. We may share your personal information with third parties who may offer services that may be of interest (“Third Party Sharing”).”


“We may also provide your personal information, but not the non-public personal information you enter into zipLogix products and services related to your clients and customers, to our parent company and its subsidiaries to offer other products or services that may be valuable or interesting to you; we do not provide your personal information to other third parties for marketing purposes.

We will disclose personal information without notice only if required to do so by law or in the good faith belief that such action is necessary to protect and defend the rights or property of zipLogix.”

Virtual Properties offers a unique, integrated crm/document/transaction model that brokers and agents control.

“Before you hit submit, this company has already logged your personal data” – Kashmir Hill and Surya Mattu.

Quicken’s privacy policy:

We do not share your information with outside companies for their promotional use. We do not track URLs that you type into your browser, nor do we track you across the Internet once you leave our site.

Tim Walters and Horace Dediu discuss GDPR in a 91 minute podcast.