By Joseph Squillaro
Joseph M. Squillaro is a member of the Class of 2022 at the University of Pennsylvania studying Philosophy, Politics and Economics (PPE) with a concentration in cyber policy and internet law.
In the past few years when visiting various websites, how many times have you encountered a salient prompt asking for you to accept “cookie” permissions or select which types of data the website is able to retain? I know I personally have seen more than I can count. Yet prior to 2018, you likely would not have seen any such prompt and that was because it simply was not required, at least not in the European Union. That all changed, however, when on May 25th 2018, the European Parliament implemented a sweeping set of cyber reforms collectively known as the European Union General Data Protection Regulation (GDPR). The GDPR revolutionized the ways in which tech companies can collect and store your data. From that day forward, companies were required to ask your permission to save information to their servers in the form of the aforementioned cookies. This included details such as your navigation history for personalizing results or your IP address to provide location specific content, among many other examples . This policy, on balance, is a great boon for the liberty for all users of technology: to have control on who stores your data and what kind of information they collect. But a large number of users of technology, including myself, do not reside in the European Union, nor are a citizen of any EU country, yet the prompt and intention of the GDPR still applies. Why is this?