While free online translation has undoubtedly become an integral part in everyday life for many, the new EU regulation on data protection impacts these services – as well as their users.
What Has Changed with GDPR?
The EU-General Data Protection Regulation (GDPR), the most important modification of data protection legislation over the past 20 years is immediately applicable and enforceable by all member states – unlike its predecessor, the 1995 Data Protection Directive.
While the principles of data protection have been adopted from the Directive, GDPR also introduces some fundamental changes:
- the principles of Accountability and Privacy by Design;
- widened territorial scope for processing personal data;
- stricter rules for processing data, especially stronger user consent and
- strengthened the individual rights for data subjects.
Wider Scope for Data Protection
Before 25 May 2018, when providers of free online translation processed personal data outside the EU borders, they did not have to worry about European data protection legislation. But GDPR has widened the scope of whom it implicates, requiring companies to comply if they wish to process personal data within the EU or personal data belonging to EU residents.
This is particularly important in a professional environment, especially if the company is not aware that employees are using these tools at work. The law clearly states that all data serving as personal identification is considered personal data. This means that even using a professional email address that contains the name of its holder without prior anonymization is problematic. Read more about the risks of online translation tools in this tekom article.
Stricter Rules for Data Processing
Since 25 May 2018, processors of personal data need explicit consent from data subjects by presenting them with a consent form that states in plain language the purpose of the use of personal data. This allows the data subject to make an informed decision whether they wish their information to be processed or not.
However, consent is just one way to lawfully process personal data. Controllers can process personal data if they can prove legitimate interest. According to GDPR, direct marketing may be considered a legitimate interest. Thus, consent would not be required.
GDPR Strengthens Individual Rights
On 25 May 2018 individual rights were strengthened: Data subjects now have the right to access their own data, must be notified in case of a breach concerning their data, and they also have “the right to be forgotten”.
Data subjects can request erasure of their data from online translation service providers, such as Google Translate, DeepL etc. However, certain conditions must be given to ensure that the subject’s personal data is erased (e.g, the initial purpose for personal data processing is no longer valid). For example, if the initial purpose was to translate content: After receiving the final translation, the data subject might assume that the data is no longer necessary as the initial purpose has been fulfilled. However, this data does not simply disappear. It is in fact collected and processed to feed the translation engine, a procedure which relies on the concept of deep learning and which qualifies as research under GDPR and thus constitutes a “legitimate interest” (Art. 5 (1) (b)).
GDPR is a vast and growing field that will have great impact on how personal data will be treated from now on. With regards to free translation online, users will have to inform themselves about their rights as well as exceptions and limitations. Businesses should raise awareness amongst employees on how to use these tools (e.g. By establishing an IT charter) Finally, service providers must find a balance between protecting personal data while continuing to further train their systems and advance this valuable technology.
If you found this article helpful, please share!
“EUGDPR.” GDPR Key Changes, www.eugdpr.org/key-changes.html. Accessed 2 June 2018
“EU General Data Protection Regulation – Key changes.” Data Protection Principles, www.dlapiper.com/en/uk/focus/eu-data-protection-regulation/key-changes/#data%20protection%20principles. Accessed 2 June 2018
Pawel Kamocki, Jim O’Regan. Privacy Issues in Online Machine Translation Services – European Perspective; http://www.lrec-conf.org/proceedings/lrec2016/pdf/117_Paper.pdf, Accessed 2 June 2018