BOOK clubs usually meet to discuss literature. But members of DataKind, a group of volunteers that helps charities use data to improve their services, are gathering in London to study a legal text. The General Data Protection Regulation (GDPR), set to come into effect on May 25th, is arguably the most complex piece of regulation the European Union (EU) has ever produced. A thick print-out includes its 99 articles and 173 preliminary comments. Gianfranco Cecconi, a data scientist leading discussions, is poring over a lengthy section he has annotated in red pencil.
After years of deliberation on how best to protect personal data, the EU is imposing a set of tough rules. These are designed to improve how data are stored and used by giving more control to individuals over their information and by obliging companies to handle what data they have more carefully. Recent revelations that Cambridge Analytica acquired data on Facebook users in underhand, and possibly illegal, ways has underscored the need to tighten lax regimes. On April 4th Facebook raised its estimate of the number of people involved from 50m to 87m and admitted that many more may have had their details scraped from its website.