If Data is the new Gold, then GDPR [the Regulation] is the Great Equaliser, for European citizens at least.
Many government bodies, businesses of various sizes and large corporates are already bemoaning the bureaucracy & potential sanctions accompanying the introduction of GDPR as mandatory in May 2018.
Data is knowledge and knowledge is power. That is why data protection is central to our democracy here in Europe, and is a Fundamental Right of all European Citizens under the European Charter of Fundamental Human Rights (Treaty of Lisbon, Article-8 December 2009).
GDPR silver lining strand-1
– is that it not only seeks to affirm this fundamental right but goes much further in specifying a set of Regulations (or fully fledged European regulations – laws) to deliver-on this Fundamental Right to Data Protection.
The personal data of any particular customer is intrinsically worth very little to anyone else, but the ‘mining’ or ‘harvesting’ of such data gives it a very significant value to the likes of FANG, (Facebook, Amazon, Netflix, Google).
From 25th May 2018 any European citizen has the right to know what data is held on them, and in some cases to demand its deletion. Citizens of Europe can invoke the Right to be Forgotten, by requiring Search Engine Corporates to remove facts about them, not from the web itself, but from results of Searches.
GDPR silver lining strand-2
Another strand of the GDPR silver lining, which is less obvious but much more critical is a right of appeal to a human being against decisions which have been taken by an Algorithm (or mathematical model). Computers and Servers are programmed and maintained by IT specialists/ large corporates who must be held responsible & accountable for the results of their actions.
Algorithms decide who gets a loan, who gets a job interview, who gets insurance and much more — but they don’t automatically make things fair. Mathematician and data scientist Cathy O’Neil coined a term for algorithms that are secret, important and harmful: “weapons of math destruction”, listen to Ted Talks Podcast -> The era of blind faith in big data must end | Cathy O’Neil
A recent Guardian Article provided a good insight into the new protections enshrined in the Regulation [GDPR silver lining]. Data-hucksters beware – online privacy is making a comeback .
The Regulation is targeted at simplifying the regulatory environment for international business by unifying regulation, so that instead of having to deal with a range of data-protection issues in different national jurisdictions, businesses will effectively be able to obtain a “passport” for the entire EU block.
But for organisations that have hitherto operated outside the reach of data-protection law, for example the hidden multitudes of data-hucksters, trackers, data-auctioneers and ad-targeters that operate behind the facade of websites, social media and Google, the GDPR represents an existential threat.
As the electronic magazine, Advertising Age puts it: “Targeting and tracking companies will need to get user consent somehow. Everything that invisibly follows a user across the internet will, from May 2018, have to pop up and make itself known in order to seek express permission from individuals.” The new regulation will, it concludes, “rip the global digital ecosystem apart”.
GDPR has the capacity to be the most critical globally-recognized set of protections to online privacy. President Trump [and his lieutenants] promised to mandate rapid improvements in U.S. cybersecurity, but they quickly ceded to powerful business lobbies by reversing regulations that the Federal Communications Commission had generated in order to legitimize the sale of subscriber information by Internet Service Providers.
GDPR silver lining strand-3
Another GDPR silver lining is that it addresses the export of personal data on European Citizens to destinations outside of the EU. The primary objectives of the GDPR are to give control of their own Data back to citizens. In this regard, it should be embraced by all.
Ronan Coburn is a Forensic Accountant
& a Certified Data Protection Officer [contract availability].
He may be contacted at firstname.lastname@example.org