If you’ve noticed your inbox flooded with messages about updated privacy policies, you can thank the European Union’s new General Data Protection Regulation (GDPR) – the most significant change in data privacy regulation the world has seen in 20 years. I’m all for protecting people’s privacy, and I definitely think that some sort of regulation is needed, but one must ask if the new GDPR goes too far? It may seem altruistic, but is it realistic? I have my doubts.
Before we delve into why I’m sceptical about the GDPR, it’s important to understand what this new legislation is about and who it affects. I’ll do my best to make this short and snappy.
A quick GDPR explainer
The GDPR doesn’t just pertain to businesses in the EU – it affects any company, large or small, that collects data on any EU citizen. This may include basic identifying information such as names and addresses; web data such as location, IP address, cookie data and RFID tags; health and genetic data; biometric data; racial or ethnic data; and information about political opinions and sexual orientation, among other things. There are steep fines for non-compliance, with a maximum penalty of 20 million Euro or four percent of your global annual turnover (whichever is higher). So, needless to say, the GDPR should be taken very seriously. Time will tell if it actually is.
What we’ve seen so far
Since the GDPR came into effect on 25 May, I’ve received emails from various companies saying that it just isn’t viable for them to continue offering their services to people in the EU. American media company Tronc – owner of major news sites including the Los Angeles Times, The Chicago Tribune, The New York Daily News, The Orlando Sentinel and The Baltimore Sun – is (at the time of writing) blocking European traffic. Google and Facebook- the two biggest players in the online advertising space – don’t appear to be giving in either; you can either agree to let them continue collecting enormous amounts of your personal data, or you can fuck right off. There is no middle ground.
Popular services hold an advantage
The biggest losers of the GDPR will be the services that rely on collecting personal data for targeted advertising, like Google, Facebook, and the aforementioned news sites, among others. If these services can’t serve up ads, they may as well not exist because they can’t make money. But when it comes to leverage, popular online services, without a doubt, have the upper hand over legislators. They can afford to say ‘take it or leave it’, and they know that the masses will take it. People are too invested in these to all of a sudden just give them up. It’s incumbent upon lawmakers to realise this fact, irrespective of how noble their intentions may be.
Privacy and personalisation mutually exclusive
In today’s digital world, we’re continuing to upload more of our personal information to the Interwebs in exchange for convenience. As such, some degree of governance is necessary to protect us. Companies need to be held accountable for misusing people’s data, but privacy laws shouldn’t completely destroy the data-driven model that makes a highly-personalised experience possible. So, if you find the likes of Google, Facebook and Amazon generally making your life easier and/or better (which I certainly do), then you must also realise that the very algorithms that enable this are fueled by massive amounts of data. The more data they have, the more capable and sophisticated they become. It’s that simple.
Sharing data is your choice
If you’re one of those paranoid types who is convinced that Mark Zuckerberg is out for world domination, or that one day Google will become self-aware and initiate a Terminator-like war, then perhaps it’s best to keep wearing your tinfoil helmet and limit the data you share. Let the bleary-eyed remain oblivious to the fact that data is a hard currency in the digital age, whether we like it or not.