In the last week, many of us have seen updates telling us that our data will be shared with third-party clients, and in many cases, if you don’t want it, you cannot access that app
If you have opted in, this is just the effect of the General Data Protection Regulation (GDPR) coming into play.
For those who don’t know what the heck this is, the GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU.
Data is a valuable commodity today, and many questions still remain on how it is gathered, and protected. It ensures heavy penalties if data owners’ rights are not respected.
Also, we have seen enough data breaches to keep us at an ‘X-files’ level paranoid, and the regulation answers a big part of the concern.
Not only are organisations to ensure that data is gathered legally, but also that those who are collecting and managing it are obliged to protect it from misuse and exploitation.
But there could be other consequences, too. Wilbur Ross, US Commerce Secretary, has raised concerns in an article in the Financial Times.
Ross says the law will hit many sectors in the US. The anonymisation factor, for example, he says if the access to Internet domain-name registration data is restricted, access to the ‘whois’ dats may face restriction.
This, in turn, will hamper law enforcement authorities from cracking down on sites propogating terrorism, malware or botnets, the secretary adds
Another area of concern is online advertising. It is a bit vague on what will make up ‘personal information’. Also, there are heavy penalties for non-compliance, but just how it will be implemented, remains to be seen.
As such, top players like Google and Amazon should be safe from the law, it is the smaller, and sometimes not-so-nice, players that need to watch out. As of now, Google, Facebook and Amazon are familiar names in the case of a user opting in to share his information, but the smaller players may suffer.
Another key part of the regulation will be full transparency. A single site may have been sharing data with any number of partners for targeting ads without the user’s consent. Now, all of them must be brought into the open and their practices and contracts rejigged to comply with the GDPR. That means unearthing a notoriously messy system that’s been built on the idea that there’s no cost to sharing data.
Of course, will this make data collection any less invasive? It is too early to give a definite answer, but it seems this is definitely a step in the right direction so far.
What is set to change
- So far, most companies have aimed for a single set of privacy rules for all users, which is why so many US users are noticing new privacy features.
- As sharing user data gets more expensive, sites may opt for lesser number of partners.
- On the other hand, question marks remain regarding responsibility if the data breach happens from one of the partner firms.