Dive Brief:
-
The connected digital world is effectively translating to "sweatshops" of the 21st century, according to Giovanni Buttarelli, European Data Protection supervisor, in a blog post. Buttarelli suggests that people turn to "free" services on the internet because the alternative is paying for privacy. He argues privacy should not be an "exclusive privilege" granted to those who can afford it.
-
Buttarelli acknowledges that recent notifications sent to customers globally about change in data terms are the first the average customer may be hearing of GDPR, which is less than one month away from its implementation. But the "take-it-or-leave-it proposition" presented by such companies may elicit a "hint of menace," which could effectively diminish the positive purpose of the regulations — to rebuild trust between users and the companies that posses their data.
-
Because the obligations of GDPR are "scalable," accountability enforcement is also scalable, according to Buttarelli. This makes companies that collect the most sensitive user data the most challenged in terms of "demonstrating the lawfulness" and proving the ethics of their activities over the last decade or so.
Dive Insight:
At the heart of GDPR is basic human rights along the lines of freedom of speech, non-discrimination and privacy, said Buttarelli. So to combat companies that appear to be manipulating user data for their own gain, GDPR was put in place.
The internet is full of services that allow users to integrate application to application, effectively lending their information for "free" in exchange for the services without much control over what happens to their data. That is the real cost for "free" services from these companies.
The recent Cambridge Analytica incident was an example of the use of personal data hosted on a platform for political gain. But Facebook's mishap is not an isolated incident. Instead, negative public response made this particular case stand out.
Following the fallout, Facebook CEO Mark Zuckerberg has acknowledged the impending GDPR deadline and that the company would abide by the new regulations "in spirit," rolling out compliance measures to European users by the deadline and using a phased approach for the rest of the world afterwards.
Companies like Facebook and Google thrive off of the, perhaps at times, "unscrupulous personal data collection," said Buttarelli. The collection allows these data juggernauts to effectively manipulate users into additional clicks, which drives revenue. After all, 84% of international ad revenue is held by these two companies alone.
Because data is treated more as a business asset than ever before, companies have an inherent responsibility to not only protect it for their customers' sake but also for their reputation. Because nearly one-third of businesses believe GDPR doesn't go into effect until the end of the year, hammering home the implications of nonregulated practices from May 25 on is vital.