#GDPR – the right regulation at the right time
On May 25th this year GDPR will become enforceable law. It’s been around for two years, but in a few months' data subjects (you and me!) in the EU will have a bunch of new rights and mechanisms for enforcing them. Organisations, both public and private, will have new obligations under GDPR as well. This is particularly relevant in light of the Facebook/Cambridge Analytica scandal currently unfolding. I expect that over the coming weeks Facebook will be forced to climb down from its position that there has been no data breach when, in fact, there has.
Wikipedia defines a data breach as -> A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak and also data spill.
Facebook states that users knowingly provided this info...
From Facebook’s news section – “Update on March 17, 2018, 9:50 AM: The claim that this is a data breach is completely false. Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.”
I seriously doubt that anyone providing consent to see “which celebrity I most resemble” expected their data, and the data of anyone linked to them as a friend, to be used to create a psychological profile for targeted political ad campaigns (2014 American mid-term elections, 2016 American presidential elections and 2016 #Brexit referendum). Remember, the US presidential campaign was won via the electoral college by 80,000 votes in three states and the EU referendum was decided by 2% of UK voters. Here’s a link with more information on how this was achieved.
Twitter is taking some active steps by erasing bot farms and strengthening its policies around hate speech, but more can be done there as well. LinkedIn, for its own part, could also do with a data privacy health check (if I have to be asked one more time to allow access to my contacts...)
GDPR is landing at the perfect time, in light of "weaponised big data" and analytics-for-profit. We, the data subjects, are not a commodity.
With Facebook’s HQ in Dublin, and the court cases taken by the governments in Belgium and Germany, it puts particular focus on how the DPC reacts to this event. This small island on the edge of Europe suddenly finds itself the gatekeeper of the future global geopolitical battles. Interesting times... #gdpr #privacy
Written by Carlos Da Silva, IT Consultant.
If you have any queries regarding GDPR, please contact gdpr@sureskills.com