Recent revelations with respect to Facebook have brought the issue of personal data and privacy sharply into focus. In what is seen as a dynamic shift in the balance between data, the consumer and the platform provider, we note that on 25th May, a new European privacy law comes into affect which will impose restrictions on how personal data is collected and disseminated.
The regulation named, General Data Protection Regulation or GDPR, seeks to ensure that users know, understand, and consent to their data being collected, Furthermore, the old days of the obligatory fine print and users being forced to consent in order to sign up are coming to an end.
The new regulations will require organisations to provide clarity with respect to how they collect data and how they use it. Furthermore they will be required to explicitly state why such data is being collected and whether it will be used to create profiles of peoples’ online behaviour and usage. In addition, consumers will have to right to access the data such organisations store, correct inaccurate information and limit the use of decisions made with respect to them, in terms of profiling.
This law will apply to the 28 member countries of the European Union, even if the data is processed elsewhere. What this means is that the GDPR will apply to e.g. publishers, banks, universities, ad-tech companies and Silicon Valley technology giants.
GDPR’s influence has already been brought to bear with changes made in data-collection and handling practices. Whilst it maybe argued that this is just a mere coincidence, we note that Google has revamped its privacy dashboard and Facebook announced its own privacy dashboard, ahead of its adoption. Whilst the law applies only in Europe, changes are being implemented globally to simplify and streamline business processes.
The mere fact that the GDPR places emphasis on consent, control, and clarity of explanation is expected to see users better understand and reconsider the ways they are monitored online. Furthermore, the GDPR is also seen, in some quarters, as a mechanism to change corporate data-handling practices.
The fact that consumers will have the choose to opt-in or opt-out means that organisations will now have to seek financial remuneration based on consumer trust and consent which is a 180 degree shift from what we have in place currently whereby organisations acquire data and then seek to monetise it.
It remains to be seen the ease with which such laws can be implemented but what is clear that organisations are now going to have to be accountable for the data they collect and how they intend to use it. It should also address the issue of just how much personal data has been used to influence our behaviour and how we have reacted to that accordingly.