GDPR: (Finally) A Legislation For The Digital World

By Eva Oravcova

By Eva Oravcova

[mks_dropcap style=”letter” size=”48″ bg_color=”#ffffff” txt_color=”#000000″]O[/mks_dropcap]n April 11, ASIF Ventures hosted a panel debate ‘The Two Faces of Facebook’. The event was held at the Startup Village in the ASIF Venture studio. The three panelists discussed, amongst other things, the state of affairs post Facebook-Cambridge Analytica Scandal. In particular, they focused on the raising online privacy concerns in the eyes of the public as well as the EU legislative response to this problem in a form of the General Data Protection Regulation.

“If you go to a bakery and ask for the same bread every day, after a week, the vender will remember your order and know what you’ll want. The same principle applies to Facebook.” said Karlijn Vogel-Meijer, one of the panelists in the discussion. In this simple observation, Vogel-Meijer captured the challenging dynamic between digital service providers and their customers. It is understandable that websites collect user-information. As Dominik Walters, ASIF Ventures president who also participated in the discussion, pointed out, there are instances when users might appreciate a provider’s ability to accumulate knowledge. “Netflix for example, I want them to know exactly what I watch because I want them to recommend other programs I’d like.” He continued by explaining that once the collected data becomes more personal, such as “financial or health information”, the trade-off between privacy and convenience becomes much more difficult to make.

Unfortunately, collection of big data is more and more associated with companies misusing users’ data for instance for targeted advertisements or even selling it to other companies. The seeming abundance of data breach scandals in the recent years has risen awareness about the issue of data privacy and has brought the topic to the mainstream public discourse. Because consumers are more aware of these practices, they have been demanding more transparency and privacy protection. In response, in 2018 the European Union introduced GDPR, a new legislative framework designed to change how data is handled across sectors.

Photo: Eva Oravcova
From the left, the discussion leader Jacky Yuejie Wang and the panelists
Karlijn Vogel-Meijer, Tom Dobber and Dominik Walters as they answered questions from the audience.

What is GDPR?
The General Data Protection Regulation or GDPR is the most important reform in data privacy regulation in 20 years. It was enforced on May 25, 2018, replacing the Data Protection Directive 95/46/EC. This EU directive was adopted in 1995 and used to regulate the processing of personal data within the European Union. It is understandable that a legislation created before the proliferation of smartphones, and smart devices in general, was unable to address the issues that arise from the new technologies. One of the main issues became data privacy protection as companies have increasingly used smart devices to collect and potentially sell massive amounts of sensitive information about their customers. To counter this, and many other practices that negatively impact the customer, GDPR was put in place.

At its core, GDPR is a legislative framework that better reflects the reality of the digital age we live in. The regulatory guidelines are designed so that both citizens and businesses in the European Union can fully benefit from the digital economy. GDPR has three main aims: to introduce uniform data privacy guidelines across all countries of the EU; to protect data privacy of all EU citizens; and to change organisations’ approach to customers’ data across the region.

Unprecedented scope
One of the major changes from the Data Protection Directive 95/46/EC is the increased territorial scope GDPR covers. This legislation applies to all companies processing personal data of people residing in the European Union, regardless of the company’s position. In other words, any organisation that either operates in the EU or handles information of EU citizens is bound to comply with the legislation. As Walters pointed out, this means that GDPR applies to almost every big corporation in the world because of “the global nature of today’s market”.

Since its enforcement in May last year, GDPR has also has served as a blueprint for non-EU Member States to update their national policies. For example, Argentina, Japan and Canada have already made revisions to their regulations regarding data privacy protection. During the debate, Walters pointed out that this might also be a consequence of the fact that many international companies are choosing to implement a single GDPR-compliant policy worldwide. He said: “Having various policies is impractical for the company and frankly, it’s also bad for the optics.”

Another novelty is the right to be forgotten, also known as Data Erasure

How does it affect you?
As GDPR aims to address the imbalance of power between the consumers and the big tech companies, the consumers gain more control over how their data is being processed and used. The biggest change from the previous legislation is consent; the companies are required to request consent as well as provide clear information regarding what data they are collecting and what is being done with it. In practice, this means that the long ‘terms and conditions’ forms that no-one ever reads are gone. Instead, the consent form must be easily accessible and it must be using plain language. Also, it must be as easy to withdrawn consent as it is to give it. All data, particularly personal data such as a user’s name, political opinions, sexual orientation and so on, must be stored securely.

I actually did go see the file containing all my collected personal data and I only have one thing to say: DAMN!

In the attempt to move towards more data transparency, GDPR mandates that customers are able to get a copy of all collected personal data in an electronic format, free of change. Another novelty is the right to be forgotten, also known as Data Erasure. This means that customers are entitled to have their personal data erased. The details for this procedure’s requirements are outlined in Article 17.

While there are still aspects of the data privacy issue GDPR fails to adequately address, it is undoubtedly a step forward. One of its biggest accomplishments is that it has raised awareness of how much data the companies are collecting by giving the customers the opportunity to find out for themselves. As Vogel-Meijer said: “I would really advice all of your to go see the overview of the data, for example on Facebook or Google, just to give you an understanding of what they know …because it is so much.“ I second that recommendation because after the discussion, I actually did go see the file containing all my collected personal data and I only have one thing to say: DAMN!

Cover: Pixabay / Final Editor: Ivo Martens

Join Our Newsletter

New on Medium

Follow us

Google Workspace Google Workspace prijzen Google Workspace migratie Google Workspace Google Workspace