Privacy is becoming somewhat of a rarity with increasing big data breaches and the rise of data-driven corporations. Most people don’t bother reading tediously long terms and conditions when they sign up for a new service online, yet there is a certain level of trust and expectancy that your data will be kept safe. However, what people don’t realise, is that sometimes they blindly give permission to big corporations to use their data as they see fit.
Most people will recall the huge breach of privacy of about 50 million Facebook users. Although it’s safe to assume this is probably not the first time it’s happened, it’s the first time a data breach of this scale has come to light. It’s also the first time we hear about people’s personal data being used in such a malicious way.
If you haven’t heard, here is a quick summary of what happened:
-
A Cambridge University researcher named Aleksandr Kogan creates a third-party Facebook app that looks at people’s decision-making process.
-
“For the purpose of the test”, Facebook users are asked to give permission to access their personal data.
-
Only 270,000 people complete the test, but Kogan is able to extract their Facebook friends’ data as well.
-
Kogan sells this data to Strategic Communication Laboratories (SCL) - a data analytics company that offers its services to governments and military organisations worldwide.
-
SCL creates a US based company Cambridge Analytica, with this research data being the backbone for its operations.
-
The data is allegedly used to manipulate millions of voters in the 2016 US elections.
Although it is yet to be determined if laws were broken or bent, ethically and morally it was wrong and the data should have never been made available to a third party in the first place.
This is just another startling reminder of the necessity for stricter rules when it comes to protecting peoples’ personal data. There are many privacy laws already in place, but many of these are outdated or simply inadequate to deal with the progression of technology.
Times are changing though. Back in 2016, the EU Parliament approved the General Data Protection Regulation (GDPR) which will replace the current data protection laws and regulations that protect EU citizens. According to its main site, the GDPR was “designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.”
Although this is a great step in the right direction as it gives EU citizens power over their personal data, it also means that many businesses across the globe who service EU citizens will have to abide by these regulations, or risk getting prosecuted. To put it briefly, the GDPR applies to all companies that are processing the data of EU citizens whether that company resides in the EU or not. Furthermore, non-EU businesses that process the data of EU citizens, will have to have a representative in the EU. This is particularly important in the event of a data breach. A representative in each EU affected country has to be notified within 3 days of the breach.
What does this mean? Well, at the very least it means that many businesses will have to change their security protocols. As it stood, companies could take several months to report a breach; if they even reported it at all. With the GDPR in place, companies have to report on a breach within 3 days of it occurring, and also provide the complete details as to which citizens data was affected by that breach. With the GDPR now in place, and light shining bright on the way big corporations handle data, its important that business take action, or risk being prosecuted.
While the aforementioned regulations are the main key differences, the new legislation brought in with the GDPR are far more in-depth and a full account of the GDPR can be found here.
The GDPR came into effect on the 25th of May, 2018.