Written By: David Winter – International Director
The old, loose system of data protection, which allowed European Union (EU) members to set their own rules regarding data privacy and security, has become obsolete. Today the rules of the General Data Protection Regulation (GDPR) are one and the same for every company operating in any EU member country, and with global implications. The tightening move on data privacy by the EU was prompted by the increasing amount of data that companies have on their users as well as the increasing number of security threats resulting from possessing this large quantity of data. In essence, the new regulations offer users both enhanced privacy and security, eliminating the long-known dichotomy between the two, or at least so in the private sector.
Europe is tackling a problem of large magnitude.
Europe’s new regulations were a response to a problem that is undoubtedly large. Research by IBM has documented around 96,000 security threats in one of its databases. The company’s statistics showed that the losses of 100 banks amounted to US$1 billion due to attacks in a period of two years,and that 60 percent of these attacks were perpetrated with the help of insiders. Clearly, the GDPR was long overdue.
The new regulations reach and affect any company that does work with individuals in the EU, even if it is not located in the EU. They also urge companies to be more active in their cybersecurity strategies. For example, a data breach should be reported within a timeframe of no more than 72 hours after being discovered, or the company could face sizeable fines. The fines increase further if noncompliance withthe GDPR by the company is detected and is found to have led to the breach.
Data cannot be overvalued.
Regulations need to evolve, given that data has become a commodity,and a pricy one for that matter. It is behind companies approaching 1 trillion dollars in market capitalization. It is also the raw material for almost all industries. This probably makes it the most profitable commodity to hold in our contemporary economic times, as it can generate exponential returns. The power of data is tempting to hold for both businesses and governments alike; and in both cases, unscrupulous users can take full advantage of it. Indeed, data has become a weapon, with the ability to make the difference between triumph and defeat in achieving political ends as well as profit.
Aside from the Cambridge Analytica and Facebook scandal, which is big in its own merit, governments are capitalizing on data and cooperating with big-data providers from the private sector in Europe and elsewhere for surveillance purposes and in order to enrich their intelligence databases with a fortune of information. Although governments such as that of the United States, among others, claim this is for the purpose of law enforcement, it opens the door for a vast potential of abuse and misuse
The tales of such misuse are many: from the Australian government mistakenly flagging the wrong people for Social Security debt collection to police officers illegally tracking a man’s location with the cooperation of telephone carriers in America; data abuses and misuses are too many, with big consequences for individuals’ freedoms and civil rights, as well as their security. For example, cases of police officers who unlawfully extracted the data of their girlfriends or other people in the USresulted in cases of stalking, harassment and identity theft. And the incidents of data misuse of which we don’t know are probably far more than the ones we do know about.
Big data is beneficial, but risk management is paramount.
This is not to say that big data is harmful. In fact, the opposite is true. Big data has paved the way for higher efficiency, healthcare benefits enabled by precision medicine, better customer service and better assessment of users’ needs to enable innovation of new products—to name only a few benefits. Yet, big data is a leverage, and without proper controls,unbridled governments and organizations can use it for their own illegal advantages.
The risks of misuse of data increase with advances in the Internet of Things and the improvement of some algorithms, such as facial-recognition algorithms. Such algorithms power digital surveillance methods and give governments the chance to track their citizens on an unprecedented level. The Chinese government, for example, is using this technology to even assign a “trustworthiness” score to its citizens, with implications such as giving an individual faster Internet or an easier visa to Europe if he or she receives a high score. The benefits of such methods include the ability to identify criminals more quickly and easily. But such tactics are a cause of concern for many as they offer the government a high level of control, and the consequences of misuse of such mass surveillance capabilities could be disastrous.
The EU says “no”.
With the introduction of the GDPR, the EU has decided to say “no” to data abuse and misuse, despite heavy lobbying from American tech companies. The new laws affect any US businesses working on European soil or dealing with European nationals, and they give users back some control over their data. The new rules ensure that users receive the right to know what companies are doing with their data and can request a copy of that data any time they choose. They also ensure that users are giving companies an unambiguous “yes” to collect data about them, and that companies obtain only the minimal amount of data about users, and that users can opt out and request their data to be removed at any given moment.
The measures are a step in the right direction. The argument that governments must encroach on people’s privacy in order to protect them is no longer sensible nor plausible. Even with the current level of surveillance, the US government, for example, could not preempt the multiple deadly attacks on its soil in recent years. And thus the efficacy of such programs needs to be challenged, and individuals’ freedoms need to be upheld.
Europe has set a good lesson for other countries in terms of data privacy. America has much to learn as it lags behind in this area, especially with many companies labeling their data policies as trade secrets. China seems to give security the higher emphasis, as citizens are being watched by CCTV (China Central Television) cameras dispersed all over the country. While recognizing the advantages this offers to the government, any vulnerabilities in Chinese databases can make the job of potential attackers much easier, thereby reversing any security benefits. At some point, a balance has to be maintained. Even better, privacy and security need not be mutually exclusive, as the EU has successfully conveyed.