Data Regulation: Where Are We Headed?
- Data breaches have reached unprecedented magnitude, the latest being the 30 million Facebook accounts breached during October.
- This has triggered different counter-measures from governments and institutions, the latest and most stringent being the EU’s General Data Protection Regulation (GDPR).
- Data regulation has been criticised as impractical, taking responsibility away from individuals and threatening freedom of speech and content.
- Last Wednesday, Apple’s CEO praised GDPR and warned against “weaponisation” of personal data, making the case for regulation while blasting its rivals Facebook and Google.
‘Data manipulation is posing a new threat to democracy.’
The year 2018 has witnessed a shift in global media attention towards data breach scandals as the number and size of data breaches has significantly risen over the last few years. According to the Breach Level Index made by Verdict, more than 4.5 billion records were stolen over the first half of 2018; 80% of breaches were the work of malicious outsiders, 19% were due to accidental loss, and 1% from malicious insiders.
Data breaches are not the only cause for concern. Consumer data has become a business of its own. Data points such as likes, dislikes, website visits and product choices are all tracked by organisations. This new market is now worth billions of dollars, and allows businesses to create detailed profiles of online users and to offer them increasingly accurate and personalised content. In his speech at the International Conference of Data Protection & Privacy, Apple CEO Tim Cook compared data points to “surveillance”. He said, “personal data serve only to enrich the companies that collect them”. Outside of commercial purposes, there has been a number of allegations of user data being utilised by political entities to influence election outcomes, such as those denouncing Russian interference in the US elections as well as in the UK’s referendum on EU membership. Data manipulation is posing a new threat to democracy.
Issues of data breaches have not been left unanswered. Last Thursday, Facebook was fined £500,000 by the Information Commissioner’s office in response to the Cambridge Analytica scandal. Last May, the EU enforced its General Data Protection Regulation which was described as “the most important change in data privacy regulation in the past 20 years”. Some of the key changes were the inclusion of any company, even outside of the EU, processing the data of its residents, strengthening consent and sizeable penalties for infringements. GDPR also includes compulsory breach notification for any company processing data, a right for users to access information about the use of their data, a right to be forgotten and obligations to strengthen data protection.
However, data regulation raises a number of different issues. Most of its critics have focused on the impractical aspect of a regulatory framework for data processing. Questions that demonstrate its complexity are easy to find: Is a right to be forgotten a realistic expectation, given the speed at which online content can be archived, reposted or replicated? At what point does privacy become censorship? To what extent should the “right to be forgotten” be balanced out with a “right to remember”? In addition, the EU’s GDPR has been said to lack clarity in its classification, for example when it comes to differentiating “data processor” from “data controller” companies.
Data regulation also raises concerns for Small and Medium Enterprises (SME’s) as those might be put at a permanent disadvantage by the cost of compliance, whereas larger companies will be better prepared to absorb it. More generally, attempts to control online content and practices has been denounced by some as a threat to freedom of expression and creativity in general. Furthermore, establishing a legal framework means taking away responsibility from users, and may create unrealistic expectations for privacy as well as a false sense of safety online.
The magnitude of the Cambridge Analytica scandal brought the debate around data privacy and regulation to the international scene. The EU already made its move, and GDPR is now waiting for the test of its own enforcement. On the other side of the Atlantic, the Trump administration has already shown its reluctance to enforce such laws, complaining about the barriers it could put on global trade by burdening companies with the costs of compliance. One thing is for certain, technology moves fast and won’t wait for legislators to find solutions before it poses further questions and debates on how to control it.
Written by Sebastien Coudert. Edited by Abdi Buwe.
Warwick Congress Blog
Bolsonaro’s Brazil: Sexism, Crime and the Economy 18 November, 2018 Jair Bolsonaro has risen from relative obscurity to become the leader of South America’s largest economy. Bolsonaro’s controversial remarks about women have been criticised by those who believe the...
Autumn Budget: the end of Austerity? 03 November, 2018 Philip Hammond delivered the final autumn budget before the UK is expected to leave the European Union. The chancellor announced the personal allowance threshold will rise from £11,850 to £12,500 and the higher...
Free Speech in Peril 24 October, 2018 Attempts to curtail free speech are not only occurring ‘over there’ in Russia, China or the Middle East, but in the liberal-democracies of the West. Whether on university campuses or in society-at-large, censorship is being...
Want new articles as soon as they get published?
Become a Member of Warwick Congress!