What is your opinion on GDPR in context to NGI?
I see it as a big chance to improve the protection of the users privacy, but on the other hand it is a big burdon for companies with all the new regulations, and especially with the fear to get huge fines. I see little support for SMEs and high personal risks for SME owners due to the potential high fines.
Here are three concrete questions to open the discussion:
a.) Who will get sued first? Big players like FB or Google, oder public bodies or SMEs?
b.) Will citizens value the better protection of their privacy or will they simply don't care and complain about beeing asked more often to agree on use of their data?
c.) Or is this just a big incident destroying our global competitiveness?
Looking forward to read your opinion.
Manfred
5 comments on "GDPR and NGI"
c.) all the way to the bottom ...
The intentions were right - it gives us more firepower to combat some of the most rife behaviour of the big companies. Unfortunatley they also have the most resources to hire laywers. It is the SMEs and the start ups that wil hurt. And the organisations that are too naive - some municiplaities and government organisaions.
The significant deficit of citizen trust
Personal information is the currency by which society does business and is key to innovation that relies on that information. But innovation will be held back if citizens lack trust and confidence in companies and organisations storing their personal information.
According to research conducted on behalf of the UK’s Information Commissioner’s Office (ICO), only one fifth of the UK public (20%) have such trust and confidence.
Key findings
Can the new legislation coming into force on 28 May 2018 in the EU act as a lever for increasing that trust and confidence? One would certainly hope so.
The General Data Protection Regulation requires organisations to be more accountable for data protection, making sure data protection is at the centre of digital businesses strategies while raising the bar on data security.
The new law is much more than a box ticking exercise. Organisations will need to be accountable not just to their customers but also to the competent regulator, with hefty fines for non-compliance.
Sources
Information Commissioner's Office: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/11/ico-survey-shows-most-uk-citizens-don-t-trust-organisations-with-their-data/
The survey was conducted by ComRes on behalf of the ICO and is designed as benchmark measurement for the ICO’s Information Rights Strategic Plan 2017-2021.
There is a real worry that
There is a real worry that GDPR will have a negative effect on new entrants to the market and create barriers of entry to new start ups which they may not be able to overcome. This was discussed at the workshop on Personal Data Spaces and Privacy. There is also a concern that there maybe a increased financial cost to releasing personal data by providers because of the regulation.
The tension between innovation and legislation causing a limiting factor was also discussed, along with the interests of users and adopters and the policy, specifically GDPR.
Natural evolution and taking into advantage
GDPR is needed in order to prescribe and in the end enforce the use of appropriate processes and technologies in order to keep personal data handled with diligence. A company dealing with personal data is liable to keep this data secure. Period. If the company builds a business model on top of this data, let the users know this and offer them a way to opt-out.
To answer your questions:
ad a) Companies that handle users' personal data without no respect of keeping them secure will be sued. Companies who obviously misuse this data will be given penalties first. It should not be any difference due to the size of the company. But if the company's name hits the news, it is more likely to get the inspection and be given the penalty. Since the biggest companies are more likely to hit the new, then yes, I would say that the biggest players will be on the front line.
ad b) I would say that it will be similar to the "cookie law". In most cases citizens will not read the consent forms thoroughly (have we read all the latest ToS updates of the services we currently use?), but from time to time we will be glad to be aware of the details. It is important to give the users a choice and GDPR enables this.
ad c) I would say that is not an incident, it is a consequence and natural evolution. We need to take this into our advantage and provide more secure, trustworthy, and user-centric services. Services need to be built with security in mind, of course, this means more costs, but hey, we are dealing with user's data after all. And this somehow leads to the Next Generation Internet.
Regulation does not adopt as fast as monopoly
Look, Google is paying 4.6bn from their war chest if needed. They don't stop breaking law or playing unfair on EU market to gain and defend their monopol on Android. Regulation becomes a weak sword fighting against giants with nearly unlimitted finacial power. We lost every important digital market to US giants and they drain money from EU: Cloud, eCommerce, Collaboration, Operating Systems...
The only effect you get by that regulation is to tease SME and Startups, while enterprise corps can afford to ignore or legal counterfeit.
We really have an advantage on blockchain technology in EU: great startups, ecosystems, companies. But with GDPR we strangle them, as regulation is not compliant to technology. So the bis Corps will do the business. Instead of regulate the big corpsm it will strength their position. I feel really sad about the situatiuon.