Article in progress…
Europe’s highly-anticipated General Data Protection Regulation (GDPR) went into full effect on May 25, and has already presented both challenges and opportunities across the globe.
With transparency and trust as two of its many pillars, companies under GDPR compliance are now obliged to make their data policies clearer so that users can adequately understand how their data is used and stored. (To make it simple and accessible at this stage, could we say something like … ‘To many people, the GDPR’s arrival has just meant a flood of emails in their inboxes from companies seeking to comply with the regulation. For many, it has been a welcome opportunity to unsubscribe from pestering mailing lists).
GDPR has already changed how users experience the web since it went into effect. The U.S. media network NPR, (National Public Radio, link?) for example, now gives users the option of declining its new terms by allowing them to view the site in plain-text. National Dutch news organization NOS gives users the choice between viewing the complete site with either personalized ads and tracking cookies or non-personalized ads and no tracking cookies.
Many non-EU companies took more drastic measures, blocking EU users from visiting their sites altogether, such as Unroll.me, an inbox management firm.
Despite concerns from some tech firms that Europe is becoming a “digital backwater” (New York Times) by stifling businesses and innovations, GDPR is meant to do the opposite. A regulation that forces companies to place consumer trust at the center will naturally be good and better for business. As people become more aware of the value of their data, they will stay at companies that can behave responsibly with it.
GDPR is just the beginning in the development of robust data privacy protections, and has already catalysed new ideas from innovators that are “designed to serve mankind,” as expressed in Recital 4 of the regulation.
WikiTribune is compiling a list of new innovations created in the aftermath of GDPR. Help add to it.
Regulation technology, or RegTech
Not so much a product as a new field within the financial service s industry?, regulation technology will play a more important role as companies look for ways to comply with GDPR.
RegTech – as it’s commonly known – develops technology solutions to help companies better comply with regulations more seamlessly. One pioneer in this space is Collibra, a company that focuses on data governance and help enterprises to streamline their growing troves of data. [Par sounds like an ad, which is difficult in this space. But try to say it very plainly and without jargon.]
This is a field that will drive many new innovations as compliance isn’t straightforward, which means more specialist technology solutions while maintaining the standard of GDPR. [Could you explain why compliance isn’t straightforward? In a sentence or two?]
Machine readable privacy policies
The goal is a standard for machine readable privacy policies that captures all of the information required by GDPR. This standardization will extend to taxonomies for the classification of personal data and unique identifiers for data processors and controllers.
His quote about people not wanting to read a million different privacy policies here. ..”
It is thus difficult for users to be or to stay meaningfully informed because the time spent on reviewing policies does not scale practically with the number of services, nor the rate at which privacy policies may change. This leaves the user in the default position of being uninformed and manipulable.
“A really important part of making the to-be MRPP standard useful is legal alignment and enforcement, because without that no-one has to implement MRPP,” Uzeirbegovic told WikiTribune. “And it’s not in the interest of companies at-large to increase their potential liabilities by being more transparent than they have to be.”
Another idea is a one-of-a-kind ‘Transparency Widget’ by data protection management software company DPOrganizer, which allows users to see what personal data a company holds on them and understand how it is processed by clicking on a widgets on a website or app.
With a drop-down menu, a visitor to a company’s website can select what type of user they are and view a small report which shows information such as personal data items collected and any third-parties that the personal data is shared with.
The founder of DPOrganizer, Egil Bergenlind, is bullish about GDPR driving innovation. “One of the main purposes of GDPR is to enable businesses, to harmonize markets with regulation,” Bergenlind said.
“It will become easier to share data across borders and [be used] in innovate ways. The intention is definitely not to hinder innovation that is good for society and for the economy.”
However, most innovation, Bergenlind told WikiTribune, comes from the changed mindset of companies and individuals, not primarily regulation. “GDPR is really one part [of privacy]. As consumers, we have now started to realise the value of our data [and] want more control over it. Companies will see how important transparency and relationships based on trust is.”