‘This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.’ This is stated in Art. 1 Sec. 2 of the General Data Protection Regulation (GDPR). The GDPR is said to be the toughest privacy and security law in the world (General Data Protection Regulation (GDPR), 2013). GDPR was drafted and passed by the European Union, but it affects organizations around the world that target or collect data on European citizens. On May 25, 2018, the regulation was put into effect (Wolford, 2018).
The GDPR came into existence to signal the stance of Europe on data privacy and security. This was especially relevant since more and more people are entrusting their personal data with cloud services and daily data breaches are a daily occurrence. Even if your company is not situated in Europe, but you do offer services or goods to people that do, GDPR applies to your too. But where did the need to protect our online privacy come from? Let’s have a look at a real-world example.
Most of us know what Instagram is, but if you don’t, it’s a popular platform used to share pictures with others. Did you for example know that everything that you do on their mobile application is being tracked? Instagram knows how long you have bene scrolling for, how long you have looked at a certain picture and where you like a picture. The same could be true for other platforms such as Facebook (Nast, n.d.).
From an information strategy perspective, it makes sense to collect data on your users and to use that data to maximize profits by identifying your targets. At the same time, from a privacy perspective it makes sense to prohibit organizations from collecting these kinds of data without prior consent of the user. Businesses need to collect data to be able to analyze that data and capitalize on it. This is how online businesses generate income, for example by running targeted advertisements to the visitors of their website. These advertisements can only be targeted if you agree upon that beforehand, since the introduction of the GDPR (Elias, 2021).
From all this information it becomes clear that companies need to collect data on their users to improve themselves and make money, but it also becomes clear that companies can collect huge amounts of identifiable data on specific individuals, such as yourself. This brings up the question, whether companies would be able to survive by introducing the option where you pay for your privacy and that you will not be tracked by any platform. So, the question that remains is whether you would be willing to pay for your online privacy and how much you would be willing to pay? Maybe you don’t even want to have to pay for it, but then the question becomes, are you fine with the fact that companies are tracking your online behaviour?
References:
General Data Protection Regulation (GDPR). (2013). General Data Protection Regulation (GDPR) – Final text neatly arranged. [online] Available at: https://gdpr-info.eu/art-1-gdpr/.
Wolford, B. (2018). What is GDPR, the EU’s new data protection law? [online] GDPR.eu. Available at: https://gdpr.eu/what-is-gdpr/.
Nast, C. (n.d.). How to stop Instagram from tracking everything you do. [online] Wired UK. Available at: https://www.wired.co.uk/article/instagram-story-ads-privacy-delete [Accessed 21 Sep. 2021].
Elias, M.G., Jennifer (2021). How Google’s $150 billion advertising business works. [online] CNBC. Available at: https://www.cnbc.com/2021/05/18/how-does-google-make-money-advertising-business-breakdown-.html.
Hi Ritesh, interesting article about Privacy and the GDPR. Or course there are now more rules, but as government regulation always lags behind the technology I wonder if big data companies have already found ways around it? And besides regulation, what can customers do to ensure their privacy, what can they change in their habits?
Thank you, despite some spelling errors, a very interesting post. I like that you use Instagram as an example, though it always scares me to realize how much data such companies gather without you actively being aware of it. I think most of us do not really dwell on the fact that these applications and sites gather more data than we think and know more about us and our behavior than we probably do.
I do want to add that I think a lot of companies are currently just gathering data for the sake of it. It has become a trend to gather as much data as possible, but most organizations are in the dark about how to use this data effectively to actually reap the benefits and income that this data can generate. I think we can still make great progress on this, by ensuring businesses and their employees have a deeper understanding of data collection and the endless possibilities that this data provides.
I find your post very interesting. The topic of privacy has always fascinated me. Despite the fact most people claim they are aware of the privacy risks, I bet many of them don’t even read, for example which Cookies they allow to track them. I recognize this myself since sometimes I just want to access a website quickly and out of convenience I just accept all Cookies, not realising their impact. And Cookies are one of the most clear examples for us human beings. I find it astonishing that I didn’t know Instagram can see how long I have looked at a picture. And then when I think about it I guess somewhere in the back of my mind I did know this, but I don’t care enough to act on it, yet! I believe that the willingness-to-pay to protect your pivacy depends on the awareness we have about privacy. In my personal opinion this is not stressed out enough and not brought to attention enough. By doing so, I think many people would be willing to pay for their privacy. Simply, to protect yourself beause right now there is no other way. However, privacy can be seen as a fundamental right. Therefore, some people won’t be too happy to pay for this and it might become a delicate matter of discussion.
Very interesting and important topic to write about! GDPR has undoubtedly revolutionized the Data Privacy legal sphere. Since GDPR was issued, other jurisdictions such as the issued California Consumer Privacy Act (CCPA) in California have followed. In the current fast developing technological world it is important that the data subjects rights are protected and valued. The example of Instagram you provided is a very interesting, prominent example of usage of cookies and other tracking abilities of those platforms and the high amount of personal data that is collected in this context. What is also an interesting perspective to look at on the impact of GDPR on the private sector, is the fact that compliance with GDPR has financial implications for companies. Under GDPR, companies that collect data (thereby becoming data controllers), have to appoint a Data Protection Officer who ensures compliance. Furthermore, companies have to maintain certain legally required privacy documentation, have to provide data subjects on request their personal data, have to delete personal data of data subjects on request of the data subjects and change it on request. All of this requires the hiring of Privacy professionals which is an additonal cost for companies. Furthermore, for certain processing activities in order to maintain compliant, companies have to adjust their IT structures and the localities of the databases where this personal data is stored. All of this protects the rights of the data subjects, but is a financial burden for companies, which highlights the question who should carry this financial burden, the data subjects or the companies?