Ideas about GDPR
- 3 minsWhy I write this blog
This Friday, 2018-11-09, during my IDS class, professor Salvo invited his friend Evan Schuman to share his understanding of GDPR. We had really interesting discussions during that, and I am writing to share things I found meaningful and interesting about GDPR.
What is GDPR
GDPR refers to General Data Protection Regulation. It is a regulation in EU law on data protection and privacy for all individuals within EU and European Economic Area. The GDPR aims primarily to give control to individuals over their personal data and to simplify the relulatory environment. (Definition on Wikipedia)
Why Companies in United States should care
First, all companies with any customer in EU need to follow GDPR. More than this, if a company has any partner having any customer in EU needs to follow GDPR. The second rule forces almost all tech companies need to follow GRPR, cause nowadays everyone is using services offered by several huge companies and tech companies are just closely connected.
What is the intention of GDPR
The pic above explains why we need GDPR. Whenever a company starts thinking about whether to develop security protection. The key is always a comparison of how much they would lose if damage happens and how much it costs to develop security system. GDPR actually adds the cost of situations when a data breach happens, so it is trying to force companies to build up protection.
In addition to forcing companies developing protection, GDPR also cares customer privacy, and arugues that users should have control to data of themselves. We are living in a time that technology grows wildly, and everyone’s personal info is visible to service providers and could be misused. The GDPR really wants to help customers avoid situations like you received ads about goods you just searched or talked about. GDPR specifies that user have the right to ask companies to delete data about themselves(right to be forgotten), and companies should be careful with decisions based sololy on automated processing.
What are the challenges GDPR facing
I would say the largest challenge is that GDPR conflicts with the real world.
- Is it possible for a user to be totally forgotten? Your data is backed up automatically daily, and all your emails will exist as long as you send emails.
- The traditional bank systems tracks user history credit, what if a user ask to be forgotten?
- One kind of tech companies are data company, and data is their core value, like Google and Uber. GDPR is fighting against their interest, and argue that people should have control to their own data.
In addition, since it is a law, many words used in GDPR are not clear from an analytical perspective. For example, “organizations that engage in large scale systematic monitoring”, how large is large scale, and does CCTVs count as monitoring system?
Last but not least, I can feel how badly people making GDPR are trying to protect privacy. However, do people really care about privacy, especially our generation? Our generation is actually the group of people who enjoys the benefits of big data and who suffers from auto generated ads. Professor Salvo joked as how can you guys make transactions into social media(Venmo)? Different people have different perspectives of the definition of privacy, and this really make GDPR a little bit awkward.
My thinkins
GDPR reminds me that we are in the time when technology grows wildly and someone is trying hard to shape the way it grows, as they are concerned that it may harm people. The intention is great, and I love the point it makes about security and privacy. However, I think there is not a clear line between right and wrong at this time yet, and it makes GDPR really hard to figure out the way to go. Although the GDPR looks ‘dumb’ at this time, I really admire the intention to make sure technology do no harm.