2018 Is A Better Year For Customer Data Privacy Due To GDPR
2018 can be summarized as the year when strict implementation of customer data protection policies was felt by the public, regardless of where they are located in the world. This is caused by the compliance of multinational companies to the European Commission’s GDPR (General Data Protection Regulation), which fully took effect starting May 25, 2018. Multinational firms covered by GDPR (all of them basically) are required to pay a hefty fine of up to 4% of the annual global turnover or €20 million whichever is higher.
The bottom line, the implementation of GDPR benefits, not only Eu-member states citizens but all the customers of a multinational company, as they chose to adopt a unified Terms of Service/Terms and Conditions for their products and services. Initially, pundits believe that multinational companies affected by GDPR will have two types of Terms of Service, those that cater to GDPR – for Europeans and those that live outside EU-member state and a Non-European citizen.
GDPR does not in any way prevent data breaches and insecure data storage by multinational companies, but it gives these companies something to think about, to be paranoid about. Becoming a victim of a data breach is already damaging for a company, supplemented by a GDPR fine afterward will surely hurt even the biggest of companies. Initially, Facebook was fined $500,000 under the GDPR for the Cambridge Analytica fiasco it was involved with. The social media giant may be facing a $1.64 billion fine later on with regards to the recently occurred 50-million account breach. Google, another tech giant in the business of search, mobile computing and other related technologies are also facing a huge GDPR fine for the “location history” controversy surrounding its MAPS service available in Android.
Aside from data protection and data privacy, through GDPR, users are guaranteed to have data transparency. For them to be given a facility in order to download their own data entrusted with the multinational company for archival purposes. This means that service providers must never keep the information of their customers for themselves, but also enables their customers to download them anytime, and also the capability to destroy their own accounts (hence all the information stored in them).
“It’s not enough to amend terms and conditions, as Facebook and Google did in response to GDPR. Users are still scrolling through hundreds of lines of text and giving consent, without really knowing what they’re consenting to. Once you have data transparency, you can have honest conversations with customers about trade-offs. Your customers can make educated decisions, but they need to be given the choice about what they’re willing to give up in exchange for a product or service instead of it being chosen for them,” emphasized Martin Gontovnikas, Auth0’s Vice President of Relations.
Customers need to understand their rights and privileges as patrons of multinational business firms, and the law is there to protect them. “GDPR has made way for public awareness of data privacy and consumer rights, so technology companies must adapt if they are to retain their users’ trust and maintain a good reputation. This type of initiative may only be cost-effective for larger organisations such as Apple, for whom the trade-off between self-service and dealing with lots of individual requests for data pays off. For smaller companies and start-ups, on the other hand, this simply may not be an option. Many companies have so far sought to take different approaches in different regions, but Apple has extended its tools for EU residents to the US. This can be sold as a positive, brand-enhancing step, but the tech giant must ensure that it positions its new privacy features correctly so that the reality lives up to the expectations it has created for itself,” explained Mark Taylor, Osborne Clarke LLP’s Partner at International Legal Practice.
Julia Sowells713 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.