Does GDPR mean I have to contact all my old dates and ask if I can keep their phone numbers?
Whatever becomes of GDPR, it has at least inspired scores of jokes. The bright side of the internet, people laughing and trying to come up with something better and funnier. Of course, GDPR exists to deal with the dark side of the internet, personal data collection in the surveillance economy. Consumer power is not strong enough to deal with this issue, regulation is needed. So good move European policy-makers. But can GDPR do what it is supposed to do? Bring control over personal data back to the users?
The principle of GDPR is to regulate the collection of data and give users control of the data businesses have on them. That means the users have to do much of the work and some users will be more capable than others (some focus more on the jokes). It also means that big businesses can find ways to “cope with” GDPR, which the same as saying they can work around it. For smaller businesses that coping may be more difficult and costly.
– Hey DJ, play Love to Hate You!
– No.
– I demand it under my Right to Erasure!
Could there have been a different approach? Oxford professor Viktor Mayer-Schönberger wrote the book Big Data (with Kenneth Cukier) in 2013. He suggests the opposite principle: to regulate the use of the data rather than the collection. (At least as I read him!) This would put the onus on companies to think carefully about how the data is applied. Mayer-Schönberger also suggests a watchdog authority and a system of fines and insurances to deal with abuse. The pitfall in this approach is that once data is collected it can leak or be hacked or otherwise end up in the wrong hands. The fines and watchdog are supposed to make companies extra cautious, but on the other hand we’ve seen leaks of sensitive company secrets so there is no guarantee. Perhaps a combination of the two could be the way forward, depending on how GDPR plays out.
Also (and this point gets lost all the time): not all data is created equal. Most data is completely useless for most people, but can be priceless for some. My breakfast habits make for boring conversation, but the number of slices of cheese I put on my bread can be valuable for health research or the dairy industry. The data I generate by playing an online game can be great to improve that game, but completely pointless outside it. Some data may be of little commercial value, but very sensitive for the user (the gay dating app Grindr has data on HIV-status, for example). If data is the new oil, this oil works very differently depending on who runs the engine. As GDPR and other regulation of the data economy develops, a more nuanced approach to different kinds of data is essential. GDPR is here, let it be the start of a conversation about how we can make a better life online.
– Do you know a GDPR expert?
– Yes
– Can I have their e-mail?
– No