In the wake of the Cambridge Analytica/Facebook scandal (where 87 million users’ data were acquired for political purposes), personal data has yet again become a diamond in the eyes of the media. And with GDPR being about one month away, it is time to really discuss who can access personal information and for what purposes.
Today, it is not uncommon to receive an email from businesses one has never even heard of, who has obviously obtained names and data from other companies – the personal data miners or data brokers, as they are called. These matters can be annoying rather than harmful.
But… What if data brokers sold information to universities, hospitals, or recruitment companies for example? This could lead to people being denied medical treatment, losing a job opportunity, or not getting into an educational program because these institutions have gotten indications that the said person won’t be able to pay, or have ended up on a record for drug users. That’s were trading with personal information becomes harming.
Who is collecting your personal data?
For a long time, it’s been quite a secret world, selling personal data. And a very lucrative one at that. Some have even compared personal data to being “the new oil”, seeing as there is a fair amount of money to be made trading this information.
An article published by the magazine Newsweek defines that the expected amount of companies buying and selling personal information in the US are between 2,500-4,000. However, what the data is being used has no statistics.
An opinion piece published by CNN recently stated that surveillance capitalism, done by companies like Equifax (who was in the news a year back for a big cyber attack), is able to work because of companies like Google and Facebook. If a person gets a service they’re not paying money for, it is sure they’re paying in another currency when they accept the terms and conditions.
The responsibility of corporations collecting personal data
There are not only the tech giants gathering personal data, all companies with a customer base do it. No matter the size, a company collecting personal information needs to take responsibility. There is no debate or argumentation about that cause.
The bigger question is what can be done on a corporation’s side to meet the privacy regulations. It needs to be understood that personal data is an asset and at the same time a liability. The GDPR can be viewed as a fire extinguisher to personal data moneymaking because now there are hefty fines to expect if personal data is not handled correctly.
Small offenses could result in fines up to 2% (or €10 million) of a company’s global turnover. Larger offenses with more serious consequences can result in fines up to 4% (or €20 million) of the global turnover. This way, companies are scared straight to keep confidential personal data secure.
Example of data collection and use
Marketing is a typical example of personal data use that we encounter every day and can easily grasp and understand. As we are more and more faced with it—cookie banners everywhere we move. Yes, it can get annoying. However, Marketing today relies heavily on how companies collect and use consumers data. When people visit a website, use an app, or interact with social media platforms, companies collect valuable information that can help improve products and services. Moreover, by understanding this data, companies can help create a better customer experience, build stronger relationships, and share relevant content. This is only one example of how companies use data—one of many.
Personal data privacy in the USA vs Europe
To make sure private information is kept safe, there is importance in where companies and servers are kept. The first point, there is a difference in mindset between American and European companies. The second point, there are different regulations within the different continents.
With the statement that privacy and data protection are both fundamental rights, the European Union has decided to make sure that its somewhat 510 million people now will have the same legal and digital framework. Therefore, anyone working with companies that keep information about the citizens of the European Union now needs to comply.
According to the GDRP, data transfer to a third party outside the EU that does not have adequate data protection standards is only allowed under exceptional circumstances. Therefore, a server located in Europe (or one of the other 11 countries that meets EU standards) is crucial.
One month to comply with GDPR
GDPR goes into effect on May 25th where the focus will be on permission and transparency. The General Data Protection Regulation means businesses have about one month left to comply and get in line, leaving them to no longer have the right to handle European user data as they wish. The GDPR will put obligations on data controllers, forcing them to explain to people what personal data they aim to collect and why.
This regulation is supposed to help users better understand the ways they are surveyed online by emphasizing consent, control, and have clear explanations. Leaving the common person empowered and in charge of their own data, while companies will need to adapt.
Data Is the New Oil—But Who Controls It?
In the end, consumers want to know exactly how companies collect data, store it, and use this information. Too often, people don’t see the systems behind platforms that quietly gather consumer data and (might) sell or share it with third parties.
Tech companies and even smaller businesses must protect sensitive personal details, because when data is misused, the results can harm real lives. Whether through big data analytics or management platforms, the responsibility lies with those who collect data to ensure privacy concerns are addressed.
Under regulations like the GDPR and the California Consumer Privacy Act and other data privacy laws, consumer privacy is no longer optional, companies must show how data is used, explain ways to collect only what is needed, and make sure customer data stays secure. By doing so, both businesses and consumers can also build trust and find better experiences in an increasingly digital world.
