Data privacy: will the EU regulation achieve its goal?
The General Data Protection Regulation (GDPR) comes into effect in the EU on Friday. It is meant to standardise data privacy in the EU and strengthen consumer rights - particularly in regard to US companies. While some commentators see the EU as a pioneer in data privacy, others say the regulation could end up hurting those it is meant to protect.
We need rules for a changed world
The balance of power between the people and the IT giants has finally been shifted, Aftonbladet writes:
“The big digital technology companies are among the richest and most influential in the world, and their activities and data collection leave extremely tangible imprints on our daily lives. Services like Uber that are provided through apps lead to wage dumping and worse working conditions. The scandal over Cambridge Analytica shows how politics can be influenced through Facebook. Increasingly sophisticated e-commerce can destroy the retail trade in a city. We are dealing here with companies whose business models are apparently changing the preconditions for our social life. We need rules that enable us to come to terms with this too.”
Miles ahead of the US
With this regulation the EU has secured a huge lead vis-à-vis the US, writes Politiken:
“With fines of up to four percent of a company's turnover a serious effort is being made to put an end to the abuses of impostors and tricksters on the digital market. If anyone doubted the EU's political will and vision for the digitalised world - this is the response. The new stringent rules give Europe a massive head start against countries like the US when it comes to data protection. The supervision of data, however, does not happen all on its own and it speaks volumes that Facebook is trying to sidestep the EU's strict rules.”
Well meant but poorly executed
The General Data Protection Regulation may end up hindering those it was meant to help, Kurier fears:
“As so often this EU regulation was the result of good intentions: the idea was to prevent the misuse of data by anonymous international companies. But in the worst case these companies may actually benefit from the law. Because let's be honest, as a consumer you want to continue using Google and Facebook, so you'll blindly accept pages and pages of terms and conditions. But it will be much easier to have your adress removed from a small company's mailing list (if only out of sheer sloppiness). That, in turn, could mean that businesses will only (have to) use Google all the more to keep reaching out to customers. And unlike mid-sized local firms, the big US companies have cohorts of lawyers whose only job is to get around such regulations. What's more, this particular regulation is clearly a test case for them.”
Urgent questions for the future unresolved
The regulation provides no real answers to the key questions, Handelsblatt complains:
“How a company can be forced to provide transparency about its algorithms, for example. ... It won't be long before self-learning computers are making important decisions for millions of people - in traffic, when shopping and when looking for a job. Companies are already using algorithms to view job applications. How to ensure that they don't discriminate against any applicants? What authority can check this? What crash barriers must the state put in place here? Answers to such questions would increase people's trust in the new technologies. The GDPR deals with the important topic of data but doesn't provide rules for the key data topics of the future.”