The new General Data Protection Regulation is coming into effect at the end of May... and boy, will affect all of us. I have decided to share my opinion on the issue.
Everybody is doing it after all.
In case you have been living under a rock (or if you are just not that interested), these are the new (very simplified) rights of every EU citizen regarding their private data:
Right for Consent - you have the right to opt-out of any private data collection
Right for Portability - you have the right to download all the data a company has collected about you
Right for Rectification - you have the right to correct any piece of information about yourself
Right to be Forgotten - you have the right to request deletion of all the data concerning you.
There are plenty of articles, blog posts and guides on what the GDPR will mean and how to prepare your startup/enterprise. All companies are spending valuable resources on implementing necessary changes and making sure they are compliant.
What very few people talk about though, is what GDPR isn’t and why it isn't a solution for everything.
The four points above are undoubtedly personal freedoms that should be available to every person in the world (not just the EU). In case of a valid reason, they should definitely exist. However, it is my personal opinion that the way GDPR is being talked about and perceived by the general public sounds similar to if we would expect the police to guard all of our houses so we can leave them unlocked. It gives people the feeling that their data privacy is being handled by a higher authority and that they can live in peace, browsing away on all their free internet services.
The existence of these rights in the current world is only possible, however, if the number of people that actually enforcing the GDPR rights is not very high. Well, not significantly high enough to influence the business model of the companies that it relates to. Each and every internet user today should be aware that Facebook and Google (and Spotify and hundreds of other services) are free to use, but for a reason. A famous quote popularised by Andrew Lewis (blue_beetle) suggests:
’If you are not paying for it, you're not the customer; you're the product being sold.’
Most of the free services available to all of us today live off of advertising (or some other scheme of indirect monetisation of their user base). This is only possible if all of us participate and a critical user mass exists. So what if every European user would opt-out of data collection? What then?
What happens If everyone enforces their GDPR rights?
In his recent congress testimony, Mark Zuckerberg hinted at the possibility of offering ad-free paid subscriptions to Facebook, with Josh Constine from TechCrunch reacting with an interesting piece on how much that could/would have to cost to cover Facebook’s current earnings from advertising. Would you pay 11$ a month to keep your Facebook account ad-free? What about if you had to pay a small amount for every Google search you make? Or pay for your private Gmail account? Would you do it to keep your online behavior anonymous? I certainly wouldn’t.
Not because I don’t see the value of data privacy. Neither because I am a Data Scientist and therefore ‘one of them’. It is because I understand that very few great things out there are for free. And none of them are online.
To Sum This Up:
I think GDPR is great. I think it was necessary and a long time coming. But people should know when and how to use their rights and understand the consequences of a paradigm change. Is it wrong that Cambridge Analytica stole and repurposed a whole bunch of user data? Of course, and I really hope they all go to jail.
But can we blame Facebook for the outcome of the US Presidential Elections? Hardly.
It is the people who lack the education to spot bullshit on the internet, who spread fear and become victims of confirmation bias who are to blame. It is all of us. My hope is that people will realize that the world is not the same anymore, before all the neat (and seemingly free) technology that we use everyday, will have changed.
I know I am trying.
Lukas (Co-founder @Knoyd)