// post...

Security

GDPR in 2023 and actual trends in Data Privacy

In the previous article I talked enthusiastically about the data economy, especially personal data and how it is influenced by the new European GDPR law.

I propose to look back at these four years since GDPR has been implemented, what effects it has had, what shortcomings we can see and especially what are the current trends in personal data protection.

The first visible and at the same time most frustrating effect is the appearance of requests for consent to use our personal data on absolutely every website we visit. Basically, websites and the companies behind them are forcing our hand into agreeing to the use of our personal data, making access to the information or products contained impossible or very limited, if we do not give our consent. This creates two negative effects:

  • The habit of giving consent without reading the conditions
  • The false perception that our data is actually less protected than before the implementation of GDPR, due to the fact that we tend to lose oversight of all the consents we have given.
    The perception is false because GDPR gives us the right to request and obtain the deletion of all personal data stored by an entity, even if we have given our prior consent to do so.

The perception is false because GDPR gives us the right to request and obtain the deletion of all personal data stored by an entity, even if we have given our prior consent to do so.

However, there remains the limitation imposed by too many websites in accessing content if you do not accept their cookies. Unfortunately, or fortunately, it is up to our education as users and owners of our personal data to both make use of the indispensable tools provided by law and to put pressure on content creators to offer cookie-free websites.

Beyond this very visible aspect, the effects of GDPR, as well as other laws aimed at protecting personal data, are vast and contribute to important trends in all processes related to data handling.

  • Increasing pressure on big data handling companies: according to the StrategicRisk website, 2021 brought a record in fines paid globally for breaches of data protection laws: $1.2 billion. The drop in this amount to around $830 million in 2022 shows that companies are taking the implementation of measures under these laws seriously. The lion’s share of these fines is represented by Facebook, fined $265 million in November 2022 for making the email addresses of registered minors publicly available to business users.
  • Model effect of GDPR law on other regions/countries. According to Gartner, by 2024, 75% of the world’s population will have personal data protected by a GDPR-like law.
  • Changing trends in data collection for marketing purposes. Data obtained directly from users, e.g. through questionnaires, is considered superior to data obtained second or third hand. This trend of obtaining data in a transparent way seems to be taking hold in the near future.
  • Automating data protection. The spread of the implementation of ‘Privacy by design’ IT systems on the one hand, and the increasing use of artificial intelligence in customer interaction on the other, leads to the intrinsic use of various data protection methods, the simplest example being anonymisation.
  • Creating a market for data protection. By fostering deep data protection activity, processing user requirements and automating related processes within the cybersecurity departments of large companies, the specialisation of data privacy engineer, which is in high demand at the moment, is forming. The value of this specialisation is increasing the sophistication of protection methods, but also increasing the price of personal data as such. One example is the need for data localisation in the context of cloud storage solutions, which involve spreading data across multiple geographies, subject to different regulations.
  • Last but not least, there is the growing importance of artificial intelligence in processing, handling and interpreting data. This brings with it the need to create AI Governance processes that ensure the congruence of data handling processes with data protection laws.

In conclusion, personally, I still believe that the advent in 2018 of the GDPR law was visionary because it pre-empted the predictable revolution in data collection and manipulation, doubling it with a revolution in data protection. These developments are waiting to be accompanied by changes in user mindsets.

Discussion

No comments yet.

Post a comment