GDPR Celebrates Third Anniversary: Assessing the Status of the Regulations
GDPR has been in effect for three years now. We'll look at how it's fared globally and what companies can expect moving forward.
The Members of Parliament recently released a report that addresses how the UK might regulate and protect people’s privacy now that it’s departing from the EU. Made possible by the Taskforce on Innovation, Growth, and Regulatory Reform, it outlines how the UK might consider approaching its policy in the near future. The taskforce comprises the Rt. Hon. Sir Iain Duncan Smith, MP; the Rt. Hon. Theresa Villiers, MP; and George Freeman, MP.
The idea is to provide an adequate replacement for GDPR without hindering organizations from opportunity or depriving consumers of their privacy. Much of it is critical toward the old framework and proposes new ways to actively adjust policies for the benefit of the end user.
We explore what the report has to say about a new UK framework and how it might support a number of economic opportunities across the country. We’ll also address protections for customers and how it’s all likely to manifest.
The MPs of the taskforce raise and attempt to answer the following questions:
The report is structured around a core goal: to improve growth in the digital economy. In 2018, the UK brought in £400 million a day, with this sector comprising six times the growth displayed in any other part of the economy. In 2020, the UK secured £15 billion in venture capital investment.
The MPs on the taskforce have laid out potential reforms that would help people avoid the time-consuming compliance requirements that can interfere with productivity. The report points out that GDPR can be difficult for small companies to follow, and the complex structure can hinder anything from startups to non-profits. It also criticizes rules that are supposedly designed to give the everyday consumer more power over their data.
MPs want citizens and consumers to feel confident that the framework will be enough to keep their information safe. However, they don’t want to do this at the risk of alienating tech businesses and forcing them out of the country.
Officials plan to create a business-friendly landscape by employing the kinds of innovation and policies, which, instead attract tech leaders to the UK. Balancing consumer and company interests isn’t an easy matter, however, so the report addresses how this can be done in real-world applications.
It’s clear that data is currency these days, but it’s not so clear how much it’s all worth. One study in the U.S. reported that one consumer’s information could be worth up to $3,000, though. The multi-billion-dollar industry built around selling data to companies is one that is likely to be around for many years to come.
When Facebook holds 400,000 pages of data for every one user on there, the opportunities are endless. The taskforce sees this as a tremendous chance for the country to grow its presence in the digital economy. MPs see Brexit as a way to cement its position as a world leader in data. Using a blend of reforms that facilitate efforts without endangering the public, this could be the UK on the precipice of wide-scale growth.
One of the proposals of the report is to reduce the need for human review. This would allow companies to use Artificial Intelligence (AI) as a stand-in to help automate particularly time-consuming tasks. GDPR does not forbid AI, but the number of restrictions around it may make it seem that way to some people. The limitations and vague language may even lead to companies choosing not to use it altogether.
In one study conducted by DataGrail (referenced in Headline Proposal 7 of the taskforce report), nearly half of all decision-makers reported working more than 10 days a year to sustain GDPR compliance, with 12% spending over 30 working days per year.
Frustrated or tired employees reviewing endless information isn’t necessarily better for the company or the consumer. In fact, it could lead to the kinds of mistakes that would land all the parties in a compromising position. New regulations would free up some of that time to focus more on consumers and clients, allowing for better transactions and fewer complaints.
Consent is a major part of GDPR, one that prompts people to consider how their data is being used and if this is acceptable to them. Yet consent can be a tricky topic, one that is not always well-defined, according to GDPR. The Taskforce on Innovation, Growth, and Regulatory Reform points out that these murky rules have stifled innovation and growth.
It also points out that these measures haven’t really helped the consumer. If a person needs to consent to use Google, it’s unlikely that they’re going to switch search engines because they don’t want the company to use their data. Most people are so used to using certain platforms, largely because they’re incredibly effective, that it might not even occur to them that they have another option.
In other words, it’s not as much of a choice as GDPR officials would have you believe. A new framework could potentially weaken the hold of many of the Big Tech names in our society, freeing up more space for the kind of competition that drives innovation. It’s a chance to introduce new options to the consumer, ones that don’t compromise the user experience.
Not all data sharing is detrimental. The report points out that sharing in sectors like healthcare or public services can have immeasurable potential to uncover any number of trends in the country and around the world.
AI evolves every year to become more reliable at predicting patterns, but it needs troves of data to do so. For instance, dermatologists might use a database of images analysed by AI to better detect skin cancer.
Most people would willingly give up some of their data to protect the public or to improve services or products. In fact, many people are pleased that their interactions are becoming more personalized based on data sharing. Instead of receiving information or offers that aren’t relevant to them, they’re now getting a tailor-made response to issues or needs they may have. The problem essentially boils down to how consumers are informed and what they need to authorise the use of their data.
The report points out that the safeguards on private or sensitive data are still of paramount importance to the UK government. The taskforce acknowledges that big tech companies will collect and sell people’s data to access a service. Yet in order for people to have true control over their data, it will take more than clicking a single box after endless pages of fine print. This is often not genuine consent, but an exercise in impatience. Most larger tech companies are happy with this process. Again, the leaders of Big Tech companies understand that few people are going to delete the Amazon app because of a clause under GDPR.
The taskforce is therefore calling for a new framework that will put more emphasis on how data is being processed and whether it’s in the interest of the person who owns the data. Instead of coming at this from a legalese perspective, the taskforce wants a more nuanced view of collection that ensures companies comply with the spirit — rather than the letter of — the law.
One metric the taskforce proposes (to determine whether or not the reformed framework is successful) is to end the use of cookie banners. The writers also want to ensure that the public truly understands how their data is being used and what kind of power they really have over their information.
The latter might come in the form of private organisations that consumers could turn to, known as data trusts or fiduciaries. These groups would essentially store, authorise, and negotiate a person’s data in much the same way a financial trust would.
The taskforce points out that these “data trusts” could make it easier for consumers to make more sweeping decisions as to whom they choose to disclose information. Instead of having to answer questions on every website, a trust might intervene to save the consumer time and hassle. This could even open the door to helping people derive real incentives from their information, similar to how an inventor or creator might make royalties off their intellectual property.
There are plenty of opportunities in breaking away from the GDPR. The UK is attempting to create regulations that address many of the practical problems with current regulations. There are also some ideas that are potential disrupters for the status quo of business these days. Instead of Big Tech being allowed to take over, the UK is looking at how new policies can help startups get a leg up in a competitive industry. All of this can be a way for the country to expand its growth while ensuring consumer protections remain rigorous.
PrivIQ has created software that covers eight key regulations representing nearly a quarter of the global economy. We’ve added a number of new data protection regulations in the process to ensure our clients are safe from violations. While the taskforce is only proposing changes, we’re following the arguments and tracking the responses to understand more about how we can help clients prepare. If you’re interested in learning more about how the right software can make a huge difference to your bottom line, contact us to learn more about our services today.
GDPR has been in effect for three years now. We'll look at how it's fared globally and what companies can expect moving forward.
One of the many significant changes brought about by GDPR was the data subject’s greater right of access to personal information. And that is...
On 7 August 2017 the UK Government committed to a new Data Protection Bill that will bring the UK’s laws into line with the EU’s General Data...