The European Union’s new General Data Protection Regulation (GDPR) is a far-reaching law and probably the best attempt so far to address the societal changes resulting from the explosion of data-gathering abilities made technically possible by the internet and mobile devices.
People on this side of the Atlantic Ocean are likely to have a negative impression of GDPR because it has been responsible for an explosion of extremely annoying pop-up notifications on thousands of websites. Since the law went into effect last year I have had to close several thousand pop-ups saying “This website uses cookies …” It is a requirement of GDPR that websites have to notify all visitors to the site if cookies are being used to track the user.
A more welcome example of the changes GDPR is bringing to the EU is that its citizens now have a right to know how their information is being used. For example, and this is entirely hypothetical, if a citizen of the EU applies for and is turned down for life insurance, he has a right to know why. Before GDPR the company could simply say he did not fit a profile, but now it has to be specific about the data that was used.
Under GDPR, the insurance company (again hypothetical) would have to reveal that, “our algorithm found the GPS tracking from your cell phone showed you made 23 visits to addresses in Amsterdam’s red light district last year staying an average of 43 minutes, confirmed with facial recognition, and your credit card records showed only two purchases for condoms last year, Trojan, three-pack …” You get the idea. From the vast quantities of very accurate personal data collected about all of our movements and spending habits, governments, advertisers, healthcare providers and others make assumptions that may or may not be accurate.
A lot of people hope that GDPR will prompt companies to reevaluate the need to use so much personal data and perhaps cut back on some of their most egregious invasions of personal privacy.
And before you write to your lawmakers advocating more laws such as GDPR in your country, stop to look at the situation with my hometown newspaper. The management of the website for the Marshall (Texas) News Messenger decided it was too much trouble to comply with GDPR and no trouble to block out all access to their site from users in Europe. If Mexico were to pass a stringent law guaranteeing Mexican citizens the same rights as EU citizens, Google and Facebook might decide it is too costly to comply with the law here and simply block out all users in Mexico.
If this ever happens, just remember it is always about $$$. In 2010, Google pulled out of China rather than agree to the censorship demands of the Chinese government. By 2017, Google was feeling the financial loss and reported to be working in secret with the Chinese government to rectify matters.
Charles Miller is a freelance computer consultant with more than 20 years IT experience and a Texan with a lifetime love for Mexico. The opinions expressed are his own. He may be contacted through his web site at SMAguru.com.