January 28 was International Privacy Day, the perfect day to explore the impact of GDPR on the protection of privacy in the post GDPR era. A bit over 6 months ago, on May 25, GDPR (General Data Protection Regulation) became enforceable all over Europe. The GDPR aims primarily to give control to individuals over their personal data. It also addresses the export of personal data outside the EU and EEA areas. As a breach of GDPR might result in sanctions reaching up to 4% of the previous fiscal year’s turnover, one would think that the main concern of companies would be to comply in order to avoid facing fines. Yet, Bart Willemsen — Senior Director Analyst at , commented at the January 28 “2019 Privacy Predictions” event in Tel Aviv, that, to his surprise, companies’ fear of sanctions was only the third on the list of preoccupation when looking at overhauling their privacy governance. Gartner Photo by Tumisu Though some companies simply window-dressed their websites by simply modifying their terms and conditions to appear to be GDPR compliant without modifying anything in their data collection and storage mechanism, organizations that are serious about granting their users’ privacy the respect it deserves have more pressing concerns than simply avoiding sanctions resulting from non-compliance with GDPR. Foremost amongst those concerns is losing customers, from two very different angles — Displaying an unwelcoming privacy UX that would drive users away, or experiencing a catastrophic data breach that would tarnish the company’s brand name. One of the side-effects of GDPR implementation was the proliferation of intrusive pop-up windows requesting users’ consent, depreciating the initial investment in UX design. Optimizing user retention in GDPR age should integrate dedicated Privacy UX as a fundamental part of design development rather than mimic the corrective solutions that dominate user interface today. exposing dozens or hundreds of millions user’s info are increasingly making their way to the front page, with various degree of nefarious consequences for the affected people. Equifax debacle left victims open to identity theft and led to the subsequent financial ruin of several of them, Cambridge Analytica insidious snooping had a direct influence on election results, the Marriot Hotel breach is suspected to be at the hand of China for spying purposes. These are only a sampling of infamous security breaches that made the frontline. Catastrophic data breaches According to Limor Shmerling Magazanik — Managing Director at , such events are effective in raising awareness amongst the general public of the need to be cautious about clicking on anything and be aware of potentially suspicious content. However, online security is a low priority in the average citizen daily life which implies responsible organizations have to deflect potential exploits from users and employees alike. Israel Tech Policy Institute Illustration by TPHeinz On a political level, though the GDPR is compulsory in the EU and EEA (Europe Economic Alliance), its effect goes far beyond the borders of its administrative reach. As any companies wishing to conduct business with EU or EEA based counterparts are required to provide GDPR compliant data protection for data subject within that area, countries the world over are increasingly following GDPR model with some local adjustments. For example, Brazil basically copy-pasted its Portuguese translation and Kenya Data and Kenya’s Data Protection Bill is largely modeled on GDPR. In the USA, whereas Congress is more focused on the issues stemming from data security breaches, non-elected bodies such as the National Telecommunications and Information Administration (NTIA) are actively exploring the topic. NIST published a on developing an “Approach to Consumer Privacy” followed by a (RFI) seeking public comments on NIST’s efforts to develop a Privacy Framework. At State level, California made headlines last June when it enacted the California Consumer Privacy Act (“CCPA”), a comprehensive GDPR-like privacy law that will bring fundamental privacy protections to 40 million Californians starting in 2020 and several other U.S. jurisdictions are taking notable steps that will have privacy implications in years to come. request for public comments request for information Some countries, however, are not likely to embrace any such privacy concern any time soon. China and Russia approach of privacy are radically different from those of the Western World and, as international trade at a private level in their jurisdiction is limited by design, they have no economic incentive to enact GDPR like regulations. As the GDPR effect is gaining ground around the globe, organizations hoping for a global (minus China and Russia) standard to emerge will have to pay extra care to fine-tune their policies to be compliant globally despite the variations in privacy protection regulations. As the is maturing and the importance of controlling personal data is gradually permeating individual consciousness, proper management and of personal data is becoming increasingly significant. age of surveillance capitalism If you liked this article, feel free to clap generously and share with those of your friends who might be interested. Thank you

Amazon

Analytica

Zero-Trust Browsing to Reduce Cybersecurity Job Fatigue?

Are StableCoins Cryptocurrencies’ Savior or their Undertaker?

Privacy’s Expanding Frontiers 2019

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

5 Tips to Prevent Hackers From Stealing Your Crypto Assets

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

The Noonification: How the Liver Transplant System Changed Forever (11/25/2023)

5 Tips to Prevent Hackers From Stealing Your Crypto Assets

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

The Noonification: How the Liver Transplant System Changed Forever (11/25/2023)

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps