paint-brush
What the GDPR and California Privacy Act Means for Tech Companiesby@patrick-dunn
196 reads

What the GDPR and California Privacy Act Means for Tech Companies

by Patrick DunnAugust 23rd, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

The goal is to make money, and your data helps them do it. For decades, all of your online habits have been stored, bought, shared, transferred, and maybe even stolen by businesses and individuals. If a website's data is breached, visitors must be notified as soon as possible, especially if they're being deceived. There have been a vast number of cyberattacks recently, and when large tech companies like Facebook, Yahoo, and.. are breached, the number of. compromised data records can reach into the millions.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - What the GDPR and California Privacy Act Means for Tech Companies
Patrick Dunn HackerNoon profile picture

You may not know it, but companies are using your data as a commodity. For decades, all of your online habits have been stored, bought, shared, transferred, and maybe even stolen by businesses and individuals. 

Their goal is to make money, and your data helps them do it. 

Sometimes it's just to target you with adverts you may be interested in, but other times it's for more nefarious reasons. And the people who own your data can make lots of money off of it. 

In Europe, they put a stop to this practice by introducing the General Data Protection Regulation (GDPR). The European Union introduced the regulation on May 25, 2018. It's a legally binding framework that provides guidelines on how organizations and individuals can collect and process personal information and data of anyone who lives in the EU. 

An essential part of the regulation is that online visitors to your website from the EU must be given full disclosure of how you will collect, process, and use their data. Visitors must also give their full consent by agreeing. If a website's data is breached, visitors must be notified as soon as possible. The EU has been handing out hefty fines to sites who cannot uphold GDPR. 

Similar to GDPR, California's recent privacy law, the California Consumer Privacy Act (CCPA), was also years in the making, and it became law on January 1, 2020. The CCPA is a state-level law similar to GDPR, requiring that companies inform users how they plan to collect and monetize their data. Also similar to the GDPR, the CCPA must allow users to request the deletion of their data, and offer the option to opt-out of any data sharing or sales programs.  

Why is data privacy so important?

Data privacy is increasingly becoming a well-known issue, and data breaches can severely hurt a business's reputation. Not to mention the possible hefty fine for not implementing strong security safeguards and protecting data. 

Many companies collect data from their users and employ it to create better insights, such as developing new strategies and optimizing their revenue and profit growth. 

This is why data is a vital commodity in today's digital age, and companies are adopting fresh ways to use, share, and collect their user data. 

Due to this new drive by companies to harvest as much data as possible, it's critical that users are fully aware of how websites are tracking them, especially if they're being deceived

Some users are arguing that Google falsely advertised how Chrome's 'Incognito' mode prevented websites from tracking, collecting, and identifying data in real-time. It's generally known that Google tracks all behavior in Chrome, such as what users are reading and clicking on. 

But plaintiffs argued that Google cunningly used smart language to hide that it still collects data, and user activity is still visible to websites. 

How GDPR and CCPA Prevent Cyber-theft 

There have been a vast number of cyberattacks recently, and when large tech companies like Facebook, Yahoo, and financial institutions like banks are breached, the number of compromised data records can reach into the millions. 

Both GDPR and CCPA have requirements on how companies secure and respond to any breach of data, and can impose fines for any violations. GDPR penalties can reach as high as 4% of a company's annual turnover, where-as CCPA can issue a fine of several thousand dollars per file stolen. Either way, both regulations will help to ensure organizations implement proper security measures to protect their data. 

Internet users are often advised by online security experts to use a VPN when accessing the Internet to help ensure their data is encrypted and remain anonymous as much as possible. 

Doing so prevents companies from collecting too much data and can help avoid direct cyber-threats on their computer and smartphone. 

But even VPN providers aren't safe from threats. 

VPNs are Victims of Hacking

In October 2019, one of the most well-known personal VPN companies, NordVPN confirmed they were the target of a successful cyberattack. Somehow hackers gained access to one of their remote servers. 

And they're not the only ones. There have been confirmed reports that both TorGuard and VikingVPN were also compromised in separate attacks. 

If VPN companies are not tracking their users' activity and other data, there shouldn't be a cause for alarm. But it's recently been reported that popular ad-blocking apps and VPN companies are secretly collecting their users' data. 

Many smartphone users install VPN and ad-blocking apps without checking what they agree to. Sensor Tower, the owners behind over 20 ad-blocking and VPN apps, have slyly harvested data from millions of people who downloaded and installed their Android and iOS apps. 

The company was able to gain access by prompting users to allow them access to install a root certificate. Doing so allowed Sensor Tower direct access to all data, and traffic passing through the phone's network.

Conclusion 

Finding a secure business VPN is not easy. There are plenty of options available, but dig a little deeper, and you'll uncover just how many have broken their users' trust by using clever language to cover-up their shady practices, asking for dangerous permissions such as accessing call logs, location via GPS, or hiding breaches of data. 

For these reasons, it's essential to do your research before using any business VPN. Ensure it's secure, won't track your behavior, and won't ask for unnecessary permissions. For an example of a cloud Business VPN that won't violate your privacy and can encrypt your information and keep you secure. 

For the average internet user, GDPR and CCPA should mean they’re able to exercise greater control over how companies collect and use their data. By being able to opt-out and request all their data is deleted, gains have been made to put some power back in the hands of the user.