GDPR : A FAST CHECK ONE YEAR LATER _ JULY 2019Anne Cagan – Editor in chief Journal du Geek
Translation from original content.
“Ambitious, the General Data Protection Regulation still suffers from a “readability” lack. However, it represents a highly symbolic advance, so much so that the EU regulation could become an international reference.
How it applies, works remains a mystery to many of us. But it has been a year since the GDPR exists. Behind this austere acronym (for General Data Protection Regulation) lies an ambitious framework. The GDPR has in particular:
- framed the conditions under which users consent collection must be done (no pre-checked boxes, no ambiguous formulations …)
- extended group action to reparation
- imposed to companies that are victims of hacking or security breach that may expose personal data to warn supervisory authority
- increased the ceilings for the penalties that can be imposed on companies (fines for infringements on the subject of data protection can now be EUR 20 million or 4% of the global annual total of the previous financial year)
But this well-thought frame still suffers from a lack of “readability”. Even though the pop-ups who are responsible for collecting our consent simply provide access to documents that explain much more clearly than before data collection contours, it is not always easy to understand the implications. “It’s all about, ultimately, knowing if you want to receive personalized advertising. It will be considered interesting by some users – the offers posted are more likely to interest them – but unpleasant by others who find it too intrusive, says Benoît Oberlé, CEO of Sirdata. It should be noted, however, that standard advertising pays 5 times less websites than personalized advertising. A parameter to keep in mind if some of your favorite websites are funded through advertising in order to maintain access to their free offer, especially since we can change our mind at any time. Legibility information and the choices offered to the users will be crucial for the GDPR to reach all its objectives. It will serve not only Internet users but also businesses. Recent controversies (the one around the Alexa assistant for example) show that if users accept a framework without understanding it, when they finally discover product’s functioning, the backlash can be severe.
Although the GDPR has not yet reached its full potential, the regulation represents an important and highly symbolic step. It proves that “jungle law” is not the only option. As sensitive as the subject of the protection of personal data, it is quite possible to imagine and put in place a regulation. If the European Union was precursor on the subject, it could also be joined soon by other countries. The recent scandals that have erupted around personal data management (Cambridge Analytica case, etc.) have indeed led web giants to review their position. Facebook and Google have also publicly called for the adoption of regulations inspired by GDPR in more countries.