You are here

Jon Lebkowsky's picture

A Polycot Perspective on The GDPR and Data Privacy

On May 25, the General Data Protection Regulation (GDPR) became enforceable in the European Union. While it’s applicable in the EU, it can apply to organizations based outside the EU if they collect or process personal data of individuals located inside the EU. Because of this, the law has global influence. Without getting into specifics of the GDPR, this regulation continues the growth of strong support for privacy in the EU - more so than what we see in the US.

Data Privacy in 2018

We’re living in an era where concern for data privacy and probability of stronger protections has been increasing. The world recently learned that Facebook’s infrastructure and policies allowed developers of third party applications to harvest substantial personal data. This included psychographic data that could potentially be be used to target individuals with political ads, advertising and propaganda. The Cambridge Analytica scandal has shaken consumer confidence in the way our data is being collected and used. GDPR may be the first step toward an end of third party data brokers.

You should have ownership of your own data, and an ability to control how it’s used. That’s the philosophy behind the EU approach. There have been various organizations and initiatives in the US advocating for this approach, though strong regulatory protections have been balanced by commercial interests. The Federal Trade Commission (FTC), the government organization in the US that focuses on privacy issues, talks about Balancing Privacy and Innovation in a report from 2012.

While US doesn’t have strong privacy regulation like the EU, the FTC advocates best practices “to protect the privacy of American consumers and give them greater control over the collection and use of their personal data.”

Security and Privacy

How Polycot Associates Sees GDPR and Data Privacy

Polycot Associates takes data privacy seriously for our business and our clients. We participate in the EU-US Privacy Shield framework, and our Privacy Policy aligns with the Privacy Shield principles.

In 2014, I wrote an article, “Watching the Watchmen” for the Austin Chronicle. The article talked about the state of privacy at the time. Though the concern about privacy has increased, the US protections are not much better today. With the shift to the Internet of Things (IoT), data privacy becomes increasingly difficult to control. From that article:

“As commerce has moved online, data about consumers has become a commodity – bought, sold, and manipulated as an inherent aspect of market activity. Email spam was the first step on the path to more sophisticated and less obvious forms of data harvesting and marketing. The ultimate data-driven marketing systems are Amazon, Google, and Facebook, all of which use algorithms to drive marketing subtly but effectively into the user's social experience. While some activists deplore any involuntary use of personal data for marketing purposes, consumers are taking it in stride.”

At Polycot Associates, we believe that you should understand challenges to your personal privacy and be able to opt out of data collection by default, and control how your personally identifying information is used when collected. Any website that collects your data should have a easily accessible privacy policy that clearly explains how the data will be used and who will have access to it. Just as you should have to give consent for your data to be used, you should also be able to withdraw that consent. There should be visibility into the specific information collected about you and a way to correct errors in that information.

As you update your website’s privacy policy for GDPR, consider how you will implement data privacy rules and offer transparency to customers. If you would like to consult with us about how to set up the technology, then please contact us.