The recent data privacy scandal surrounding Facebook and Cambridge Analytica has opened up an interesting period of collective soul-searching regarding huge tech firms that operate utilizing “big” data. The overarching question that is being asked and, frankly, still needs to be answered is “what exactly does data privacy mean to us in the digital age?”
It is a ponderous question indeed. But US firms shouldn’t ponder too long. New regulations out of the European Union (General Data Protection Regulation or GDPR), set to begin May 25th, will be forcing the hand of many US companies in the wireless industry, especially if they already do business or have desires of doing business with EU residents.
Some US companies may be thinking that, in order to avoid altering their extensive data collection practices, a simple workaround addressing only users physically residing in the EU, may be the answer to the problems presented by GDPR. They will soon find out that those type of solutions might land them in hot water. Data protection has always been the gray zone of technology. We rely on it to improve advertising results, to sell products, to keep the mobile experience quick and easy for users, to protect countries’ security; but an over-lenience in how we preserve sensitive data and who has access to it has proven problematic and, at times, fatal.
Companies on both sides of the Atlantic Ocean are scrambling to comply with these stringent new data protection rules. In short, GDPR applies to any organization that holds or uses data on people inside the European Union, regardless of where it is based or conducts business.
GDPR comes to standardize who can collect data, what type of data they can collect, from whom and for what purposes, and on top of it all- to provide transparency. In light of recent Facebook’s ordeal, US legislators will be pushing hard for these rules to cross the ocean, forcing companies to standardize data collection rules across continents. In the past, the EU has been leading the way in other regulatory areas, food and health as examples, almost bringing imports of food and medicine from the US to a complete halt. US technology companies should avoid such situation at any price.
While the major tech companies try to work their way around the new regulations, by limiting their actual implementation extent, it raises one question- how does one differentiate between EU and non-EU users? In a dynamic world where we all travel and work globally, how can a company determine what label to place on me? It is quite clear how this individual-interpretation could land tech companies in hot water, and they are not the only players walking this path; this goes to show how complex this issue is.
GDPR will have financial repercussions on companies operating and serving users within Europe. From m-commerce providers to social networks, to online banking and insurance, they all need to inform users of their data-collection and maintenance practices and receive explicit approval from users to these. What that could mean is that millions of current users not receiving a mail or blocking pop-ups could miss these, potentially forcing the vendor to block or remove accounts from its database. The consequences here could be far beyond what the EU has signed up for, and the room for compliance interpretation of these leaves begs clarification.
So comes May 25th, how ready will most digital companies be? What will be the effect of the general confusion the new regulations present and what will it mean to companies’ bottom-line? And probably the most interesting question is, will privacy ever transcend cultures, business practices, and local laws in a way that ensures safe yet productive global digital ecosystem?
Gil Regev is the Chief Communications Officer for RGK Mobile, , an all-in-one integrated m-commerce, mobile marketing, and e-payment solution that shortens and streamlines the mobile content distribution cycle amongst mobile carriers, payment aggregators, content providers, and content distributors.