GDPR is a growing concern for businesses. As we hear every day, there are potentially big fines for non-compliance.
But today, I want to talk about why data protection is important even if there were no fines or sanctions.
Put aside your job and your business for a moment.
Think about this as an individual.
Current data protection law dates back to 1995.
In 1995, mobile phones were rare, the internet was not commonly used and social media was not yet invented.
Since then, things have exploded.
Now we find ourselves in a world of possibilities, where:
- Your activity on Facebook could influence the cost of your car insurance. Click here for the Guardian story.
- Your online searches could put you on a dissident watchlist, and you may never be told. Click here for the story on the Guardian newspaper website
- Your mobile phone could be telling one of the largest organisations in the world your location at all times, without your knowledge or consent. click here for the Guardian story.
- You could be buying toys for your kids that could allow others to spy on them, listen to them, and talk to them. Click here for the story on Engadget
- An internet site could tailor what you see based on your mental & emotional state. Click here for the story in the Guardian newspaper.
- Your TV could be allowing others to listen to your conversations at home. Click here for the story on CNET.
“So what? This is just about Google and Facebook showing us ads and promoted posts.”
Yes, ads and suggested content are the most visible ways technology is influencing our every day lives.
But analysis and prediction based on our personal data can lead us to many places:
- Based on what you viewed, we predict you will buy this.
- Based on what you like, we predict you will like this.
- Based on what you said & thought, we predict you will be influenced by this.
- Based on where you were, we predict you are meeting with these people.
- Based on what we think you did, we predict you will do this.
- Based on what we think you thought, we predict you will think this.
Anyone remember the movie ‘Minority Report’?
Who is making these predictions?
What if a prediction is wrong?
What is the impact on you?
And will you even know?
“So what? This is all about Facebook and Google. It’s not important to most businesses.”
It’s not just about the big US corporations. Just think of data that you would not like others to see:
- Would you be happy for an unsubstantiated allegation of shoplifting when you were a teenager to prevent you getting a job in childcare when you are in your 30’s? This happened to someone in Ireland.
- Would you be happy for your medical information to be found on the street of your town? This happened to people in Louth.
- Would you be happy for your work colleagues to know all about your salary and bonuses? This happened to Bank of Ireland staff.
- Would you be happy for details of your finances to be left on a train? This happened to AIB customers.
These are all real-world, simple examples of what can happen when someone who has data about you does not treat it appropriately.
Personal data is data about you.
It is who you were, who you are and who you might be in the future.
Your personal data is yours.
Data protection is about protecting you.
“So what? I have nothing to hide.”
Maybe you don’t think you need to have your data protected because you have nothing to hide.
It’s an interesting perspective.
Are you really willing to allow everyone to see their medical data and salary information?
Would you really be comfortable with your wife / husband / mother / daughter / father / son seeing every search you’ve performed, every page you’ve viewed, and every location you’ve visited without being able to explain the reasons for your actions?
Recently, a good friend of mine asked me for help. He admitted he had a growing problem with online gambling. His finances were in a bad state; his relationships were also suffering. And he asked me for help.
I did what anyone would do – I searched online to try to find advice that could help him.
And then I had a thought: Would I be happy for my bank or my family to see this in my search history, without being given the opportunity to put it in context?
What do you think?
What would you do without data protection?
If you thought your bank, your government or your loved one could see all of your activity, what would you do?
History tells us that even a reasonable person would change their behaviour.
You would assume that everything you read, said, thought and did was being analysed and could have unknown consequences.
You would be careful what you do, even at home.
You would have no privacy.
You would have no control.
You would have no freedom.
Luckily, privacy is not yet dead. Your privacy is yours to control.
Privacy is not dead.
We just have different points where we choose to draw the line between what we want to share and what we want to keep to ourselves.
But it’s your choice where you want to draw the line. Not someone else’s choice. Your choice.
Your personal data is valuable.
You should want organisations who have it to protect it.
Data protection laws obliges them to do so, or face significant consequences.