• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » Privacy » Why GDPR must evolve and adapt to the changes ahead

Why GDPR must evolve and adapt to the changes ahead

by Neil C. Hughes
28 May 2020
in Privacy
0
europe map and GDPR sign
50
SHARES

It has been two years since the general data protection regulation (GDPR) promised European citizens greater transparency between the data controllers and online users that had unwittingly become data subjects. Although it’s easy to look back at our past through the rose-tinted virtual glasses of nostalgia, online privacy has arguably taken a turn for the worst.

The biggest casualty of how businesses have interpreted GDPR is the user experience of the web. In a digital world of online demand entertainment and one-click checkout options, almost every industry is desperately trying to jump on the experience bandwagon. But manipulative cookie “consent” notices have succeeded in taking all the fun out of browsing the web while also undermining the European Union’s privacy rules. 

Dark pattern design

The arrival of the so-called “cookie walls” forced users to jump through a series of hoops via additional clicks. Ultimately, the viewing of content is contingent on users consenting to be tracked. Unfortunately, none of this is by accident. Dark pattern design combines friction, manipulative timing, and persuasion techniques to ensure that it’s business as usual for data controllers.

Time is the new currency, and instant gratification is our ideal destination. When we need information quickly, we don’t have time to read through a long list of terms and conditions. Most of us will admit to skimming through notifications or popups before furiously clicking and tapping yes to everything to get where we want to be.

Another example of deception and dishonesty by design is the dreaded task of trying to unsubscribe from an email mailing list. Multiple clicks later while navigating through confusing menus and having to reaffirm your desire to opt-out is not a task for the faint-hearted. Cookie alerts were supposed to improve our privacy online. But there is an increasing argument that many implementations are designed to do the opposite.

Is GDPR inadequate for contact tracing apps?

Gathering data for contact-tracing should be protected by the fundamentals of GDPR. What data is captured? Who can access the information? Finally, how will the data be deleted once the system is no longer needed? At a time when the global community is uniting to beat the Coronavirus, many will deem their safety as more important than privacy. But others will see this an opportunity to make a power grab.

When it first came into force, GDPR represented the toughest data protection laws we had ever seen. But two years later, there is an argument that it’s unfit-for-purpose because it cannot protect citizens against the increasing privacy concerns and risks of contact-tracing apps in its current form.

What happens in the post-pandemic world when the contact tracing app has been deleted? In the U.K., it has been suggested that the app data will be kept for research purposes. Governments harvesting data of its citizens for use beyond the global pandemic should set off a few alarm bells about the dangers of stumbling into pervasive state surveillance.

More bark than bite?

In September 2018, British Airways notified the ICO of a cyber-incident that that enabled hackers to compromise and harvest the personal data of approximately 500,000 customers. Investigations resulted in a fine of £183.4 million ($230 million). The Marriott group also reported a breach in November 2018 resulted in a £99 million ($124 million) penalty against the company.

However, constant delays in the payment of the fines have prompted some analysts to label GDPR as a toothless tiger. A study published on the second anniversary of the data protection regulation reveals it’s a lack of resources that prevent greater enforcement of the GDPR. Something needs to change.

Despite the negatives, we shouldn’t underestimate how the arrival of GDPR ushered in much-needed change across multiple industries. Implementing sanctions against companies that violate our right to privacy was a huge step forward in the name of progress.

The challenges ahead for GDPR

During the last two years, we have witnessed the demise of the web user experience in the name of user privacy. Ironically, it’s now governments rather than tech companies or businesses that are advising its citizens to download apps that will track their every move for the greater good. 

Cookies, consent, and user experience have become the biggest disconnect of our digital world. The friction and frustration of tediously clicking “I accept” has no place in the so-called experience economy. The good news is that Google has vowed to remove third-party cookies from its Chrome browser within the next few years. Media owners and the digital ad industry will be forced to reinvent themselves and explore innovative ways to monetize their content.

Finding a user-friendly and identity-based alternative is going to take much longer than many initially thought. GDPR was undoubtedly a great starting point and has had a significant impact on businesses by getting them to tackle the elephant in the room. How we all view human security and online privacy has completely changed in two years, and for the most part, that can only be a great thing.

Looking to the future, individuals, businesses, and indeed legislation such as GDPR, must continuously evolve and adapt to thrive in a digital age. As emerging technology continues to change the online landscape, we are also unwittingly creating further challenges that will require a regulatory response. 

Contact tracing apps and the building of smart cities are just a couple of examples that highlight how we need to take responsibility for our tech creations. We are a long way from global citizens becoming the owners of their personal data, but maybe this is a timely reminder that GDPR is a journey, not a destination.

Share50TweetShareShare

Related Posts

Uploading on mobile screen and Data Protection on desktop screen

Privacy and data protection trends in 2021

20 January 2021
An unintended consequence: can deepfakes kill video evidence?

An unintended consequence: can deepfakes kill video evidence?

14 January 2021
Red Personal data drawer

Is your data your personal property?

13 January 2021
Data collection cheat sheet: how Parler, Twitter, Facebook, MeWe’s data policies compare

Data collection cheat sheet: how Parler, Twitter, Facebook, MeWe’s data policies compare

12 January 2021
Next Post
Astronaut in space

Launch delayed: why this weekend’s SpaceX launch is so historic

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    83031 shares
    Share 83021 Tweet 0
  • 8 best cybersecurity podcasts for 2021

    56 shares
    Share 56 Tweet 0
  • Best alternatives to Gmail to protect your privacy

    454 shares
    Share 454 Tweet 0
  • Facebook is tracking you: learn how to delete all Facebook data

    56 shares
    Share 56 Tweet 0
  • How to find what Google knows about me and get back my privacy?

    0 shares
    Share 0 Tweet 0
Elon Musk

Elon Musk to offer $100 million prize for ‘best’ carbon capture tech

22 January 2021
Is there life on Mars?

Is there life on Mars?

22 January 2021
Covid-19 vaccine

Covid vaccines are now an excuse to launch phishing attacks

22 January 2021
Alphabet shutting Loon, which used balloon alternative to cell towers

Alphabet shutting Loon, which used balloon alternative to cell towers

22 January 2021
what is wireguard

WireGuard protocol: everything you need to know

22 January 2021
Parler loses bid to require Amazon to restore service

Parler loses bid to require Amazon to restore service

22 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • In the News
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!