In March 2018 Data Protection came under international scrutiny like never before.
Cambridge Analytica, a firm which worked with Donald Trump’s election team as well as the successful Brexit team, was revealed by a whistle-blower to have harvested data of over 50 million Facebook users without authorisation. Despite the huge number, the data was roughly compiled from just 270,000 users agreeing to let a Facebook personality test app, Thisisyourdigitallife, collect their data for ‘academic use’. However, the app then subsequently harvested information on all the test-takers Facebook friends without their permission, expanding the data pool by more than 150x.
Although the unauthorised data breach was news in itself, it became a matter of international concern as it revealed that Cambridge Analytica used this unauthorised collected data to create a sophisticated software program to target and influence Facebook users for its client’s benefit. Its clients are two of the most hotly discussed political campaigns of the past two years – Donald Trump’s 2016 election campaign and successful Brexit campaign of Vote Leave. With the collated data Cambridge Analytica profiled individual users in order to target them with personalised political adverts, influencing their opinions in favour of their client’s campaigns.
With both of these political movement’s resulting in small marginal victories, the effect of this unauthorised data collection, and the targeted influencing which followed, may have directly affected the outcome of these internationally effecting elections and thus aptly Data protection and its use are of global concern right now.
Indeed, the subject of Data protection will stay in our news as by the 25th May 2018, the EU (including Britain) will enforce GDPR, General Data Protection Regulation, across all its member states. Fittingly, the GDPR is a regulation aimed at strengthening the rights of EU citizens concerning the use of their online data and its protection. It essentially wants to give control of data back to the user, as well as to unify data use regulations for companies across the EU. What’s defined as personal data includes names, IP Addresses, birth dates and any other collated data that can identify an individual. The GDPR brings with it new digital rights that helps combat unauthorised data use, and subsequently the practise of identifying and targeting individual users by companies such as Cambridge Analytica.
The Data Subject Rights include:
Users and authorities must be notified within 72 hours if data is leaked.
Right to Access
The need for explicit content for businesses to collect, use and process your data.
Right to be Forgotten
The right to have all your data deleted open request.
Introduction of Data Protection Officers
Larger enterprises will have to introduce a specific employee dedicated to data protection.
Privacy by design
Article 23: ‘The controller shall..implement appropriate technical and organisational measures..in an effective way.. in order to meet the requirements of this Regulation and protect the rights of data subjects’
Although the GDPR was introduced two years before the 25th May it will only become enforced this year and the fines for failing its requirements are substantial. Penalties of up to €20million or 4% of their global turnover, whichever is higher, will be passed down onto companies that don’t comply with its regulations.
Complying with these regulations is a must and as a digital agency we at Hare Digital, with our expertise in Web Design and software, know the huge importance and need for ‘Privacy by Design’ when it comes to website creation. Moreover, as an expert in Big Data we aim to keep aligned to GDPR’s new regulations as well as continuing to help other companies keep up to date with the ever-changing world of data use. Far more attention needs to be spent on data, its potential can be very significant for businesses and yet it must be used correctly and responsibility to maximise its potential without breaching our era’s new digital rights.