5 Misconceptions About Data Privacy and GDPR

Privacy can be an expensive business.

On July 10th, the Information Commissioner’s Office (ICO) — the data watchdog for the United Nations — handed out major fines to both Marriott and British Airways. The fines, totaling about $300 million, are some of the largest under the General Data Protection Regulation, or GDPR, which was put in place to better safeguard the privacy and data of European citizens.

No one working in the location data industry needs me to tell them about GDPR. Since it was implemented in 2018, GDPR has impacted every facet of the location data space. Facing the threat of heavy fines, companies have scrambled to make sure all of their data collection is up to snuff. In turn, an entirely new industry has arisen based around assisting with GDPR compliance.

Now that the GDPR has been around for over a year, and with the CCPA (a similar regulation from California) just around the corner, I’ve decided to set some facts straight about data privacy, and why it should matter to developers, and to you. With no further ado, here are the five biggest misconceptions about data privacy and regulation.

1. GDPR only applies to companies from Europe.

Like most of the misconceptions here, this one seems at first glance like it should be true. Yes, GDPR was designed specifically to give citizens in the European Union more control over their personal data. But this doesn’t mean that companies operating outside the EU are exempt. Any company that collects data from EU citizens, regardless of where that company is headquartered, must comply with the GDPR., Otherwise, they risk the same hefty fines as European companies — either $20 million or 4% of global annual revenue, whichever is higher — . The bottom line is, if your company handles any data from European citizens, you need to up your GDPR compliance game.

2. Since the GDPR was passed, the conversation about data privacy and regulation is over now.

While GDPR has made significant strides in regulating a formerly-dubbed “Wild West” industry, there are still a lot of details to iron out. Besides the ongoing debate about the effect of the GDPR — did it go too far? Or not far enough? — there is also the CCPA, ePrivacy, and other similar legislation looming in the near future. In addition, the mechanics of GDPR enforcement, the logistics of compliance for companies of all shapes and sizes, the importance of privacy as a fundamental right…. A lot of ink has been spilled on these topics, and a lot more is sure to come.

3. Regulation will suffocate the data industry.

This is probably the most nefarious mistruth out there, but it’s not difficult to see why it’s so popular. For companies that make most of their revenue off of collecting and selling user data, there is an obvious incentive to loosen regulations. That attitude is ultimately not only just bad for consumer privacy but also for the entire Location Data industry. While exploiting loopholes in the regulations may increase revenue in the short turn, it will lead to punitive action and public mistrust. It is only by embracing the transparency regulation requires that our industry can develop data-driven solutions to benefit everyone. At X-Mode, all of our data is collected in a privacy-conscious manner. We also help all of our partner apps become compliant. We recognize regulation as a stepping stone to greater innovation, not as an obstacle to progress.

4. GDPR and other attempts at regulation will never work in the long run.

Not everyone in the industry is opposed to GDPR. With the regulation’s enormous scope and dramatic fines, many predict that GDPR is a largely toothless policy that will have a little actual effect on the industry. I disagree. Since GDPR went into effect last May, from May 2018 to January 2019 nearly 42,000 data breaches were reported to the ICO — double the amount of the previous year. Clearly, GDPR has already inspired companies to improve their transparency. Yes, the legislation is far from perfect. But it’s a step in the right direction, and the fines aimed at Marriott and British Air show that it is far from toothless.

5. I don’t need to really care about data privacy.

This is the biggest misconception of them all. Whether you are an app developer, a data buyer, or a non-techy user, data privacy and regulation will have an impact on your life in the years to come. As we enter the Fourth Industrial Revolution, location data and data intelligence are poised to impact every aspect of life, from the morning commute to a trip to the mall. This future can either be built on the back of transparent, privacy-compliant data that works for everyone, or it can be controlled by bad actors who refuse to comply. Which sounds better to you?

At X-Mode, we know which future we prefer. That’s why we prioritize privacy and transparency in all of our data collection and help our partners to achieve full GDPR compliance. For a company like X-Mode, where data serves people instead of the other way around, regulation isn’t a dirty word. It’s a golden opportunity.

By: Joseph Green

Joseph is currently a student at Emerson College, where he studies Visual Media and Communication. As Content Creator, Joseph develops engaging content via blog posts, push notifications, and ad-copy. Joseph also draws upon his research skills to help contextualize the company’s place within larger technological and social trends in the industry.