2018 And Beyond: The Collision of Tech, Regulation, and Data
The messy convergence of technology, regulation, and data was the ever-present theme of 2018.
We had sketchy data practices and security breaches causing billionaire CEO’s to testify in Congress. GDPR pledged to bully tech companies into giving us back the ownership of our data but hasn’t yet done anything of note. Net neutrality came under attack by a demographic that still uses flip phones and doesn’t understand the difference between wifi and email.
New applications of technology like artificial intelligence scared people into thinking their jobs are all but lost and are destined for a future similar to that created by Skynet. New fundraising methods blasted blockchain and crypto into the mainstream media and the hearts of scammers.
In 2018, many of the most important storylines in tech were located at the intersection of technology, regulation, and data. Optimists can point to GDPR privacy protections, the development of decentralized and open-source technologies, and government scrutiny of and actions against tech giants like Broadcom and Facebook.
Pessimists (and realists) still lament the current data collection practices of corporations and are wary of how they will change. They realize decentralized technologies brought with them a world of scammers, false expectations, hyperbole, and FOMO frenzy.
The public understands both the limitations of legislation and the danger of enabling outsiders to regulate technology practices and companies. The incompetence often presented by government elicits fear as much as it does hope for positive legislation for net neutrality, data ownership, and new financing methods.
Dozens of events, innovations, trends, achievements, and failures unfolded throughout the year contributing to these evolving themes and storylines. We’ll be exploring all of 2018’s major trends and activity but first, we take a look at the adoption of GDPR, and what it means for us in 2019 and beyond.
2018 marked the arrival of GDPR, the data privacy laws placing the most comprehensive requirements yet on the protection of personal data.
The legislation aims to give people better control and ownership over their personal data. Contributing to an accelerating movement to bring back data ownership to the consumer, individuals now (supposedly) have the right to dictate how organizations handle and use their data.
For more details on GDPR itself, check out this great 2000 word summary.
The Next Web also provides the following as a brief outline of the consumer rights provided by GDPR:
- Information about how your personal data is processed
- Obtain access to the personal data held about you
- Ask for incorrect personal data to be corrected
- Request personal data to be erased (e.g. when its processing is unlawful)
- Object to your personal data being used for marketing purposes
- Request the restriction of the processing of your personal data in specific cases
- Right to data portability
- Request that decisions based on automated processing involving you or your data are made by natural persons, not only by computer
The legislation applies to any company that may be handling data from EU citizens or residents, and in general needs to be followed by US companies with any type of potential transatlantic reach.
Unfortunately, the passing of GDPR brought along a number of confusing concepts up for interpretation. For example, how do we navigate the nuances of “ambiguous vs unambiguous consent” and “legitimate interest” — or define for every business process we have what data is precisely “adequate and relevant” to the purpose of its processing.
Being able to define and enforce these boundaries is incredibly important as the consequences can be massive with potential fines reaching the larger amount of either 4% of a company’s global revenue or €20 million.
Unfortunately what we have seen in practice so far pales in comparison to its fear-inducing maximum punishments.
Rebecca Hill of The Register writes “The figure makes great headlines, but so far, only three nations have made public fines under the new regime: Germany (€20,000 to a chat app), Austria (€4,800 for unlawful use of CCTV) and Portugal (€400,000 to a hospital for allowing staff to gain unlawful access to data).” These are incredibly minute slaps on the wrist when considering what the punishments could have been.
While GDPR’s impact in 2018 hasn’t been massive, it will surely be center stage as we move past the glut of security breaches and controversies major tech companies have endured throughout 2018.
Unfortunately, as we move past 2018’s failures and miscues things will probably get worse before they get better. Take a look at Zack Whittaker’s intro in his TechCrunch article on cybersecurity in 2019.
If you thought 2018 was a tough year for tech, 2019 is going to be so much worse. The groundwork we laid this year will roll over into the next, and that’s when things will start to hit hard, from new laws and political (in)decisions to privacy issues and how employees — not companies — will start to call the shots.
As I mentioned previously, 2018 seemed to contain more tech blunders, data breaches, and PR nightmares than seemingly possible. Below is a brief review of some of the lowlights.
Facebook CEO Mark Zuckerberg testified in court after revelations about Trump-linked Cambridge Analytica’s misuse of Facebook user data to sway voters in 2016 were revealed. Just one of many blunders, Kalev Leetaru
of Forbes recently writes how Facebook “allowed the photos of up to 6.8 million users to be improperly accessible to up to 1,500 different applications built by 876 different developers for nearly two weeks before the company noticed the security lapse and fixed it.”
He further questions GDPR’s ability to enforce data privacy when he writes “Moreover, the company’s nearly two month wait to notify data protection authorities after it became aware of the breach, in spite of GDPR’s 72-hour notification requirement, reminds us that GDPR is far more limited than the public understands.”
To dig deeper I recommend checking out NBC’s 2018 timeline of controversial Facebook events here.
Facebook, however, wasn’t the only company to fall victim to data breaches, legislation, and security flaws.
Social media platform Knuddels.de had 1.87 million username/password combinations and 800,000 email addresses exposed on text-sharing sites Mega.nz and Pastebin.
Danny O’Brien of Eff.org writes “They have quite the backlog already. Hours after the GDPR came into effect, Max Schrems (2016 EFF Pioneer Award winner, and the successful challenger of the EU’s privacy safe harbor with the United States) filed a series of complaints in his home country of Austria. Aimed at Google, Instagram, WhatsApp and Facebook, the cases revolve around the claim that these services gave customers no real choice in accepting the new privacy policies — which would be a breach of the tougher GDPR rules. In November, Privacy International filed another series of complaints aimed at the practices of Europe’s leading data-brokers, credit agencies, and ad-tech companies. It wasn’t just non-profits: the company behind the Brave browser also filed a GDPR complaint in Ireland, challenging the basis of the modern online advertising business.”
David Bisson reflects on 2018’s largest data breaches including Saks Lord & Taylor, PumpUp, Sacramento Bee, Ticketfly, Panera, MyHeritage, Under Armour, Exactis, and Aadhaar in which hundreds of millions of people were affected.
Even the smaller data breaches have reached millions of people. Dennis Green and Mary Hanbury reflect on 16 major brands and retailers that had been hacked and likely had consumer information stolen from them.
Tech giants are bracing for 2019’s expected crackdown on data abusers, negligent data practices and GDPR related investigations. We can only wait to see how the tech industry and our governments respond.
GDPR was just one of 2018’s storylines building a narrative around the convergence of technology, regulation, and data. I’ll be continuing to explore this theme as the week progresses and move deep into data and technology regulation, and the positive and negative outcomes we should expect in 2019 and beyond.
If you liked this article make sure to hit the clap below so others will see it, follow our blog, and make sure to sign up for our newsletter for more in-depth research, industry insights, and interviews of community leaders.