One Month Later — What was GDPR even about, and why we care

A little over a month ago, we were all hit with the same ubiquitous message. Dozens of emails with practically the same wording. Through e-mail, pop-ups, even regular old snail mail, every single one had the same message, “We’ve updated our privacy policy.”

May 25 2018 was the official date in which the General Data Protection and Regulation (GDPR) act was implemented, two years after the EU first voted it in. While GDPR may have seemed like a response to the Facebook/Cambridge Analytica debacle of just a few months ago (anyone remember?), it was actually a deadline many corporations, big and small, have been racing towards for years. The reality is that European governments have been cracking down on privacy long before Zuckerburg had to stand (he was actually sitting) before the Senate.

As a Canadian company, we are already very familiar with some pretty advanced privacy protection and anti-SPAM regulations impacting us as well as companies serving Canadian citizens, so we found that in spirit, GDPR made sense. What’s different about the GDPR then? How did it pressure internet tech giants and countless other web destinations into spending countless hours and dollars auditing their privacy practices, restructuring privacy policies, creating clearer consent standards, and communicating with millions of now less-than-thrilled customers?

Today our personal data, and the data-enabled services we use, are inherently intertwined privacy and any consensual compromise we make on it. We partake in social networks online, bank online, book online, entertain ourselves online, buy online, even date online — enjoying the time savings, comfort, mobility and numerous other benefits enabled by a huge variety of communication technologies. Almost every aspect of our lives leaves a data trail for service providers and other platforms to mine, analyze, tailor their services to, or monetize through partnerships with other organizations. Most of the time, we bask in ignorance and check the “I agree to all the above” box at the terms and conditions screen. If we are aware of the privacy we are giving up, we do so in exchange for a benefit we typically get for “free”. As the saying goes “If you’re not the customer, you’re the product”.

And that’s all because we need to share data. Many of the systems that provide us with key services rely on it. For example, services like Google Maps navigate us and at the same time share our location and progress to help Google estimate our travel time. When applying for a credit card or borrowing funds for a house, a car, and even smaller purchases, our credit scores are fundamental to prove we do not present an unreasonable risk for the lenders. Credit scores are the product of various financial institutions and merchants collaborating to derive an analyzed and aggregated result about us.

Every now and then we get a big scare, like Cambridge Analytica or the enormous credit score breach of 2017, but we all come right back to the same systems with not much outward change to them nor substantial consequences for a company that either purposefully abused our trust or was negligent in some way. (In case you were wondering, the probe into Equifax didn’t amount to much and Facebook stock is now at its all-time high.)

Companies have always had the responsibility to use and share data responsibly. The GDPR raised the standard for trust higher and the consequences for breaching that trust are much more painful.

Why do we care about this topic?

Our company, Plasmatic Technologies, harmonizes data from multiple sources to generate whole-home insights. Those insights help homeowners improve their comfort, live safer, stay ahead of property issues requiring their attention, be more efficient in their use of power or water, and save money in a variety of ways — from reducing their electricity bill, being rewarded with lower insurance premiums, receiving special offers on home maintenance and more. The information we leverage spans the myriad of smart home devices consumers have in their home, their use of an app on their mobile devices, and other information shared with us by their service providers.

It’s no surprise that according to research by Accenture, 78% of customers would be willing to share personal information with their insurer in return for benefits such as lower premiums or quicker claims settlement (Accenture). The delivery of such benefits necessitates access to various data resources with explicit approval of users, which means that customers must prove to customers that they are trustworthy and transparent with all data collection.

The bottom line is that people still care about privacy, and good service providers care that their customer’s data stays reliably protected. If at any point users want to opt-out from sharing data and discontinue the benefits of services they receive, they need to be able to do so as smoothly and transparently as possible. Hopefully GDPR brings everyone in-line with these principles, even those that would otherwise play fast and easy with the rules.