​​What’s with all the requests for privacy updates?

So your inbox is probably getting bloated with lots of emails from companies asking you to review their new privacy conditions and terms of service. The reason is of course the looming deadline for implementation of the General Data Protection Regulation or GDPR as its commonly known. So what is it and why should you want to learn more? If you want the full version from the EU Commission the long read is here. But in brief:

  • Companies must make sure that any data they hold on you is up to date and accurate.
  • Companies should evolve into responsible stewards of information instead of only data managers”
  • You have the right to opt-out of automated profiling
  • You have the right to get your data (known as a subject access request)
  • It must be as easy to withdraw your consent as it is to give it

Sounds fairly simple right? Except getting to this point has been a long and arduous road involving lots of negotiations. GDPR legislation was first proposed by the EU as far back as 2012. There is a useful timeline here which will give you a sense of the complexity.

As a former member of the European Data Protection Supervisor’s Ethics Advisory Group our next Federation Presents speaker Aurelie Pols has been watching and contributing to the emergent GDPR landscape for quite some time. While for some observers GDPR is all about legislation catching up with technology Aurelie has a different take according to an interview she gave last year:

“I’m not sure the objective of the law is to catch up with technology. If one had to frame the reason for legislation, it would probably encompass the ideas of protecting people, enforcing Rights, solving conflicts, and indeed ultimately regulating society, one way or another. With the GDPR, we are moving beyond the premise of protecting the data companies are entrusted with, reintroducing the individual into the data equation if you will, underlining some of our Fundamental Rights. This piece of legislation addresses consequences on “human dignity” technology is bringing about for EU citizens”.

So a less technocratic take and more a societal view. But what does society itself really think about data privacy? Turns out its a more complex picture in reality. The Stanford Business School recently published an interesting report on the subject. The authors offer three key takeaways:

  • The effect small incentives have on disclosure may explain the privacy paradox: Whereas people say they care about privacy, they are willing to relinquish private data quite easily when incentivized to do so.
  • Small navigation costs have a tangible effect on how privacy-protective consumers’ choices are, often in sharp contrast with individual stated preferences about privacy.
  • The introduction of irrelevant, but reassuring information about privacy protection makes consumers less likely to avoid surveillance, regardless of their stated preferences towards privacy.

So basically its back to the convenience point — if there is friction involved in choosing privacy then consumers are less likely to make better privacy choices. Have a look at some rather surprised New Yorkers when asked to re out loud the terms and conditions for some of their phone apps.

It’s great to have regulation but if we are not prepared to change our behaviours then the regulation may not be able to protect us as it should. If you want to learn more about this important stuff then join Aurelie for her talk at the Federation. After her keynote we will be joined by

Chair Catherine Brien Data Science Director at the Co-op

Tim Sleap Director Insight Pricing and Personalisation at the Co-op

Bill Wilson Data & Analytics Capability Lead Kainos

Tickets available here