Monday, 5 august 2019 | Redacción CEU
Can you imagine someone constantly knowing what your mood is, where you are, who you are with or what the last purchase you made was? That person would at least disturb you. Users throughout the world generate approximately 2.5 quintillion bytes of new data per day on the Internet, but are they aware of who owns their data and what it is used for? Cases like Cambridge Analytica or Ashley Madison have been crucial to raise awareness about the real value of data. Data has become one of the greatest assets of the 21st century, since, with them, you can predict trends, improve strategies and design ads, but they can also be used for bad purposes such as cybercrime or the dissemination of fake news. Are we prepared to protect our privacy in our daily network activity? Are companies prepared to ensure the protection of our data?
Just a few weeks ago, FaceApp became the trendiest application. Millions of users could use it and check what they would look like in the next decades thanks to its "aging filter". It was a curious and realistic entertainment that aroused great interest among users and, as a consequence, it led to its quickly viralization. However, a short time later, the controversy broke out.
As the ABC newspaper explains in a detailed article, the debate arose as a result of the fact that FaceApp, the rest of the companies of the Wireless Lab group (the firm behind the well-known application) and its affiliates reserved the right to use the information that users provide, as well as the pictures they edit. This information could be used for commercial purposes, although the members of the app claimed they would not sell this data to third parties without their users' consent. This controversial and questionable transfer of data has reopened the debate about how data is being used on the network and where the limits of privacy should be set.
Situations like this could be avoided in part if, before using an app or social networking site, users read the terms and conditions of use carefully. The problem is that the "small print" of these services is usually long, boring and complex –despite the fact that the current General Data Protection Regulation (GDPR) forces these texts to be more understandable–. Hence, most users end up getting carried away by their confidence and do not reflect wisely on the implications of the registration or use of this type of digital services. Unfortunately, some companies do not comply with the legal requirements of data processing and, when they do it, users often disagree with their policies, but they are simply in the dark about it.
While it is true that the defense of privacy is one of the great battles of this era, it is also true that in recent years positive steps have been taken in this regard. In 2016, the GDPR entered into force, although it was not effectively applied until 2018. This regulation has managed to give a boost to data protection at a global level, as it tends to apply not only in the EU territory, but also beyond its borders. Companies that operate in community territory must adapt to it, if they want to work there. The fine of more than 204 million euros of British Airways can serve as a deterrent.
However, a recent report carried out by RSM –a tax, audit and consulting organization– has revealed that 30% of European companies do not comply with this regulation. After more than a year of application, only 57% of respondents (businesses from 34 countries, most of them with an average turnover of less than 100 million euros) ensure their business meet the stipulations. The remaining 13% have doubts about whether they are complying with the regulation or not.
With regard to the reasons why companies would not be complying with the requirements of the GDPR, RSM's survey says that 38% of them do not understand when consent is required to hold and process data, 35% do not know how to monitor their employees' use of personal data and 34% are unsure about the right procedures to follow in order to warrant that third parties also comply with law.
It is not all bad news. Although the study suggests that many businesses are not up to date with this regulation, it also defends that the GDPR has a positive impact within the European Union. Almost three quarters of respondents admit that current legislation has helped their companies to improve the management of their customers' data. 62% of them claim that their investment in cybersecurity has increased after GDPR. Undoubtedly, as technology development advances, so do the risks that both companies and users face.
The legal sector has a crucial role in this unprecedented stage of digital development. Lawyers need more than ever to have a solid knowledge of new technologies, both in a legal and a technical way. Only in this way can they understand the current and upcoming context, as well as address the new legal realities with conviction and success. CEU IAM's Master in Legal Tech has been specifically designed to accomplish this difficult mission. It is a Master's Degree aimed at training new technological lawyers through a program based on real knowledge and experiences and with the help of remarkable professors. Ask for further information!