Trending in GRC News Stories: GDPR
What do the following events have in common – WhatsApp updating its minimum age of use in Europe, Facebook asking you to review how you are targeted with ads, and Google restructuring its cash-cow ad business? It’s General Data Protection Regulation (GDPR) – the European Union’s (EU’s) landmark data privacy regulation.
GDPR gives EU citizens multiple digital data rights, perhaps the most important one being the right to be forgotten. But today, our every search, click, and swipe leaves an online trail through web caches and cookies. There are millions of smartphone apps that gather the personal information of users every day. And tech giants collect massive amounts of data on consumers which they monetize through their ad business. In this digital data-driven age, the task of anonymizing the information of users can not only be challenging for companies, but also costly.
GDPR is slated to come into effect on May 25th, leaving Europe-based companies, as well as those in other countries that handle the data of EU citizens, scrambling to get their data protection measures and controls in order. Companies that mishandle data, and fail to comply with GDPR run the risk of huge fines – the maximum being up to 20 million euros or 4% of a company’s annual global turnover, whichever is higher. Rather than face these hefty fines, some tech vendors have exited Europe. Meanwhile, the gaming industry is closing down multiplayer battle arenas like Edge of Reality’s shooter Loadout and Uber Entertainment’s Monday Night Combat, citing the high costs of regulatory compliance. As the digital marketing industry relies heavily on search-based targeting for ads, GDPR has forced even the biggest and most powerful players in the ad industry like Facebook and Google to overhaul their modus operandi.
With the growing influence that large tech companies wield, and in the light of recent data privacy scandals such as Cambridge-Analytica, the regulation may in fact have a desired effect – reigning in the tech giants and others who profit from the personal data of users. But some experts warn of the unintended consequences of GDPR – a dystopian future for tech, monopolized by the very firms the regulation sought to keep in check, while smaller players are wiped out because they do not have the required resources to comply.