Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Morning everybody. It is GDPR day, May 25th and GDPR is officially the uh law of the land when it comes to the EU. And of course, that has global implications but has everything changed overnight. No, what started though is because the regulation has gone into effect. Um Complaints can be filed with local regulator, uh regulatory bodies and that has in fact started Fortune had an article this morning how some privacy activists had filed GDPR complaints against Google and Facebook and some others in order to trigger a 30 day window.
Now that's the window in which the regulator has time to respond and the process kind of gets kicked off. So we're going to see another chunk of GDPR news um in 30 days from now and that's when the ball is really going to get going. However, we have seen some immediate impacts.
Um A number of us based news sites have blocked European visitors giving them information saying, you know, hey, because of GDPR, we've stopped access. Um You know, we're looking to resolve this um insta paper a very popular read it later kind of service. Um uh shut down uh access from the EU.
Um again, because of GDPR and the general question you have to ask there is we've known about this for two years. Why are you shutting down the day before? That was your strategy for two years? That's what you came up with. Um You can only think there that it's got to be a wait and see kind of thing is that they didn't make any changes until they figured out what they need to change.
Um, as opposed to investing upfront, I think that's the wrong call but not my call to make in those cases. Um So the question now becomes around GDPR as it's in effect when these complaints start rolling, the 30 day window starts. Um, what's going to be the actual real world impact because GDPR is a legal agreement.
It's a eu adopted regulation. It is massive. It is ridiculous to understand in its native legalese, let alone in multiple languages of legalese. But there's a lot of core concepts that we've talked about here on Mornings with Mark that are a huge advantage for security that are huge advantage for personal privacy.
One of the things that really comes up quite often that is going to need the regulators to step in. It's going to need a few fines to be thrown down is the idea of consent. You've seen your inbox absolutely slammed over the last few days and weeks of updated terms of service.
Click here to opt in to continue to receive communications from us. That kind of stuff is all in of GDPR because people weren't properly tracking when you gave them consent to email you or when you gave them consent to collect your data. And this kind of stuff, which is surprising because there's a number of anti spam legislation around the world that required that.
So um you know, the question were people up to speed on the existing laws, let alone a new regulation like GDPR. But the bigger question comes around data collection in general. So the way Gdpr boils down to it again, I'm not a lawyer but in when you're translating from legal East to English, there is nuance that is lost and this is why we need to see a few cases get pushed through the entire process first, but there's this idea of consent.
Um Now the consent needs to be separated from the use and the service itself. So where people get into trouble and where the initial complaints filed by privacy activists are is that um data that is required for running the service, you do not need consent for, you do need consent and it needs to be separate consent from the service itself for pi I So tracking um service health metrics, number of concurrent users, stuff like that should all be safely, should big quotes should be safely under uh what we need to run a service question of, you know, mark and my email address.
And you know, any other personally identifiable information that means consent and that consent under GDPR needs to be separate from the use of the service. You can't tie the two GDPR explicitly forbids strong arming folks into consenting. Now where this is really going to be a challenge is under a lot of social networks or ad driven businesses because the consent or the information is required not consent, but the information is required for the business model of the service, not for the service, for the business model of the service.
And I think the challenges is GDPR. Uh when you translate it to legalese, isn't clear the difference between a business model that drives a service and the technical requirements of a service to make it function. And I don't know if there's any value in actually defining the difference between the two.
But I know from a business perspective, from an ad driven site perspective, there is a massive, massive problem with that is they have a challenge in that if collecting information is their business model, then is the argument that that is required to run that service.
I don't know that's what we're going to have to see. There's a lot to think about here. I hope it isn't. I hope GDPR can stay true to its principle of your data should be yours to control, to maintain, to be able to correct and withdraw at any time.
And that people can start pushing better business models. I've never been a fan of ad driven metrics or of ad driven services. Yes, obviously, ironically, I use social media. Um but I think there's value there. I'm also willing to pay for social media. Now, I know that I know that's not true of everybody.
And I know that far more often than not social networks are driven around that network effect, the more people on the more valuable the network. The problem is, is how does that reconcile with personal privacy as displayed by GDPR? Do we need GDPR? Is it uh end goal?
Is it a first step? Is this something to get that conversation going again for me? Continuing theme here is always conversation. Hit me up marknca online in the comments below. We need to talk about this stuff. It needs to be an active discussion, a database discussion, an evidence based discussion, not just the feelings, not just hyperbolic arguments and that's unfortunately everything when it comes to privacy as people go with these crazy, you know.
Oh, well, if you've got nothing to hide kind of arguments that doesn't fly, let's use evidence. Let's have a logical discussion around this. GDPR is a wonderful thing. In many aspects, there are going to be second order effects, there are going to be unintended consequences of this.
We need to look at them, we need to adjust as we go. In the meantime, let's keep an active eye on what's going on. Um, let's keep the conversation going. I hope you are set up for a fantastic Friday. Have a great weekend and we will talk to you on Monday.
