Archive · · 5 min read

GDPR Intentions

GDPR has been in effect for a few months and we're starting to see the first major rulings. Google was just hit with a 50m Euro fine for not being clear enough in their intentions with user data. Is this a turning point? While regulation and legislation is typically followed to the letter, t

GDPR Intentions

Watch this episode on YouTube.

Reasonably Accurate 🤖🧠 Transcript

Morning everybody. How you doing today on this episode of the show, I want to bring back that dreaded four letter word or acronym. It's not the F one, it's the G one GDPR. It's been a little while since we've heard about it. Um But over the last uh week and a half, John Porter from the Verge has had two absolutely fantastic articles.

Um come out around some core issues related to GDPR. Now the first one, John was covering the record setting fine uh that the French um privacy commissioner uh C uh had uh put down um against Google. Um so it's €50 million and essentially the ruling which Google is going to appeal is that Google makes it too difficult for people to understand what data they're giving up and how that data is being used.

Now, this is a fantastic ruling in the favor of citizens and of users gaining back control over their privacy because one of the core tenants of GDPR wasn't just that organizations need to do better at protecting the information, but it was, they need to be far clearer and transparent in what they're doing with all this information.

So for this ruling to come down from the French Data Commission in order to say that, hey, listen, you need to do a better job. Google of making it clear so that the average um citizen can understand what's going on. That's historic. And hopefully it's one of many coming out against a lot of tech companies.

And the reason why I say that is because this seems to be the only way that people can get out of the engineering mindset. So I'm not attributing any malice, any um you know, bad intent on the part of tech companies. I just know as a software developer, as an engineer, as a scientist, it can be really hard to take yourself out of your own mindset to put it into the other uh to somebody else's shoes and get their perspective.

So I know um you know, talking to um average citizens or use the cliche, you know, if I spoke to my parents and said, do you understand what this dialogue says? They're gonna say, no, they don't understand what kind of data uh Google is collecting um or how they're collecting it.

So they are, you know, fluent uh users of, of technology, they understand how to use this stuff. They just don't understand the implications. So it's good to see these kind of rulings come down. Uh Mainly just to see that switch, you know, because uh money is what's going to drive business decisions and hopefully people start to realize it's a business decision to make it clearer to understand this data.

Um On the same side, the second article from John. Um and again, I'll link these down uh down below so you guys can read these yourselves. Was that he um as a European citizen made a a perfectly valid request uh to the four major companies to Facebook, to Google Amazon, to Apple and said, I want to know what you know about me.

Um that is uh fully within his right as a U eu citizen um under GDPR. Um and it took a couple of days for some Amazon took the full 30 days as uh allowed by the regulators um to get back uh gigs upon gigs of information, like he got over 100 and 30 gigs of information back about himself.

But his point was that all of it was in really interesting formats, made it really difficult to understand some of it. Now, Facebook, when you do a download from Facebook, just like Twitter, you actually get a little bit of a web interface to understand some of the data.

Um Google and Amazon not so much. And again, this comes back to that point of clarity around GDPR. It is not just a legal line of what companies are allowed to do and what they're not allowed to do, it's intention. And I know it's really hard to ascribe intent to legislation um to regulation.

But the idea the driving force or principle behind GDPR was that it's your data and you should have full control over it. You should fully understand um what this usage is, how people are. Um you know, taking advantage of that data, it's no longer what most tech companies believe, which is I'm gonna gather data and put it all in a bucket and pull it out as required.

Um You need to state uses. So in Canada, we've had this for years. But, um, you know, I always do a little bit of a litmus test when I'm dealing with different organizations asking them. Ok. So what are you going to use this information for?

And, you know, do you have a, um, data privacy contact which has been Canadian law for a very long time, you can only collect information that you um, state for the specific purpose and can only use it for that purpose. So if I ask you for your email address, um, so that I can send you updates about this show, I can only send you updates about this show.

I can't send you um something else. I can't try to pitch you something, uh, you know, completely unrelated to it. Um So it's not a hard and fast line but it's, it's pretty clear, um, and it's in line with GDPR. Um, but it's amazing how, how many companies aren't aware that that's their responsibility to set things up like that.

So this ruling against Google, yes, it's gonna hit them on the wallet. Um but it may make things change, same with the, you know, shining a light on what data you can get back from personal request and how difficult it is to use. Hopefully this is, you know, another step along the long process of switching power back to the users to control our own data.

As opposed to the massive ecosystem of companies that are leveraging our data profiting from our data are reselling our data, any number of things that's going on without our knowledge, without our participation. Um We'll see what happens. Let me know, hit me up online at Mark NC A for those of you on the vlogs in the comments down below and as always for podcast listeners and everybody else by email me at Mark N dot C A.

What are your thoughts on GDPR on this? Fine or how well you're aware of how your data is being used. Um And in what manner, hope to talk to you online and we'll see you on the next show.

Read next