The accelerated growth of social media during the past two decades has opened new horizons for businesses and individuals, including for example new opportunities for sales, marketing, advertising and communication with peers. However, it has also increased the privacy and data protection concerns for internet and social media users, as a great deal of internet services rely on data that are provided by them. In most cases such data are provided voluntarily by end-users, who are usually willing to provide their personal data in exchange of services that provide them with convenience and enable them to save precious time. Nevertheless, the collection of vast amounts of personal data from giant internet companies can have dramatic implications on individuals’ privacy. As a prominent example, during the notorious Cambridge Analytica case, the company harvested the personal data of millions of Facebook profiles without the consent of their owners. This was a large-scale data privacy violation case, which was added to a large number of similar incidents during the past decade.
In response to these incidents, policy makers have been considering changes to legal frameworks for privacy and data protection. They have scrutinized the operation and business processes of internet services providers as a means of devising laws and regulations that create an ethical environment for the deployment, operation and use of on-line services. The most prominent outcomes of such regulatory initiatives are the General Data Privacy Regulation (GDPR) of the European Union (EU) and the California Consumer Privacy Act (CCPA).
GDPR is EU’s regulation on data protection and privacy, which is applicable for all individual citizens of the European Union and the European Economic Area (EEA). It was put into force in May 2018 to safeguard citizens’ privacy by obliging enterprises that process personal data to abide by the following principles:
GDPR foresees huge fines for cases of non-compliance, which has led most organizations to establish privacy frameworks and technological solutions for the protection of personal data. Hence, it has been a game changer for European enterprises. Moreover, it has already a significant impact outside the EU as all global enterprises that operate in Europe adhere to GDPR principles. Furthermore, several countries outside the EEA have considered GDPR as a basis for developing their own privacy regulations.
At the dawn of 2020, a comprehensive privacy law has come into force in the United States of America as well, yet it concerns Californians i.e. approx. 40 million Americans that live in California. The law is termed California Consumer Privacy Act (CCPA) and concerned with the protection of personal data, including relevant rights and obligations of citizens and businesses. CCPA provides a quite broad definition of personal data as anything that could be linked with a particular consumer. Under this definition both legacy data (e.g., names, postal addresses, social security numbers, IP addresses) and data associated with emerging technologies (e.g., biometric or genomics data) are classified as personal data. Nevertheless, publicly available information provided or published by federal, state, or local governments are not CCPA-protected. This eases the operations of data brokers that collect, aggregate and sell information like property records, court filings, voter registrations, birth and marriage records and more. Furthermore, it does not inhibit Artificial Intelligence (AI) innovation, as anonymized user information is not considered and protected by CCPA as well.
Read Also: Enabling AI on Personal Data with Privacy Preserving Analytics
Similar to GDPR, CCPA establishes a number of principles that define what businesses and citizens can do when processing personal data or when having their data processed. Some of these rights and principles include:
Overall, the CCPA will strengthen the data protection rights of the citizens, through obliging companies to do more on privacy and data protection than they currently do. Moreover, it’s likely to benefit citizens outside California, much in the same way GDPR affected citizens and businesses outside the EEA. For example, several companies are likely to apply CCPA rights and principles to their entire customer databases, as it is difficult for them to properly segment the databases in order to identify Californians.
GDPR and CCPA are certainly positive steps towards safeguarding citizens privacy. They make companies more responsible and more concerned about providing an ethical environment for their employees and customers. Moreover, they empower citizens to take control over their personal data. However, much as privacy is about regulation it is also about users’ participation in the various on-line services. In the coming decades many citizens will opt to provide their personal data to on-line services providers in exchange of speed and convenience in accomplishing their everyday tasks. This makes on-line privacy more challenging than ever before and will fuel a debate on whether citizens understand and care about their data when using popular on-line services.
Is privacy possible in 2020? This still remains to be seen.
The benefits of cybersecurity mesh for distributed enterprises
The Rising Cybersecurity Threats CIOs cannot afford to ignore
Six Factors Affecting Security and Risk Management in the Post COVID Era
Surviving Cybercrime in 2021: Guidelines for Effective Cybersecurity Investments
Anti-Money Laundering in the Era of Digital Finance
The role of CIOs in fostering an agile and innovative DevOps culture
How to create an effective technology vision and strategy
Deliver personalized experiences to improve customer engagement using machine learning
Smart Contracts for Innovative Supply chain management
We're here to help!
No obligation quotes in 48 hours. Teams setup within 2 weeks.
If you are a Service Provider looking to register, please fill out this Information Request and someone will get in touch.
Outsource with Confidence to high quality Service Providers.
If you are a Service Provider looking to register, please fill out
this Information Request and someone will get in
Enter your email id and we'll send a link to reset your password to the address
we have for your account.
The IT Exchange service provider network is exclusive and by-invite. There is
no cost to get on-board;
if you are competent in your areas of focus, then you are welcome. As a part of this exclusive