The General Data Protection Regulation seeks to give people more control over their data, mainly the right to move or remove data that companies have about them. Reuters described it as “the biggest shake-up of personal data privacy rules since the birth of the internet”, which might be bit of hype, but in the field of this sort of legislation it does seem to be a big deal.
What are the good and bad parts of the regulation?
What are the implications for the monetization of attention and humane tech? Could this be a possibility for us to reduce the monetization of our attention, when people could opt-out of their data being used to make it easier to grab their attention?
Could it allow control of our data, so we could use the revenue it creates to go to non-profit causes or to support cooperative enterprises owned democratically by the members?
As a non-tech person, I have difficulty understanding the implications of the law, would love to hear peoples thoughts about this :).
It’s a very broad subject, GDPR still has weakness and maybe loopholes, but still big progress.
The things that we will, as users, notice the most are explicit consent notification, and data breach notification obligation.
Explicit consent, mean that services will have to get an informed and explicit consent for treatment of personal data. And if you have 3rd parties partners, you will ask for them too, if you do a new treatment on personal data you will have to ask again. This can have a lot of impact. For example, maybe you will have to ask consent of users when using google analytics (it’s not anymore a line of javascript to past on your page ). Always on device could become illegal, Alexa may have to ask for explicit consent of all the people present in the room before uplaoding data to the cloud.
Data breach notification, until then companies didn’t care much about your personal data breaches. Hurts them indirectly, because it’s hurting users. With GDPR they have a couple of days to notify users. As an example it took Equifax several month to notify users, some had time to sell their shares… Same for Uber, if GDRP was effective it would have cost them 10x millions, that will hurt them.
Of course these regulations will hurt companies that make big money out of personal data, but why should they fear for consent if they do no evil?
edit: and yes, of course, territorial scope, it doesn’t matter where you operate, if you have European users t applies
I have read many posts by Doc Searls. He does a great job in pointing out all the flaws and evils of ad tech.
However, I disagree with his repeated idea that we can simply fix online ads by having brand advertising online. I’ve sold ad space as a publisher for 10 years, and I can tell you the worst value I’ve provided to people is selling brand advertising. In fact I haven’t done it in years because nobody buys it anymore, and also I figured out that I was ripping off the advertisers and not really offering them much value. There is a reason brand ad don’t work, and that’s because people don’t care. The internet is not a glamorous or exclusive place to put brand advertising, and that is not changing.
On my sites I can get up to 1% click through rates on each ad. But if I replace that with a nice brand ad from a big company for a related service, the click through rate will be just 0.1% and the earnings per click half of what evil adtech could provide.