How GDPR is Shaping the Future of Data in the 'Post-Privacy' Era
9th May 2018 | Ardi Kolah
How technologies and new regulations are re-writing the rule book when it comes to personal data and privacy
There are many ways of describing data in business. There’s big data, small data, long data, predictable data and targeted data. Then there’s personal data, sensitive data, private data (the same thing?) and Personally Identifiable Information (PII).
Data, at its core, is about human beings. In 2016, the Council of Europe, which administers the European Convention of Human Rights, published a recommendation to all EU Member States concerning the ‘Internet of Things’ suggesting it should be renamed the ‘Internet of Citizens’ (perhaps not as catchy, but you get the point).
Technological advances, such as blockchain, are re-writing the rule book when it comes to processing data, including personal data.
Such technologies still require a focus on human rights where data protection, privacy and security are expected to be ever-present. The absence of checks and balances could result in harm and damage to individuals because of processing their personal data.
Back in 1964, Professor Marshall McLuhan made an interesting observation that was very prescient of the times we live in today. All media are extensions of ourselves. All technologies are designed to enhance our physical, social, psychological and intellectual functions and shape our world in new ways.
The distinction between digital and physical worlds have blurred to the point where there’s no beginning, middle or end, but one endless continuum of processing our every move as we walk around with a Smartphone in our pocket with its geo-location switched to ‘enabled’.
And although there are endless ways of connecting customers, brand owners, technologies and data with each other, from an employee’s perspective, it’s still very scary. For one thing, there are many security risks associated with increased personal data collection within the company and organisation.
The next generation of hacks – often an ‘insider’ lurking in the shadows right under the nose of their boss – won’t think twice in releasing health data, public and private personal information about colleagues and customers for personal gain on the dark web.
So, should HR turn up the dial on the security of processing measures by deploying ‘state-of-art’ technologies such as blockchain to combat the havoc that can be wrecked by one rogue employee as Bupa, Morrisons and many others have recently discovered to their cost?
Advocates of blockchain are keen to emphasise that it can create trust in existing online infrastructure that doesn’t currently exist where personal data is being shared between two strangers.
The basis of blockchain is that it’s a direct, secure transfer of data between two parties without the need for third-party verification. And this is made possible by an encryption solution that ensures that each exchange is unique and can’t be broken.
Although this may look attractive from the outside, it could cause all sorts of HR challenges where the employer must demonstrate transparency and accountability to comply with the GDPR.
In many cases, it’s not a human but a robot that’s looking at your personal data. But surveillance of this kind, even if dressed up as a way of increasing productivity at the workplace, is fraught with danger and could lead to a decrease, not increase, in productivity because of stirring up suspicion and mistrust about the intentions of the employer.
Accepting that we’ve moved to a post-privacy era with social media, privacy still matters to people as a way of shaping their lives – both at home and at work.
Ardi Kolah is Executive Fellow and Director of the GDPR Transition Programme at Henley Business School, and author of The GDPR Handbook. It covers in detail how companies of all sizes need to operate within the GDPR requirements and how to deal with information security and risk, and specifically addresses the key duties and responsibilities of the Data Protection Officer.