The world-leading data law changed how companies work. But four years on, there’s a lag on cleaning up Big Tech.
“One thousand four hundred and fifty-nine days have passed since data rights nonprofit NOYB fired off its first complaints under Europe’s flagship data regulation, GDPR. The complaints allege Google, WhatsApp, Facebook, and Instagram forced people into giving up their data without obtaining proper consent, says Romain Robert, a program director at the nonprofit. The complaints landed on May 25, 2018, the day GDPR came into force and bolstered the privacy rights of 740 million Europeans. Four years later, NOYB is still waiting for final decisions to be made. And it’s not the only one.”
“Since the General Data Protection Regulation went into effect, data regulators tasked with enforcing the law have struggled to act quickly on complaints against Big Tech firms and the murky online advertising industry, with scores of cases still outstanding. While GDPR has immeasurably improved the privacy rights of millions inside and outside of Europe, it hasn’t stamped out the worst problems: Data brokers are still stockpiling your information and selling it, and the online advertising industry remains littered with potential abuses.”
[..]
“However, despite clear enforcement problems, GDPR has had an incalculable effect on data practices broadly. EU countries have made decisions in thousands of local cases and issued guidance to organizations to say how they should use people’s data. [..] Some of GDPR’s impact is also hidden—the law isn’t just about fines and ordering companies to change—and it has improved company behaviors. “If you compare the awareness about cybersecurity, about data protection, about privacy, as it looked like 10 years ago and it looks today, these are completely different worlds,” says Wojciech Wiewiórowski, the European Data Protection Supervisor. Companies have been put off using people’s data in dubious ways, experts say, when they wouldn’t have thought twice about it pre-GDPR. But at Big Tech levels where data is plentiful, the scale of complying with GDPR is different…”
Despite enforcement being next to impossible, GDPR has raised the bar for those without the data and the legal war chests to continue the violation. So while consumers continue to dine at the smorgasbord of free online services, big consumer-tech will keep playing the same game with personal data. There are still not enough incentives for consumers to change behavior, the maths simply does not work, personal data at an individual level is worthless and so a consumer cannot be financially incentivized. IMO the only way this will change is when non-financial benefits become attached to personal data, which is where Web3.0 presents some interesting possibilities.
Read the entire Wired Magazine article: How GDPR is Failing