Data protection and GDPR… what we’ve been reading this week at Brand Genetics
“The goal of the web is to serve humanity. We built it now so that those who come to it later will be able to create things that we cannot ourselves imagine.” says Tim Berners Lee, creator of the World Wide Web.
Following the introduction of new data protection laws, this week we want to explore GDPR: what it is and why do we need it.
What is GDPR?
GDPR is the new general data protection regulation which replaces the 1998 Data Protection Act. GDPR sets out how personal data can be used by companies, government and other organisations. While there has been very little change in data laws for the last 20 years, the amount of data collected and shared has sky-rocked. As a result, the public has become increasingly concerned that many organisations are able to access vast amounts of our personal information. In the wake of recent data scandals, many sources suggest it has become increasingly obvious that these new laws are fundamental to safeguarding personal information and putting the control back into the hands of individuals.
Why should we care about GDPR
Research shows that our lives are increasingly lived online: the average person touches their smartphone 2,600 times a day, spending 20 hours a week on their phone. This accounts to eleven years over the average lifetime. We are sharing vast amounts of personal information and private data, and companies have been taking advantage of it.
John Battelle, founder of NewCo Shift Forum, a platform celebrating businesses on a mission, argues that GDPR is the most “important new social contract” between consumers, business, and government in the Internet’s history. While the idea of a ‘social contract’ may seem extreme, the internet has been mostly unregulated since its creation in 1989. As this article illustrates, the lack of legislation has enabled some technology companies free reign over our information. Up until very recently these internet giants have been collecting enormous amounts of data on consumer’s behaviours and selling them onto third parties such as marketers.
The most well-documented example of this is the recent data scandal involving political consultancy Cambridge Analytica who had improperly gained access to personal data on 87 million Facebook users, prompting investigations in the United States as well as Europe. However, there is evidence to suggest that Facebook has been collecting vast amounts of personal data as early as 2010.
Many of these tech giants offer us free services: Facebook gifts us with social networks and Google willingly answering any questions we ask it. In 1973, Richard Serra famously remarked that “if something is free, you are the product.” So it cannot come as a surprise that 80–100% of Facebook and Alphabet (Google’s parent company) revenues come from advertising. In fact, John Battelle reinforces Serra’s notion, arguing that GDPR is a response to what he calls ‘surveillance capitalism’ — a business model driven in large part by this rise of digital marketing.
Amazon is also part of this, having evolved into an e-commerce powerhouse through their smart application of consumer data amounting to an unparalleled view of what, how and when people buy. As David Streitfeld noted in the New York Times in 2016 “Amazon wants to be so deeply embedded in a customer’s life that buying happens as naturally as breathing, and nearly as often.” While this is a somewhat Orwellian prospect, it very much goes to the heart of both Amazon’s success as well as the debate around data protection. According to this report by JWT, 88% of US consumers aged between 18–34 prefer to shop at Amazon than any other online retailers. While a major component of such popularity is Amazon’s offering of increasingly personalised products and services, it comes at the price of sharing personal data. As Amazon increasingly offers us hyper-convenience, moving into new areas like finance and healthcare it is important to be aware of such a trade-off.
Likewise as technology becomes increasingly sophisticated with the introduction of biometrics, machine learning and VR, technology companies have an opportunity to watch and monitor our every move. Akin to Amazon’s mission, many argue that other tech giants are also striving to fit so seamlessly into our lives that we do not know they are there. While this may make our lives ever-more efficient, we must be mindful of what this might mean for our privacy and the use of personal information.
Is GDPR going to save us? The future of techno-politics
While Pew Research found that being in control of who can get information about us is “very important” to 74% of Americans, many people continue to give away vast amounts of personal data. Researchers call this the “privacy paradox”: we reason our future self will not suffer consequences. If you’re thinking about reading the terms and conditions — I can tell you it won’t help much, researchers estimate it would take 76 hours a year to read all of the user agreements we come across. That is to say there is a trade-off every time we agree to terms and conditions; either agree to sharing vast amounts of our personal information or miss out on accessing important services and information.
Reports agree that GDPR is good in theory however, it doesn’t protect against some of these larger companies who find loopholes around this legislation and are thus still using our data in the same ways. Take for example, this report claiming that Facebook has quietly moved around 70% of its users to be registered in the US rather than Ireland to avoid GDPR. In other words, these new laws disproportionately favour what Battelle calls “scale first parties” A.K.A tech giants like Facebook and Google who can very easily gain consent from the billions who use their services. Battelle explains it rather well:
“You’re quite likely to click “I Consent” or “Yes” when a GDPR form is put in between you and your next hit of Facebook dopamine. You’re utterly unlikely to do the same when a small publisher asks for your consent via what feels like a spammy email.”
While many argue that the trade-off between sharing data and information access is key, in a culture increasingly concerned with transparency and openness, it is also important these tech companies make the process of data sharing more transparent around what data is being used, how and by who.
The Human Experience (HX) learnings?
As Time magazine suggests, “we need to rethink the basic pact we’ve made” — that digital connection is the only way to sustain a livelihood or connect with others and, therefore, disempowered, we must keep giving ourselves away. Instead, we need to consider what it means to exist as a human online: what personal information we share and who might be watching us…
Clemmie Prendergast is a consultant at Brand Genetics, an insight and innovation agency specialising in human-centred insight and innovation. With a background in anthropology, she has a wealth of experience in behavioural science and psychology and has worked in strategy, insight and behaviour change.