GDPR Is Failing By Not Being Enforced

The General Data Protection Regulation (GDPR) legislation was put into effect on May 25th 2018 but there are still many areas of confusion, especially concerning which types of data to delete and what is okay to keep. The drive behind the regulation was to bring the historical patchwork of laws and obligations about personal data, privacy and consent across Europe up to speed and make them fit for purpose in a world dominated by surveillance capitalism.

On the face of it, the GDPR looks like a valuable piece of  legislation, but according to some of its critics, GDPR has failed to protect personal data and that failure is killing the media and social institutions.

That is the conclusion of Dr Johnny Ryan, a senior fellow at non-profit the Irish Council for Civil Liberties, speaking ata a round table debate organised by the Brussels Privacy Hub. His contention is that the GDPR is good legislation, but nothing more than a 'beautiful dream' because no-one is interested in prosecuting it. "The Commission is not serious about it; the member states are not serious about it because no-one enforces it. And activists aren't serious about it either because we're not taking cases. No one is serious about it," he said. 

According to Dr Ryan, this lack of seriousness in enforcement of EU GDPR rules risks allowing a hollowing out of the media industry, and by extension society, is in a race to the bottom.

Dr. Ryan, who was previously chief innovation officer at The Irish Times, said that publishers are chasing the "false science and illusion" and, lacking their own data science know-how, have engaged with the wide range participants  that make up the adtech industry, a move which he argued could ultimately destroy them. "Publishers became integrated with the tracking industry. They became incapable of protecting their own data. For the last decade the tracking industry has been finding desirable audiences on a publisher's site and then moving to very cheap websites and targeting those audiences there as well. This arbitrage enables the bottom of the web to make money and makes it impossible for legitimate publishers to charge at the same price that they had for their own audience."

Dr. Ryan described the current situation as "a dystopia", said the host has become dependent on the parasite.

"We've got this crazy situation where both advertisers and publishers by attempting to embrace what you might call innovation and data are trapped in a crippling conservativism. And they have both railed against the privacy protections that could have reformed the advertising industry and saved their businesses." Ryan argued that there is no point in the EU working on new data protection, consumer and competition laws which which aims to regulate online content, if it has shown itself unprepared to act on GDPR, for which he blamed the influence of technology industry lobbyists and the weakness of the Data Protection Authorities.

Massimo Attoresi, Deputy Head of the Technology and Privacy Unit at the European Data Protection Supervisor, which regulates data processing by European institutions, argued that some of the acknowledged issues with the practical outcomes of GDPR would be resolved when it became part of a larger framework of legislation, including the incoming DMA and also agreements with the OECD and the USA. "It was a very thorough piece of law enforcement, it was also very well thought through .... The problem is that the time was late and all the business models we are finding ... which are not legal at the end of the day were already in place." Arroresi said.

In general the type of data protected by the GDPR is any information relating to an individual which can be used to identify that person, either on its own or when put together with other information. It includes traditional identifiers like name, age and location, and online identifiers such as username, IP address and cookie identifiers. 

Other participants at the Brussels Privacy Hub event took a more business orientated perspective. Luke Mulks, a Director of the internet search company Brave said that his company is working on a new model for advertisers in which users' attention is rewarded with the BAT (Basic Attention Token) crypto currency. This model envisions users viewing far fewer ads which are better directed, he explained, adding that Brave is now working with some of the biggest ad agencies and is growing rapidly year-on-year. 

Isabella de Michelis CEO of mobile privacy app ErnieApp says that one answer to the problem would be to combine the key elements of GDPR into an interface so that they are easy to digest by app users via a process she calls Privacy Knowledge Management (PKM). "We have a law but it's meaningless for consumers; we have solutions, but they're so complex that the users might not understand it, or simply they will not be aware of them because the big tech is dominating the narrative around what the solutions are. ErnieApp engineers GDPR Article 6A "into four clicks, opt in, opt out, delete and transfer," she explained, allowing users to understand what is happening with their data and act on it.

The GDPR has conferred formidable powers on the data protection authorities (DPAs) of EU states, including the power to impose fines of up to 4% of a company’s global revenues.  Howver, to date, the number of fines levied has been minuscule compared to the scale of the covert data-broking marketplaces that underpin the revenues of social media and other companies. 

The number of data protection staff across the EU has barely increased since 2019 and it's unlikely to do so, with most member states saying they haven't been allocated sufficient resources to carry out their work properly. In Poland, Romania, Hungary and Slovakia, national courts and authorities have been abusing the GDPR to curtail investigative journalism, or to target civic tech NGOs by trying to force outlets to reveal their sources. 

In the UK, meanwhile there is a possibility that acrimonious Brexit negotiations involve a lowering of current standards which could make it hard to authorise the transfer of data between the EU and the UK.  

AMD Solicitors:       Computing:       Guardian:         Forbes

You Might Also Read: 

GDPR's Impact In The US And Globally:

 

« Ethical Hackers Are Getting Rich
CYRIN CYBER RANGE Capture the Flag Contest »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Open Networking Foundation (ONF)

Open Networking Foundation (ONF)

The Open Networking Foundation (ONF) is a non-profit operator led consortium driving transformation of network infrastructure and carrier business models.

Cysec - TU Darmstadt

Cysec - TU Darmstadt

CYSEC is the Cybersecurity faculty of the Technical University of Darmstadt and performs internationally renowned research in numerous areas of cybersecurity.

Council for Information & Communication Technologies (CTIC)

Council for Information & Communication Technologies (CTIC)

CTIC was set up to address specific issues in the field of ICT relevant to the implementation of electronic government.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

Approach

Approach

Approach is a leading provider of cyber security consulting and secure application development services in Belgium.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

NanoLock Security

NanoLock Security

NanoLock delivers the industry’s only end-to-end platform for the IoT and connected devices ecosystem.

FraudScope

FraudScope

FraudScope is an AI-assisted platform that accelerates the identification of fraud, waste, and abuse.

CybX Security LLC

CybX Security LLC

CybX is the first company of its kind to merge the practice of computer forensics with computer security and information security.

DataDog

DataDog

DataDog provides Cloud-native Security Monitoring. Real-time threat detection across your applications, network, and infrastructure.

InterGuard

InterGuard

As the pioneer for Unified Insider Threat Prevention and productivity monitoring tools, InterGuard offers on premise and SaaS-based services that are easily available and affordable.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

Stacklet

Stacklet

Stacklet provides cloud governance as code platform that accelerates how Global 2000 manages its security, asset visibility, operations, and cost optimization policies in the cloud.

Polestar Industrial IT

Polestar Industrial IT

Polestar work on both sides of the IT & OT divide. Network, Data & Asset Security is our priority. Polestar installations are robust and resilient and comply with the appropriate security.

Creative Destruction Lab (CDL)

Creative Destruction Lab (CDL)

Creative Destruction Lab is a nonprofit organization that delivers an objectives-based program for massively scalable, seed-stage, science- and technology-based companies.

Nerds On Site

Nerds On Site

Nerds On Site provide on-site & in-home IT and technical support, managed IT services, and cyber security through our collaborative team of highly-trained IT and Security professionals.