Power to the Customer
One of the main aspects of GDPR is to empower users to give their consent willingly, and with full knowledge of how their information will be used, for what purpose and for how long. Organisations can no longer use long ambiguous terms and conditions full of legal jargon, instead, they will now be required to set out easy to read and understandable forms, which state the reason for data collection clearly and makes withdrawal of consent as easy as it is to give it.
Facebook is already tightening up on their review process for apps that request access to information such as check-ins, likes, photos and posts, making developers agree to strict requirements. Apps such as used by Cambridge Analytica to harvest and exploit user data will no longer be allowed access to personal information. Facebook will also ask all its users to make decisions about how they want advertising on the platform personalised to their interests, and whether to continue sharing religious, relationship or political information on their profiles. Whilst other organisations such as Google have created data control centres, where users can set and control the length of time their data is stored in Google Analytics.
Currently, the Information Commissioner’s Office, the regulator tasked with enforcing GDPR-related fines in the UK, can only seize documents from companies deemed to be in serious breach of the GDPR if it has obtained a warrant. However, the growing feeling is that regulators may get more power to enforce the GDPR more strictly, thanks to recent revelations and data breaches.
Look out for Part 3 of ‘Lessons learnt from the recent Facebook and Cambridge Analytica Saga’, focusing on your responsibilities in the new GDPR era. Coming soon…
Missed Part 1? Read it here now