As Mark Zuckerberg and Facebook are finding out right now, how you handle individual personal data is becoming a very hot topic. Zuckerberg has just been forced to apologise for the way in which a third party, Cambridge Analytics, has misused sensitive personal data about the lifestyle choices and political views of Facebook users.
An estimated $30bn has been wiped off the share value of Facebook in just a few days, for something that they did not even do themselves, but which they allowed others to do through harvesting information from their platform.
But this is not the end, regulators around the world are investigating this breach and the prospect of millions of dollars in fines is strong. It has been said in connection with this scandal that if something is free then you are not the customer but the product. Personal information about you is now a valuable commodity in itself that can be gathered and then sold onto others.
Social media platforms, such as Facebook, have opened up a wealth of opportunities for marketers and politicians, to gather vast amounts of very personal data about individuals that they can use for commercial or political gain. Views on political issues such as gun control, taxation or Brexit, or consumer preferences for Apple, Samsung or Nokia products can all now be targeted and exploited through these platforms, or switched to other search platforms such as Google, E-Bay or Amazon.
The only thing you might be selling is ideas, or even perhaps just confusion. Fake news is now reported to be spreading up to ten times faster than real news and some state actors are known to be exploiting the power of data to spread misinformation that threatens or undermines democracy.
We have a weak regulator struggling to cope with the speed and complexity of the market, complex privacy policies that no one reads but which everyone signs up to, to get the service and ambiguity about data use and T&Cs. The pressure for commercial gain is also a contributing factor. Just imagine if you worked as a data scientist for Cambridge Analytica, or a consumer brand such as Samsung, what would you do?
The massive growth of the information economy is precisely why regulators, such as the EU, have acted to bring in more stringent new rules to protect individual rights like the GDPR, which is due to come into force in just two months’ time now on 25 May 2018.
As personal data becomes more valuable, so it becomes ever more open to misuse and ever more important that it is handled properly by data controllers. This means that it must be handled in line with the GDPR data handling principles.
All of this places a heavy burden on companies that hold personal data, which is just about any business with employees or customers operating inside the EU. The cost of GDPR compliance is high, but the risks of non-compliance in terms of regulatory fines and reputational damage, is even higher.