Over the last few months, the risks of collecting and sharing data, and the perils of ignoring these risks, have been demonstrated by data management scandals from Equifax to Strava to Cambridge Analytica. In these examples, companies failed to understand and manage the privacy risks posed by their data practices, and the people whose data they held were exposed as a result. The European Union’s General Data Protection Regulation, which took effect on May 25, emphasizes privacy risk and will force companies to carefully weigh the risks against the benefits.
While the GDPR applies primarily to EU citizens, the U.S. Congress has taken an interest in creating new protections for personal data as ever more harms and risks become apparent. The United States and Europe, despite different approaches to regulating data, both emphasize the role of the individual in determining how their information should be used.
Data is how we transact in the digital age. In 2018, people should be able to grasp what data has been collected about them, how it is being used, and with whom it is being shared without needing to access and understand every line of code in the products that shape their lives. Furthermore, companies will need to allow individuals a greater say in how their personal information can and cannot be used, and provide mechanisms for people to challenge the decisions companies make about them.
Going forward, companies will have to do more to earn people’s trust than keep personal data secure from traditional breaches. They must shoulder more of the risks borne of our data-driven world, and the options they give their customers must reflect careful consideration of these. Citizens worldwide are recognizing the value of their personal data, and are demanding transparency, accountability, and control in return.
Nuala O’Connor is the President & CEO of the Center for Democracy & Technology, a global nonprofit that advocates for human rights and civil liberties in the digital world. Nuala has worked in privacy, data, and digital policy in companies, government, and law firms, including as Vice President for Compliance & Customer Trust at Amazon, Chief Privacy Leader & Senior Counsel for Information Governance at General Electric, and Chief Privacy Officer for Emerging Technologies at Doubleclick. Nuala’s government service includes her appointment as the first Chief Privacy Officer of the U.S. Department of Homeland Security. Nuala holds an A.B. from Princeton, a Master’s in Education from Harvard, and a J.D. from the Georgetown University Law Center. She lives in the Washington, D.C., area with her three school-aged children and a large Labrador Retriever.