Way back in 1999, before we had smartphones molded to our hands monitoring our every online action, Sun Microsystems CEO Scott McNealy famously said, “You have zero privacy anyway. Get over it.” It was an unpopular viewpoint at the time, but he was right then, and he’s even more right now.
No one could have predicted how we’d throw privacy to the wind in favor of cat memes, free apps, and personal recommendations, but people were momentarily stirred awake to the power of data during the recent Cambridge Analytica scandal. It was eerily good timing with the EU’s new privacy bill the General Data Protection Regulation (GDPR) and the ePrivacy law in the post. The idea behind the GDPR was to regulate how American tech giants use the data of European people. To the average user in the EU, the laws appear common sense and they will stop tech companies from internet stalking them and monetizing their data against their will. There was a problem with how American companies gathered and shared user data, but the EU has fixed it. Keep clicking, keep sharing, keep the GPS on your smartphone on.
Impact of GDPR on small businesses
The truth of the GDPR is that smaller companies, who do not have a logged-in customer base or a team of lawyers, will be forced to show users an endless click stream of consent forms for any information they gather on them. This will turn users away.
The ePrivacy law meanwhile, is out to monitor the cookie jar. With this, companies need the active permission of users from every cookie they crumble, every time they crumble it. It’s yet another blow to journalism. Since moving online, profits for the press have dried up. People are reading more content and bigger audiences are being reached, but the traditional advertising revenue is being mopped up by the likes of Facebook and Google. These companies get the content free from the news outlets and get the online data from the readers. Win-win. One way that news websites do manage to make some money is through cookies. They let relevant ads be placed on pages users are looking at. They can also record the user’s web history, so that someone who might have looked at a website about shoes can be targeted with shoe ads when they arrive at a different website.
The new law will mean users have to click a separate permission form for each cookie, before the content is revealed. It is a massive turn off. If they look at the content via Facebook for example, they will not have to click as it is presented as part of the Facebook site and they have already logged in and given permission. See, companies who have an established relationship with their users, such as Amazon, Facebook, Google and Apple, and require logins are exempt from some aspects of the GDPR. Getting consent from their users will be easier as a login could act as consent for all future visits. Regular websites don’t have this luxury. They rely on third-party data for targeted advertising and have no direct relationship with their users. They will then have to face users with a constant click stream.
If however, you click all your content on Facebook, they will still gather all your data. The only thing now is that they will not pass it on to third parties. They will be the kings of it and if third parties want to advertise, they will not go to an ad agency, they will go to the tech giants.
Business as usual for tech giants and surveillance laws
The common sense way to protect users from bad practices by U.S. tech companies is to subject them to the same regulations that monitor all other industries. But, the tech companies still manage to dodge regulation despite being the largest industry in the US. For instance, currently the US government wants to block a merger between the telecom giants AT&T and Time Warner, which owns a movie studio, cable television stations and print publications. Regulators worry a merger would lead to a price hike. AT&T rightly argues that it faces direct competition from tech giants such as Netflix and Amazon, which offer online video streaming and original programming. The tech giants however would not be subject to the regulation that is stopping this merger.
The GDPR and the ePrivacy law are nothing more than a red herring to make people believe they have some privacy. Surveillance laws in the U.S. and the EU are far reaching and can demand that companies give up all data on their customers. The Investigatory Powers Act, which was passed in the U.K. in 2016, was called “the most extreme surveillance in the history of western democracy. It goes further than many autocracies,” by the whistleblower Edward Snowden.
The U.S. and the rest of the EU also have similar laws in place. In Germany for example, if a telecommunications company serves more than 10,000 customers, it must make interception of telecommunications possible for the government. If a company serves more than 100,000, it can be made to provide all customer data to the government upon request.
You see, Scott McNealy was right. You have no privacy. These new laws will not stop the surveillance which cools necessary whistleblowing to keep governments in check. They will not cool the unfair advantage of tech giants over smaller industries and smaller players.
The only real thing you can do if you want privacy online is to encrypt your data.