Adjusting to life under the GDPR in 2018 will be difficult. But tech implications of the GDPR will drive greater growth of the digital economy, not less.
Data Protection
Certain types of personal data are very valuable to criminals, and can be very damaging to an individual or business if it falls into the wrong hands. As the world becomes more digital and more connected, more of this sort of data is generated and passed between various sources on a regular basis.
Government regulations and supervisory authorities aren’t just about keeping irresponsible parties in line. They also provide vital security guidance to every type of organization that handles sensitive personal, business or government information.
Data protection regulations also ensure that the end user has a transparent view of and a say in the processing of personal data. These safeguards play a significant role in everything from the preservation of civil rights to ensuring that democratic institutions function properly.
Some types of personal data are clear candidates for regulation: medical records, banking information, national ID numbers and so on. But some of these regulations also cover items that might seem relatively innocuous at first glance: home addresses, email addresses, website profile information and so on. For example, the European Union General Data Protection Regulation (GDPR) has stipulations about anything that is unique to an individual to include phone numbers and social media accounts. People have varying levels of privacy preference with these items, but they are often protected by regulation because they can be used for targeted scams and attempts at identity theft.
Given that regulations often take the size and customer count of businesses into consideration in terms of penalties and the scope of protection of personal data, compliance is particularly important for enterprise-scale organizations. You do not necessarily have to have an active business presence in a country or region; simply storing data on or moving it through servers there may subject you to their data protection rules.
Many businesses are still struggling to understand and comply with data protection laws and regulations. Study finds that 62.4% of companies are still not ‘completely compliant’ with data regulations which means vulnerable consumers.
Fine imposed by the Norwegian data protection authority in August could be expanded to the entirety of the EU, subjecting Meta to extensive daily penalties until it makes big changes to tracking ads. Decision could potentially spark an EU ban.
Data governance is critical today. Why should board directors engage on governance of data? What are the risks and missed opportunities of failing to do so?
noyb notes that the ultimate outcome of this GDPR complaint could set a precedent that makes online privacy very expensive. If Meta's ad-free model is ultimately legitimized, it is likely that all other apps supported by targeted advertising will adopt the same scheme.
China has not received an adequacy decision for international data transfers due to known and expected access by the government. The six apps that the noyb privacy complaints are targeting are TikTok, AliExpress, SHEIN, Temu, WeChat and Xiaomi.
A complaint in Poland alleges GDPR violations by ChatGPT in the areas of lawful basis for data processing, data access, fairness, transparency and personal privacy.
Italy was one of the first EU nations to take OpenAI and ChatGPT to task over data privacy violations, even banning the app from the country briefly, and it has now issued the bloc's first GDPR fine of this nature to the company.
The Trump administration's "AI Action Plan" will likely shape every aspect of AI development going forward, and OpenAI has submitted its own set of proposals to the White House, one that unsurprisingly calls for light AI regulations.
A recent change to its EU terms of service and an email sent out to some ChatGPT users indicates that OpenAI is now formally under the watch of the Irish DPC in terms of its responsibility to EU data privacy regulations.









