Note: this post was originally published on May 25th, 2018. Blog timestamps are misleading due to site migration.
In case you’re unfamiliar with GDPR, it stands for General Data Protection Regulation and it officially goes into effect today, May 25th, 2018 in the EU. Read this to get up to speed on GDPR before reading the rest of this post.
Happy GDPR Day! With all the news and notifications on GDPR lately, I’ve been thinking – where did all of this start? What is the root problem that has brought about this regulation, and what will GDPR do?
What is “the problem”?
In a nutshell, fear. We, as consumers, are scared of companies collecting our data and using it for purposes that we don’t understand. This fear is driven by what we see happening to our online experiences (i.e. product focused retailer ads following us around everywhere) and what we hear in the news (i.e. Equifax data breach, Cambridge Analytica scandal). In a vacuum, most people aren’t all that bothered by targeted advertising, especially once they understand that it’s mostly based on anonymized data and is relatively harmless (of course, for those that don’t understand, there is a higher level of paranoia). If users were truly concerned about targeted ads, ad blockers would have much greater adoption than they do.
So let’s dig deeper. If targeted ads don’t really bother us, what does? How did we get here? I believe it’s our deep-seated fear of what we think data collection can lead to. On a rudimentary level, it’s hacking, data breaches, selling of our personal information to annoying telemarketers. But on a deeper level, it’s fear of what AI may be capable of. Think Hal from 2001: A Space Odyssey, Big Brother from 1984, Ava from Ex Machina (although that guy had it coming). The fear has been instilled in us through pop culture, and we’re starting to see ominous signs in the real world (Google Duplex demo, anyone?). Is Alexa going to understand us so well that one day she’ll start subliminally controlling us? Is a self-driving Uber going to override where we want to go? Will our crypto accounts get hacked and will all of our savings get cyber-robbed? Are we making ourselves vulnerable mentally, physically, financially, by allowing ourselves to be tracked, and then allowing for rapidly improving AI technology to have at our data? For most people, buried deep down, this is really “the problem”. Targeted ads are just an easy to see, easy to explain, and easy to blame scapegoat.
What will happen when the GDPR goes into effect?
So opting-in and taking control is a better option, right?
So sure, opting-in might be a better option, to preserve competition in publishing and tech and hopefully keep the big companies honest, but it’s also just the status quo and doesn’t solve “the problem”.
So what?
If I haven’t made it clear already, I don’t think GDPR is the solution to “the problem”. If anything, GDPR hurts the tech industry, hurts consumers, diverts attention from the real issue at hand, and gives people a false sense of security. We need something better. I realize I’m not presenting a solution here (I will do so in a later post) and only outlining the problem, but before offering up any answers it’s important to fully recognize what’s at stake. Not doing so is where I believe the GDPR tripped up. The first step is more educated consumers and government around what technology is capable of doing with data today, and in the future. And equipped with that knowledge, consumers and government need to be a lot more honest and explicit about what we’re trying to protect ourselves from.
One thing is for sure, it’s not targeted advertising.