The Cruelty of GDPR
There is a joke circulating on the Internet, based on the classic song, “Santa Claus is Comin’ to Town”. The joke goes, “He’s making a list, he’s checking it twice; he’s gonna find out who’s naughty or nice, Santa Claus is in contravention of Article 4 of General Data Protection Regulation (EU) 2016/679.”
Let’s hope that it was tongue in cheek, a la Santa Claus. I’ve always admired The Guardian’s sense of humour.
Obviously, there is a lot of exasperation amongst the public with all the e-mails. But they are mostly from the millions of small companies and organisations strapped on resources trying their upmost to comply. And what else could they have been expected to do based on the Regulation?
In reality, we will all benefit from greater data privacy. Facebook’s market capitalisation is over $500bn, built on the assets of people’s personal data. Our personal data is worth money to people. Once we have learned that logging on to an application with our Facebook account is as stupid as logging on with our online bank account credentials – the lesson that Cambridge Analytica has taught us – then nefarious parties will seek other ways of harvesting that data. It has been argued that as large enterprises have learned how to make things difficult for hackers, the SMEs are the next target. Aggregating personal data from smaller companies may be a near-term threat. If GDPR has caused millions of smaller companies to think about privacy, who they share data with, how long they keep data, it may be one small step to protect. If the e-mail volume is a measure of the success of raising the profile of this subject, perhaps we should offer a begrudging respect?
And let’s hope Father Christmas can keep going under GDPR’s vital interests provision.