GlobalSign Blog

Can the GDPR and Big Tech Coexist?

Can the GDPR and Big Tech Coexist?

Mass data collection—known as “big data”—has become an essential tool for technology firms. Indeed, it is the centrepiece of the EU’s 2015 Digital Single Market Strategy, which describes big data as a “catalyst for economic growth, innovation and digitisation” and “central to the EU's competitiveness”.

Thus, the EU’s incoming General Data Protection Regulation (GDPR) has led to some criticism as, on the surface, it is something which will stifle such growth. On May 25th, any organisation collecting personal data on EU citizens, regardless of where it is based, will be subject to new laws regarding how that data must be stored, the rights EU citizens have over it and what constitutes personal data. It is this latter point which is particularly problematic for the big tech industry.

The Problem with Big Tech

Big data allows businesses to spot patterns in a way that improves organisational efficiency. In particular, big data is used by big tech companies (most famously Facebook, Apple, Amazon, Microsoft and Google) to improve the user experience through the tracking of behavioural data—data it then sells to third parties who can then advertise to you via target marketing (aka profiling).

Unfortunately, as technology has advanced, so has the means of identifying who you are, such as your IP address, mobile identifier, online behavioural habits, etc. Yet, this data is not currently defined as “personal data”, meaning organisations are legally entitled to collect this data to profile you without your permission, to sell it to any third-party organizations and are under no obligation to remove or encrypt it.

Why GDPR is Necessary

These practices have resulted in a high degree of cynicism towards tech companies, with Sage identifying two-thirds of Europeans not trusting online businesses to manage their data responsibly. Naturally, this distrust has been fuelled by recent headlines surrounding Facebook’s selling of personal data without permission or disclosure, as well as the discovery of Amazon’s and Google’s patents to listen to its customers at all times.

The GDPR addresses these concerns by adopting these modern means of user identification under the umbrella term of “personal data”, placing greater restrictions on how the data must be collected, stored and used.

The Incompatible Argument

The great difficulty that the GDPR poses for big tech is that much of the information that will now be defined as personal data is what makes the big data strategy so effective. For instance, Google is only able to recommend restaurants near to your location because it has obtained your geo-location. They then sell this information to third-party companies that can target you with ads about other goods and services in your area. Selling this data is a key part of big tech’s core business model; so, the GDPR represents a fundamental obstacle by restricting what data can be gathered and sold.

How the Industry Will Adapt

Big data can still be used as a strategy under the GDPR. It simply requires higher levels of responsibility. Going forward, in order to meet GDPR requirements, organizations must:

  • put in place policies which respect personal data and protect it accordingly;
  • seek direct permission from EU citizens before collecting their data;
  • ensure any use of data for profiling has a legal basis; and
  • ensure any personal data is easily accessible should users or regulatory bodies want to access or remove it.

These restrictions may result in negative consequences to the big tech industry and its users. Limiting who big tech companies can sell our data to will impact profit margins, which will, in turn, affect future business decisions, such as what services can remain free.

Fortunately, businesses are already recognising that compliance will benefit the industry and users, alike. With so much distrust among the EU population, compliance with GDPR can be used as a marketing tool, as users will understand respective organizations to be responsible and trustworthy. Similarly, by extending these rights to non-EU citizens, organizations will win the trust of global customers and be able to streamline their policies and practices.

This ultimately means that, while the GDPR is a challenge that big and small companies alike need to overcome, it is also a great opportunity to show proactive cooperation and establish great customer trust. This has potential to give customers greater agency over their data, while simultaneously enabling companies to take charge over how they acquire, and engage with, personal data in the innovative process. And that’s good for business!

Note: This blog article was written by Liam Davies for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.

Share this Post

Recent Blogs