Europe passed some impressive legislation in May of 2018. It’s called The General Data Protection Regulations (GDPR) and it applies to any organization that deals with data provided by citizens of The European Union. This includes Great Britian, despite Brexit, the British government has stated a clear intention to adopt and emulate this large scale legislation.
The GDPR is a complex monster, just as HIPAA was when it was first passed in The United States. Throughout my research there is something I’ve learned about broad, sweeping legislation. In the beginning there is a lot of celebration, legislators congratulate each other, legislators congratulate themselves and the general public feels that their data is safe.
But while the common folk is busy with their lives, taking kids to soccer, reading up on the latest Kardashian to go to rehab and trying to make a living wage so they can support their families, there are entities who are hiring lawyers and trying to find ways around these laws.
They are called corporations and here is the thing - 99.9% of regular people are not thinking about them, but 100% of corporations are thinking about regular people. Why are corporations thinking about hoi polloi? Why is the mass populous so enticing?
Because that’s where the money is.
And here is the thing, a consumer doesn’t have to spend a dime in order to be seen as incredibly lucrative by corporations. In a modern, digital age we are constantly outputting data, it happens when we buy things on Amazon, when we use our debit cards to buy groceries, when we go to the doctor. We become data subjects and the data we generate is incredibly valuable.
Let’s look back at the Facebook debacle. In early 2018 87 million Facebook users had their data harvested and sold to a company called Cambridge Analytica. The data was sold, which is very important. THIS DATA HAS VALUE - A LOT VALUE. People think they’re engaging with Facebook so they can post pictures of their cat eating pizza and start passive aggressive political fights with relatives. Corporations are absolutely watching this data, they want this data very badly and Facebook got called to the carpet for selling it.
So, while I admire what Europe has done and I’m impressed with the scope and depth of the legislation, this legislation is very new and hasn’t been battle tested yet. Powerful corporations and private entities are already finding ways to work around these laws and make sure increased regulation doesn’t cut into their profit margins. In some cases, the laws will be re-written or exemptions will be adopted into law in order to remove regulation. HIPAA’s corporate “regulations” is the swiss cheese of privacy and data protection laws in order to better serve corporations and private businesses. Time will tell if the GDPR goes the same way.