2018 was a landmark year for regulators and businesses alike following the introduction of GDPR. There was a move from businesses to not only step up in protecting personal data, but to also respect the individual’s rights over their information, and information about them. In 2019, data privacy has become just as important as data security.
However, recent incidents like the $79.5 million fine facing Google still raises questions about our ability to regulate data privacy. In fact, a recent Commvault poll showed that 80% of IT and data experts were less than fully confident in their businesses’ level of compliance with data protection regulations like the GDPR, and 37% believe more regulation is required.
But what would more regulation look like? Here are three trends that will shape the future of data privacy here in Australia.
Consumer awareness and involvement will trigger a much greater conversation about what data privacy means, and how it is applied. If governments and organisations provided consumers with more ways of tracking how a company got their data from, and given more transparent information around individual rights, and easier processes to opt out and withdraw consent to data, the more healthier the conversation.
Awareness of trust will be raised between consumers and organisations. Data breaches, cold calling scandals, and data misuse court cases have all eroded the trust in for-profit and non-profit entities, so this needs to won back through transparency, and a candid relationship with consumers over how data is and is not being used.
Consumers also have the power to shape how regulators enforce sanctions for GDPR non-compliance. It would be impossible for organisations like the Office of the Australian Information Commissioner to monitor the entire Internet for breaches in the policy, so wronged citizens need to flag the issues that matter to them. While we’re still waiting to see what transgressions lead to what fines, we should all exercise our rights to exert pressure on the regulator to meet public demand.
2. International co-ordination will remain patchy at best
In an ideal world, there would be an international standard for data privacy however, this is unlikely due to the nature of each country and its government. This means that on a national scale, more work needs to be done to make sure the right rules are in place.
Although the Assistance and Access Bill has been amidst controversy lately, it’s a step forward in putting regulation in place and a conversation driver between business, media and government in driving action against data privacy, far better than no action at all.
On the other hand, a lack of co-ordination on an international scale breeds complexity for Australian businesses who trade internationally. Even Australian universities have international students who must adhere to data regulations like the GDPR, but with the new encryption laws they can’t guarantee complete data protection. This is why it is important for governments to work with their corresponding private sectors to canvas the best possible solution for all parties involved.
3.Ethical questions around automation
We are still in the infancy of any ethics discussions around how anonymised, once personal, data is used and managed.
Firstly, with anonymised data, businesses are profiting from the use of a person’s information, just without their name attached. Tap My Data is a great example of how consumers are getting a monetised piece of the action, and recent research suggests that Facebook users would want to be paid more than $1,000 to deactivate their accounts for a year.
Secondly, there is an ethical dilemma around anonymised data. A wearable health device can track heart activity which is then analysed, anonymously, by healthcare researchers using artificial intelligence (AI). If one finds a correlation between a certain reading and a healthcare risk, is there an ethical obligation to then inform users who exhibit this pattern?
If the data is anonymised, this isn’t possible and the De-identification and the Privacy Act even expressly forbids efforts to de-anonymise data. How these types of issues get handled will likely remain a topic of debate for years to come, as deep learning and artificial intelligence (AI) generate more insight from increasingly sophisticated ways of collecting this sort of data.
Taking a more stringent approach to data protection inevitably leads to better data management overall, which means that businesses can save money and use their data more efficiently to solve business challenges. At the same time, customer trust is earned and built.
It’s exciting to see what the future of data privacy will include, particularly as businesses make an active, long-term commitment to privacy and ultimately, rebuilding trust with their customers. Ethical questions will continue to be asked, but for good reason. This will only lend to more comprehensive regulation around data use and management.