How the EU's GDPR empowers digital civic engagement

May
08

The GDPR will give give a civic life where citizens are empowered, and empowered not only as data producers but also data owners, which means access to data portability.

The EU's GDPR will take effect on May 25th, and while many companies that serve customers in the EU have to adhere, there are numerous applications for civil society, journalists, academia, philanthropy, and the private sector as well. The GDPR represents an important step forward for envisioning a civic life where citizens are empowered not only as data producers but also data owners. Any conversation of leveraging data, technology, or innovation to enhance civic life or governance should seriously consider how such a framework could more deeply empower citizens in the U.S.

The GDPR is a set of data protection laws that harmonize regulations across the entire EU. This law had been approved by the EU parliament in April 2016 to take effect after two years of transition time.

There are several core components of the GDPR that are relevant for broader governance and civic conversations around the world. First, having a clear sense of who collects your information and what information they collect. This reflects a demand to look under the hood at how your personal information is used and what is shown to you in turn. The GDPR requires notification if a breach has occurred within 72 hours. Hopefully the GDPR will also prompt more transparency and accountability about algorithms and their inherent biases. Understanding the implications behind algorithmic decision making begins with understanding what data is being generated and how that information is being collected, used, disseminated, and re-packaged both to the user and others.

Second, having a right to be forgotten. If I want my data to be removed from a company, the GDPR provides this opportunity. One of the most exciting aspects of the GDPR is the concept of “data portability,” which provides consumers with a clear record of their personal data so that they can choose if and how they want their data to appear.

Third, enhancing data protection responsibilities. The GDPR aims to foster better practices from the onset with privacy in mind. Public agencies and companies, which process large amounts of data, must appoint a data protection officer (DPO). There are many roles and responsibilities of these DPOs including educating the company, training staff involved in data processing, maintaining comprehensive records, and serving as a point of contact for the GDPR Supervisory Authorities. The DPO helps ensure that good data hygiene is practiced with a direct line of contact.

On a more normative level, the GDPR should be a wakeup call for a frank, honest, and difficult conversation about how to make data rights a fundamental civic right.

Most if not all communication moves almost entirely on networked online technology platforms. This is exactly the reason why we need a discussion about data protections, empowering users with their own information, and transparency.

Read the full complete article here.

Finding it hard to comply with GDPR? Not sure where to start? Allow us to help you! Just give us your contact information and we will be happy to help. www.idlink.eu

Kristina Lund
Partner at SafeOnline