Data policing and GDPR – a solution
Since its inception in May 2018, GDPR and the policing of data has caused businesses everywhere to add additional processes and systems into their normal operations to ensure they remain compliant and not at risk of breaking legislation.
As we continue to live more of our lives online and wish to automate more aspects of our subscription-based content, user data has become increasingly important and valuable. With users asking for more ubiquity from their devices and services there is a tightrope companies must walk, where user experience must be seamless – for example your video service suggesting things you want to see, not just what is “popular” – but not abused – for example serving you content on your social media feed specifically tailored to distort your perception of a political party or policy.
One of the biggest challenges in the policing of data [from both a service consumer and provider] is data management, what type of data is being stored, is it the right kind of data and how should it be handled, processed and stored. There is though a way that this data could be standardised and served with the power given to the correct party – the individual.
If there were a universal standard that specified all elements of “personal” data, this data-set could be held by, stored by and managed by the user, not the companies providing a service. If universally adopted, this standard would enable companies to tackle the issue of privacy by empowering the user and only interacting with the user’s data while the user was actively using the service.
If user data was held by the user and they simply “authorised” specific services access to their “user record” via a secure connection, the user could see all authorised services currently allowed to access their data [much like the privacy settings within social media apps and sites “this account has given access to the following…”] and access could be removed by the user at any time. This way you could have say Facebook and Twitter authorised to access your information so when you visited their sites, but as they would not be storing your personal information, if you removed authorisation you could walk away knowing you had taken your data with you. This would also mean data breaches in online businesses would not directly compromise the users’ data.
There are lots of challenges involved in implementing something like a universal standard but it is something that has been on the IT agenda since the early 00's. The Internet Identity Workshop [IIW] - an internet standards conference that was founded to deal with identity issues on the internet - have proposed standards that have since been taken up within the IT industry and are currently working on a "Self-Sovereign Identity" system based on distributed ledger technology for solving this exact issue, where the personal data can be held by the individual for all instances where identity is required, from online through banking and even medical records.
This standard may be the one to bring about order and consistency in online identity, but whether or not it is the one to be universally adopted one thing is clear, as our personal data becomes more and more vital to businesses and individuals alike, and with the ever expanding capabilities of online services, effective and universal laws governing the use of it are crucial in a data-protected world.