First of all, let me state for the record. I think that on the whole GDPR is a good idea. Putting control back in the hands of the data owner (what the regulation is all about) is a good thing. However, a recent article in the Guardian:
Got me thinking about the way it is being promoted, and the fact that the focus seems to be on email address lists rather than the broader and more subtle personal information that is gathered, held and used by many organisations. Uses that have significantly greater privacy implications than who has my email address & how they use it. Over the last couple of months, I have received a torrent of emails asking me me to re-subscribe to lists. Whilst the intentions of these people is admirable (if misguided – according to the Guardian). I, like most people, am lazy, and as a resuch have not responded to any of them (A recent statistic suggested that resubscription rates are on average, <10%), even though many of them are companies I have bought from or registered with in the past. The upshot of this is that all of these people will stop sending me information, even though many of their emails, I would consider “of interest”. Let’s face it, I would have unsubscribed if I really didn’t want their stuff. Furthermore as a consumer, they have needed my consent to email me for a number of years (under the excising e-privacy laws) anyway! But what about all the people, who have got my email address from who knows where, and are already not complying with the e-privacy laws. Those people not-unsurprisingly have not asked me to re-subscribe and will continue to send me emails. So one result of GDPR is that the proportion of these less interesting emails in my inbox will increase. But what about the new teeth That GDPR has given the ICO? Won’t that mean they can shut down these people with massive fines? In principal, yes it does. but in reality, tthe ICO have had sanctions including the ability to levy fines up to £500,000 since 2003 under the existing PECR, a regulation that already requires consent for email marketing to private individuals With this in mind, I would hope that they will be using their resources to work with/go after people who are really abusing personal information, gathering it in a more covert way, and using it to target you in ways that you would not expect, ways that create real privacy issues. Lets face it, GDPR, was never really about stopping unsolicited email, it was about putting in place a framework of regulation to address issues like social media data harvesting/mining, to force companies to be open an honest about what data they collect & and how they use it, and at its heart, to put the control back into the hands of us the data owners. In reality technology has pretty much dealt with the issue of unsolicited email. I use exchange/Office 365, and I now unwanted Marketing emails/spam are not an issue for me as Microsoft’s systems handle them admirably. Google’s Gmail system is equally good at managing the issue. So why has GDPR become all about re-subscribing to marketing lists? In my opinion, who has my email address, and who uses it to market to me is the least of the privacy issues on the net at the moment! For me, it just means I will stop getting emails that i might have found interesting. Oh well I guess that just the price of being lazy! I will finish by stressing that this is just my opinion, and I guess time will tell what the real impact of GDPR will be. Let’s hope going forward the focus will be of solving the very real privacy issues associated with the ways we use technology in 2018 and beyond. .