The General Data Protection Regulation (GDPR) put into law by the European Union this past May is a legal framework for guidelines governing the collection, storage and processing of personal data. It applies to European Citizens only. So, for U.S. Citizens, what’s the big deal?
Protecting one’s personal data has been made more challenging in the past few years by technology advances in marketing automation and so-called “Big Data.” Institutions called “Data Collectors” can use targeted email, advertising, loyalty programs and other methods to encourage individuals to successively give up small amounts of information about themselves, their lifestyles and their personal or social habits. The small things you do, like using your points for a bag of pork rinds or bringing in a coupon for a great deal on a toilet paper brand you would not normally buy, are actions that are added to your “profile.” Aggregated together, these behaviors tell a great deal about you. Sometimes when you are not explicitly identified to the system (such as by your name) you can still be tracked by the website you visit which deposits tracking information called “cookies” on your computer.
Some of the most effective and aggressive programs are loyalty programs, such as those your local chain store runs, giving you good deals on the things you bought in the past and recording your purchases every time you buy. In 2014, analysts at Target stores accurately predicted that a shopper was pregnant by a change in her buying habits, which prompted them to send her coupons for baby-related merchandise. A further examination might have also told them that the shopper was a teenager, a fact they discovered when the girl’s irate Father visited his local store.
GDPR greatly expands the definition of personal data. Traditionally personal data has been confined to hard data such as a name, address, telephone number etc., but now it can include behavioral data that can be aggregated by a data collector. GDPR demands that this “soft” data requires equal security protection. Also, the GDPR clause usually identified as “Right to Be Forgotten” or “Data Erasure” requires a data collector to purge an individual’s data from its system at his or her request.
By being careful where you leave your data, you can stop the trend, but what about all of that information they already have? Work has begun in states like New York and California, taking inspiration from GDPR in some cases, to provide better protection and safeguards for consumers when it comes to personal data online. However, the Right to be Forgotten or “Data Erasure” clause is not always included, and often doesn’t focus on online search results.
The R2BF movement focuses on developing legislation focusing on online search results that protects consumers but still adheres to America’s traditions, values and rules of law so that we can truly champion technology’s power to change and improve the human condition. It’s time to take action, and ask for the Right to be Forgotten in the United States. Sign the petition that will go to your Representatives and add your name to the list of concerned citizens who want Right to Be Forgotten added to our laws.