The need for security and transparency in the innovation age - IC4 at re:publica
The increasingly pervasive role of technology in the information age of today not only leads to exciting technological advances in areas such as the IoT (Internet of Things), but also generates growing concern and discourse among the public regarding privacy and transparency. Our use of mobile devices and Internet-based technologies coupled with the growing number of everyday appliances which are now wifi enabled facilitates the collection of copious volumes of information about citizens. Such data collection practices, which occur often without the knowledge of the individual, can generate numerous important privacy questions. What information is being collected and by whom? Is the information stored securely? Who is that information being shared with and are we informed of data collection and usage practices? These were just some of the questions addressed by the ‘Trust me!’ panel at re:publica last Friday.
Chaired by The Irish Times columnist Karlin Lillington, the panel consisted of KBC’s Director of Innovation, Eddie Dillon, a Security and IoT researcher with Digital Catapult, Angelo Caposele and Google’s Trust and Safety Director, Paddy Flynn. To begin, each panellist discussed their company’s experiences and offerings within the IoT sector. Dillon outlined how operating in the banking sector has changed for KBC, with the growing emphasis on convenience meaning that all traditional banking services must now be offered 24/7 to customers online. Flynn noted how Google are working with Dublin City Council on smart city initiatives. Throughout the panel, one theme was recurring and it is the same theme that the tech industry as a whole is talking about at the moment, that of GDPR.
So what is GDPR?
General Data Protection Regulation (GDPR) is the new data protection regulation which comes into effect on May 25th 2018. GDPR builds upon existing regulation to introduce one regulation for all EU member states. Companies collecting and processing personal data on European citizens irrespective of the company’s geographic location must comply with the regulation. The many changes within the GDPR include the extension of personal data to include online identifiers, strict guidelines for gaining informed consent and proving consent, increased transparency and advocating privacy by design and default. These will require all organisations to not only rethink their approach to the collection, storage and processing of personal information, but to redesign privacy policies and consent requests, update information processing procedures, and engage in the training of employees. In addition to the challenges facing organisations, Flynn noted that “GDPR is going to be a real challenge for citizens to understand.”
GDPR seeks to provide European citizens with greater awareness and control over their personal information through the introduction of several additional rights from the right to rectification, to the right to erasure. Two core elements of GDPR are 'informed consent' and transparency. While organisations must develop processes to gain informed consent, citizens must understand the implications of granting consent for the collection and processing of personal data. In addition, organisations must ensure that citizens are capable and aware of their right to opt out at any time. The potential changes to privacy policies and consent requests could overload citizens, with Flynn highlighting the fact that many citizens may not have the technical skills needed to understand consent requests and may find these changes confusing and off-putting.
Despite the hype surrounding the challenges associated with GDPR, the discussion around the new regulation was positive amongst the panel. The sentiment was perfectly encapsulated in one comment made by Caposele in discussing the potential of GDPR. He stated “The race to connect every device to the internet could be an excuse to collect more data,” but GDPR will help ensure that this does not happen. In summary, as Digital citizens, GDPR represents an opportunity to reclaim some control over our personal information, but we must be proactive in understanding our online behaviours. For organisations of all sizes and maturity levels, the time is now to begin working towards compliance by May 2018. One key takeaway provided by Flynn was a call for organisations to “not sacrifice security for cheapness” and to build privacy by design principles in from the start.
At IC4, we are currently working on a number of GDPR related projects. If you or your company are interested in working with our researchers, contact us via the ‘contact us’ form and we will endeavour to get back to you as soon as we can.
For more information on GDPR and to see how it will affect you see GDPRandyou.ie