Throughout Europe today we already have strict rules regarding how personal data is handled. With the new EU General Data Protection Regulation (GDPR), the requirements will be even more comprehensive. These will notably apply to all companies – including non-European companies – when handling data about European citizens. This is a good and important step. The question is really not if, but how companies will manage to provide both personalized content and relevant ads, and at the same time ensure that your right to privacy is respected.
GDPR is about Empowering Customers
The more data that is available to companies, the more essential it is that customers are in control of their own data. This is an essential premise of GDPR. There is little doubt that the traditional way of solving transparency with endlessly long privacy policies does not work. Instead, we need to communicate with our customers in a manner that can easily be understood and acted upon.
We need to empower our customers to effectively control their own data. GDPR involves major changes when it comes to user empowerment. The classic “take it or leave it”- approach with regard to handling personal data is part of the past. Automated solutions and flexible user options will be an important part of meeting customer needs when it comes to data and privacy. Continuous feedback from users will be key in the development of our data and privacy solutions.
Tip: See the interview below with our Chief Privacy Officer Ingvild Næss to learn more about what we do with data and why.
Read our most recent Q&A (In Norwegian): Cookies, collection of data, consent vs legitimate interest following GDPR
Ramping up on privacy enhancing technologies
An important trend within data and privacy, is the adoption of privacy-enhancing methods and technologies, like differential privacy; a privacy-model that aims to limit the impact each individual user’s contribution has on the outcome of an analysis. Basically, it is about using statistical analysis to abstract useful notions about what people do and prefer. The key principle from a privacy perspective, is that the model prevents companies from extracting anything about you as an individual user. This may also reduce the risk of usage that represents a privacy violation toyou, such as misuse by hackers, intelligence agencies and other parties who should not have any access to data.
There are also many other technologies available and under development to protect data, such as end-to-end encryption and various forms of anonymization.
The importance of using technologies to protect privacy will increase with GDPR, as one of the legal obligations included in the new regulation is privacy-by-design.