Do you know where your personal data is?
It’s virtually impossible that you do.
Modern data storage is a nebulous business: a constellation of international data centers and servers house your passwords, emails, banking information, employment histories, and embarrassing middle school profile pictures. But despite the global nature of storing and securing data, there’s little global coordination.
This is problematic, because different countries have different rules about who can access that data, be it network providers, governments, or law enforcement.
What’s more, laws have not kept pace with the technological revolution brought on by the Internet. A patchwork of privacy laws, many enacted when data was stored in filing cabinets, not on the Cloud, clumsily continue to govern. The collection, storage, and handling of personal data are largely opaque processes, but that is starting to change.
New measures for new problems
People knowingly provide their information to companies like Google and Amazon because their services undoubtedly make life more convenient. Privacy, to some extent, is a trade-off for that convenience.
But a recent series of massive data breaches and major revelations regarding misuse of user data have brought some critical questions to the forefront:
- What rights do users have to control their personal data?
- And what responsibilities do companies have to protect that data?
A sweeping measure that went into effect in 2018, the General Data Protection Regulation (GDPR) tries to address these concerns. Its reach is broad: it applies to all companies who process the data of EU individuals, whether or not they are based in Europe.