GDPR (EU’s “General Data Protection Regulation”) went live on the 25th of May 2018 as I am sure everyone in the EU is aware of by now, if not for any other reason, just for receiving about a trillion of email messages from various organizations, asking you to provide your consent for them to continue storing your data on their databases. This is a really excellent idea, albeit a bit useless, because to the best of my knowledge, these messages won’t be recurring. Consent should be requested at least annually to be of any value. I do not claim to be a GDPR expert however, so if I am wrong and these messages will indeed be recurring, feel free to message me, or comment below; I am always open to criticism.
I am also very sure that about half of all the e-mail messages that you received, were from organizations that you weren’t aware that they had your data in the first place, or that you had forgotten providing them with your data in the past. Both of these statements hold true for me and I am certain that I am not the only one.
And so, that is the obvious benefit of having GDPR around: Had it not been for it, I would never have known about the myriad of organizations that possessed my data unbeknownst to me. Another benefit of GDPR is that it gives everyone of us the ability to hop on the website of anyone who has our data and ask for them to be deleted. Finally, its draconian approach to violators of the regulation, means that everyone considering such a violation, will have to think it over multiple times before committing even the first step towards such a violation – This is an approach towards lawmaking that generally finds me very much in favor of, as the… overlying “democratization” of many legal systems in Europe, makes it feel as if those who break the law almost have more rights than those who don’t and… as usual, I digress!
Back to my original point, another good thing about the GDPR, is that well, there are no other good things about it. Instead, I can think of very serious issue about it: GDPR is another form of state regulation, the mere existence of which, if you are a proponent of minimum state interference in the economy like myself, would probably make you sick. Yet when it comes especially to the GDPR, I believe that there is not enough state involved!
So before you go thinking that I am suffering from some kind of schizophrenic, double personality disorder, allow me to explain: The people that will be paid to help ensure GDPR compliance, will be the very same individuals who gave rise to the need for such a regulation. The IT professionals have been abusing their specialized knowledge in the industry for far too long. Too many of them were causing more problems than the “good ones” were able to tackle and even if it weren’t for the “bad ones” I am fairly certain that some good guys would turn rogue, just in order to justify their existence. As Plato said, “The true measure of any man is what he does with power.” We, as societies, gave the IT industry virtually unlimited power over the last 30 or so years, to regulate itself, to show us their true measure.
Instead, what –a great deal of them apparently, for the GDPR to become a necessity- they did, was to lower their level of professionalism to that of the average marketer (ie somewhere close to the depth of the Marianas Trench.) The IT people where all too happy to provide the average overly intrusive marketer, everything they ever dreamed of: From spam email, to secret data collection and big data analytics. The reason why the GDPR came to pass, was because of the insatiable greed of the marketing and the IT industries combined. And so it is for this reason that providing the IT industry with a revenue level that they will make for certain just because businesses will have to hire them to avoid violating the GDPR, sounds like a bad joke. We are giving guardian status to an industry that has consistently proved to be way too unethical to guard itself without GDPR imposed. And so, Juneval’s question becomes all the more modern: “Quis custodiet ipsos custodes? – Who will guard the guardians?” If those that are tasked to guard me have already proven incompetent to do so when they had absolute power, then yes, I am up for more state involvement in the industry, by giving, for example, companies the option to go to a public authority for GDPR compliance purposes and at the same time by applying equally harsh penalties to those applied for the companies that breach GDPR regulations, to the private IT firms that provide such compliance services, in cases of proven misconduct.
Not a perfect solution, even by a long shot, but it is certainly something that would allow me to sleep easier at night as a consumer, by knowing that someone does guard the questionable competence of these guardians.
PS: I received from my hosting service instructions on how to make this blog GDPR-compliant. That aside however, what is of more value to you in my opinion, is my original commitment to everyone that has subscribed to my newsletters and that will always stand: I will never, under any circumstances whatsoever, share your email with anyone else, period.