It's Time to Admit That Data Privacy Legislation Is a Disaster

As with many things that spin wildly out of control, to understand means rolling back time to learn why this path was embarked upon in the first place.  I feel that stealing a line from Star Wars, “A long time ago in a galaxy far away…” is OK given the context.  Specifically roll back to 1980 or before.  The world was a much simpler place, there was no “online” yet.  But there was still data that was abused and misused, and abusers were not held accountable.

BAD ACTORS OR BIG BUSINESS?

The UK’s Data Protection Act of 1984 went into effect in 1987 and was repealed in 2000.  The biggest battles at that time were arguing about having more or less bureaucracy as much as actual data privacy.  They intrinsically understood that people would offer too much data naively, and bad actors would do bad things. Most people who were just entering the digital world had no idea how exposed they were, but it was a start and began to establish key principles.

From there things grew, got more bureaucratic, and arguably no safer at all.  Legislation became more intrusive and less protective.  Laws were inconsistent with stated goals and form outweighed function.  Then… dun dun dun… the Internet. Even more naïve people got online and there was a line of bad actors waiting to take advantage of them. 

Not all data abuses were email scams needing $5,000 to get the $1,200,000 from their uncle in Nigeria who passed away, though.  In fact, it was big business targeting trusting users with their personal data and online experiences that were by far the most abusive.  The email scams gave way to the Internet giants who understood how to sidestep regulations, harvest data, and package and resell it to the highest bidder.

PUNISHING THE INNOCENT

Think back – people were angry when they searched their name to find out all the inaccuracies on the internet about them.  People were getting targeted on their social media accounts with ads from vendors to solve problems they thought nobody knew about. 

Somebody goes online with their search engine and searches for male pattern baldness, and almost immediately their social media plasters their newsfeed with remedies from other companies.  Worse, somebody searches for information on a particular cancer, and they’re bombarded with ads for cancer specialists.  This was what angered so many.  This was the behavior that motivated support for GDPR, and subsequently many other well-intentioned laws around the world.

What was the result?  A bunch of legislation that placed incredible burdens, tremendous responsibility, and new liabilities on businesses that in large part were not the ones causing the problem.   And still, the true culprits are at their same antics.

The tech giants who abuse the privacy rights of individuals still do and still will.  Meanwhile, the many businesses who were already protective of their data now have to spend a fortune and dilute their focus to comply with legislation that in large part does nothing except help a few politicians pound on their chest.

The new versions of data privacy legislation quickly emerging globally tend to just be an exercise of “so that’s the best you can do?  Watch how much more I can do!” adding more sizzle and less steak.  Organizations that aren’t abusing data are being punished for the actions of predatory big businesses. So instead of finding creative ways to solve a problem where it doesn’t exist, why not solve one where it does exist?

The ETHIX360 blog brings you weekly updates on all things human resources and compliance.

MEET THE AUTHOR

J Rollins is the co-founder and CEO of ETHIX360. J is a well known leader and innovator who has served on senior leadership teams ranging in responsibility from Chief Revenue Officer, Chief Marketing Officer, SVP of Product Strategy and Chief Operating Officer.

ABOUT ETHIX360

RELATED BLOGS