Why the General Data Protection Regulation (GDPR) is Necessary & Key to the Tech Future

This audio was created using Microsoft Azure Speech Services

Throughout time, humanity has been striving to improve its condition and circumstances. This striving has come in fits and starts. And at times, we fail in a big way…think war and starvation. But taken as a whole, human civilization has been steadily building and laying a foundation that has dramatically improved the lives of all people. The rule of law, freedom, democracy, human rights, property rights, education systems, legal systems, a free press, industrialization, science, and technology…these are the foundations of our modern society. Perhaps not always applied well and often imperfect, this foundation has, nonetheless, brought unprecedented well-being and a higher standard-of-living to billions of people. I believe we are working to add to this foundation today in the domains of energy sustainability and Information Technology (IT) as a utility. The problem we must deal with as a society, however, is that these foundations can undermine each other when one is pursued at the expense of the other.

Server room in data center

IT – A Powerful Vulnerability

Let’s take IT, as an example.  IT has revolutionized everything about our civilization. Digitization, IoT, data analytics, artificial intelligence (AI) and blockchain technologies promise even more.  But, arguably, this pursuit has come with some societal costs: increased carbon-based energy consumption, a loss of privacy, and a new tool to threaten democratic systems. Regrettably, our utter reliance on IT and data centers has created this new attack surface for criminals and nation states to attack one another.

Defending Digital Consumers’ Personal Data

The European Union’s new General Data Protection Regulation (GDPR) is a big and serious attempt to build and enforce a protection framework to deal with the loss of privacy societal cost. The regulation becomes enforceable on May 25, 2018. Although surely imperfect and open to interpretation, GDPR will give power back to the citizens of the EU to protect their personal data and ultimately their privacy. Organizations that collect, process, and/or store personal data of EU citizens will have to do so in compliance with the regulation. While this is adding complexity and significant cost to the economy, I would argue that a person’s right to privacy and having control over their own personal data justifies this cost.

A Digitized World Powered by Data Centers

I see this regulation as an important step in laying a foundation for a highly digitized, always on, IoT-enabled world. If we’re going to live in a world where every aspect of your life is digital and online, then we need to make sure people are protected. We need to give them confidence that they can trust in the system and its technologies. Without this trust, we hamper technology advancement and adoption. Without the regulation, we continue to erode privacy rights. Neither outcome is acceptable, of course. GDPR will not be perfect. I’m sure it will evolve over time and improve as enforcement cases are litigated. In the meantime, it’s a necessary first step to ensure our exciting new IoT-enabled world of digitization, automation, and artificial intelligence does not come at the expense of our natural rights as citizens.

Tags: , , , , ,