GDPR: Who really owns the data
What General Data Protection Regulation (GDPR) has effectively done is that, it has transformed the power of data ownership in the hands of the customer
On May 25th, 2018, a landmark regulation came into effect, that will potentially transform the data rights and harmonise data protection across all states in Europe. This is bound to have a significant impact of how data is owned, managed, used, accessed and shared by companies. So, the key question to be answered – in an increasingly digital world, who really owns the data?
“…We collect information to provide better services to all our users – from figuring out basic stuff such as which language you speak, to more complex things like which ads you’ll find most useful, the people who matter most to you online or which YouTube videos you might like.. We also collect the content that you create, upload or receive from others when using our services. This includes things such as email you write and receive, photos and videos that you save, docs and spreadsheets you create and comments that you make on YouTube videos….”
Amazon again mentions in its privacy policy that they use personal information to personalise and improve customers’ shopping experience.
So clearly, massive zetta bytes of personal data collected by these firms – both purchase and behavioural is used to effectively to either personalise advertising or used to personalise and recommend products for shopping and any other commerce related activities.
So, clearly the question to ask, if personal data is owned and used without the explicit knowledge or permission of the user, is not a violation? Or more simply put, are you the owner of your own personal data and do you have the right to give permission to let others use all this data?
» Personally identifiable information (PII) incl. name, address, phone bank details, location.
» Data like IP address, cookies or even a customer post or a tweet and so on.
» Even data IDs that can be worked backwards to identify a person such as raw IDs, ‘anonymised data’ and so on.
Therefore, how does it empower the customer about their own personal data and usage?
» Right to be informed: Provide detailed information about who is collecting and processing personal data.
» Right of access: Individuals can seek confirmation that their personal data is being processed and can request a copy of all their information free of charge.
» Right to rectification: Individuals can seek rectification of inaccurate or incomplete information and it is the responsibility of the companies to share it with third-parties who they had shared with earlier.
» Right to erase: Individuals can withdraw their consent and request deletion of their data when there is no legitimate reason to process it.
» Right to restrict processing: Individuals can exercise the right to restrict the processing of their personal data while it is still stored with the processors.
» Right to data portability: Individuals can obtain their data from their processors for their own use or use it across other services.
» Right to object: Individuals can raise an objection to their personal data being processed, if they have a compelling reason.
As you can see, there is a transfer of control of personal data back to the customers and it provides all the flexibility to customers, as they are rightfully the owners of their own personal data and it gives them all the right to share the personal data with service providers who they would want to do business with or stop doing business with.
GDPR has started the data ownership revolution across the globe and it is only expected gain more momentum in the future. Finally, nobody else can own a customer’s personal data or information. It must be retained by the customer and she will have complete right of ownership of this information.
The author is a Co-Founder & CEO of Hansa Cequity, a leading customer & data-driven marketing company out of India.