I know it sounds super boring, but here’s why the GDPR is actually really revolutionary af

Data Protection


I figure the next step after passing my EU GDPR F course would be, you know, actually reading the regulation. Because why not, right?

So yeah, it’s important to preface this series (yes, this will be a series — so unfollow me now) with a strong disclaimer: I’m not a lawyer. But I am pretty hardcore into “citizen” style DIY research — so, I figure, this is as good a reason as any to explore the themes, articles and questions around the regulation here and maybe generate some conversations around it. The principles it builds out on are fr*&cking huge.

Anyway, this is the hard copy book I have (if for some reason, you’re a psycho like me who needs to have a copy of this in print), which for some reason has suuuuuuper small type, but oh well:

I’m still in Chapter I — General Provisions. But these two Recitals are, in my humble opinion, amazing af. af. af.

Article 1: Recital (4) begins:

“The processing of personal data should be designed to serve mankind.”

I mean, is the hair on your arms tingling? Cause mine is!

Tbh, I’m not 100% sure yet what the role of the Recitals is: they seem to guide somehow interpretation of the articles of the regulation (according to source linked above). But either way, the above is still pretty amazing as a principle to include, even if it may be (?) “aspirational” to some degree.

Also fascinating is this Recital 7, which includes (excerpted):

“Natural persons should have control of their own personal data.”

WTF! U GO EUOPE!! U ALL HAVE GREAT WINES 2 BTW.

I know…

I know there’s an argument to be made that the EU regulation is crazy/naive/unrealistic because it doesn’t take into account how the internet actually works. But as prominent voices are saying, it might be time we admit that how the internet works is fundamentally broken.

And though I’m still in diapers when it comes to learning about emerging global data protection and privacy laws, regulations and business trends, it’s impressive to me that the European Union has been busily re-envisioning how an internet and tech economy that actually protects its citizens not just might work, but how it will work: a legally binding playbook even companies outside the EU (extra-territoirality) will be obligated to comply with if they target EU citizens as data subjects, whether or not they are paying customers. Or face a huge fine! [Europe is juuust getting warmed up with its fines against tech companies — GDPR isn’t even in force yet.]

Let me ask you straight out —

Is this what it will take to fix the internet? Or at least part of the puzzle… Putting technology at the service of humankind, instead of the other way around. So crazy, we might just give it a chance.

But don’t take my word for it, America. Here’s how Walt Mossberg in his final weekly column for Re/code put it:

“My best answer is that, if we are really going to turn over our homes, our cars, our health and more to private tech companies, on a scale never imagined, we need much, much stronger standards for security and privacy than now exist. Especially in the U.S., it’s time to stop dancing around the privacy and security issues and pass real, binding laws. […]

The tech industry, which has long styled itself as a disruptor, will need to work hand in hand with government to craft these policies. And that might be a bigger challenge than developing the technology in the first place.”