Most recent

3 Ways the General Data Protection Regulation Might Have Been a Whole Lot Worse

By Eitan Bremler
Boy-General Data Protection Regulation

The General Data Protection Regulation (GDPR) is coming, and every commentator says that it represents a huge upheaval in the world of information privacy. They say that, but there have been other occasions where the European Union's Information Commissioner Office has put out some regulations that made barely a ripple. Worse, some proposals have been outright ludicrous, and had they been enacted the foundations of the Internet may have crumpled.

Inroads against encryption, attempting to bundle teenagers off social media, and implementing a nearly useless cookie law are all actions that the EU ICO have taken. Fortunately, these actions have had little to no effect on the internet at large, but let's take a look at them anyway. The GDPR might be onerous, but what we could have gotten may have been much, much worse.

  1. Let's ban teenagers from social media

Back in 2015, the EU ICO made waves by announcing that it would attempt to ban children under 16 from social media. On the one hand, this seems like a sensible idea—social media services gather a huge amount of information from people, and children aren't especially well-positioned  to think the consequences through. On the other hand, have you ever tried to keep a teenager from using the internet? That genie is pretty firmly out of the bottle.

Keeping under-16s from using social media would have been a monumental enforcement task. Putting this ban into place would most likely have strained the resources of the ICO past the breaking point—without making any measurable change. In an effort to save face, the ICO delegated the task of deciding who gets to use social media to the member nations of the EU. Most countries opted to sidestep the ban, and keep any social media age restrictions where they already were.

  1. Let's warn everyone about cookies

Over the last few years, you may have seen a new warning pop up on your favorite websites, something along the lines of "We are now required to inform you that this site uses cookies." If you're like most people, you probably dismiss that warning with a small amount of irritation—just another pop-up on an increasingly crowded webpage.

The EU Cookie Law states that companies in the EU must require their users to consent before placing cookies on their computer. In theory, this makes consumers aware that they're giving up a little of their privacy in order to gain a more functional user experience. In practice, none of this occurred.

EU officials have found that the cookie law doesn't actually educate users. Most just click away the warning without understanding what they're agreeing to. In short the EU cookie law has made European businesses spend the equivalent of over 2 billion dollars in order to do nothing more than degrade their own user experience. In fact the law is so bad that EU officials are currently revising it, but in classic EU fashion those revisions may have the effect of making the law even worse.

  1. Let's gnaw at the underpinnings of the internet

Encryption is the most valuable tool for data privacy and information security, period. Unfortunately, some less-than-savory individuals have been using encryption to plan terror attacks on various EU capitals, and so EU officials have decided to blow the whole thing up.

This month, the EU Justice Commissioner Vera Jourova will propose options that make it possible for law enforcement to read encrypted files. This essentially boils down to the act of forcing tech companies to write backdoors into their own software—which is a remarkably terrible idea.

If this comes to pass, three things are going to happen.

  • Terrorists will switch from commercial encrypted messaging apps to homebrew apps, which are incredibly easy to make.
  • Hackers will inevitably find and penetrate backdoors in commercial encryption software, even if they are only supposed to be for government use.
  • Ordinary internet users will find themselves at the mercy of criminals and foreign governments, without enjoying any additional protection from terror attacks.

If these new regulations come to pass, it will be yet another example of the ways that haphazardly applied restrictions can stifle the growth of companies without providing any additional consumer protections.

No matter what the EU decrees, Safe-T has your back

In a time of constantly-shifting data protection requirements, spending too much time worrying about compliance can slow down any business. Safe-T helps with providing automatic policy enforcement tools that let you instantly comply with a number of important data privacy restrictions, no matter where you're doing business. Compliance is tricky, but Safe-T helps make sure that it never gets in the way of growth or innovation. For more information, sign up for a free demo today! New Call-to-action

All posts