China dropped two bombshells towards the end of 2017! One is that it is using it’s 176 million surveillance cameras and facial recognition technology to enforce near-total mass surveillance on its population. Secondly, it is working to leverage artificial intelligence to predict who will commit crimes even before the crime happens.
Both of them are the ultimate dreams of every surveillance-hungry state and a nightmare for privacy advocates (because of the invasion of data privacy).
If that’s shocking to you, then wait till you hear about what’s happening closer home. Governments with authoritarian tendencies are not the only ones interested in mass surveillance of its people. Telecom companies, mobile apps, social media platforms, email providers, and a multitude of other businesses have access to enormous amounts of our data. By controlling such businesses, foreign governments can surreptitiously enforce mass-surveillance systems in any country in the world. Not to mention the potential for misuse of such systems by private businesses for commercial profits.
While it is true that big data and artificial intelligence are the enablers of such systems, what’s making all of this possible is the personal data of millions of users, which is often collected, stored, and used without their express consent or knowledge about the usage of such data.
So, does this mean an invasion of data privacy for everyone?
Well, big data concerns have been the subject of much discussion in recent years. A number of governments have either been skirting around this issue or have been implementing their mass surveillance systems. Thankfully, the European Union is taking the lead in preventing such a depressing future from materializing through its General Data Protection Regulation (GDPR).
GDPR privacy concerns about Big Data and AI
The GDPR is scheduled to come into effect on 25 May 2018, post which all businesses working in the EU should comply with this regulation. Here are some highlights of GDPR that address the big data privacy concerns:
- Businesses need to explicitly state the purposes for which they are collecting customer data. Further, their claims will be verified by Data Protection Officers.
- The customers should be able to access or update the personal data, collected from them and even delete all of it at any time they deem fit.
- Businesses should allow the customers to download or transfer a standardized, digitized copy of all their data available with the businesses to some other provider.
- If a business suffers a breach or a hacking attempt, they should inform the relevant privacy regulator within 72 hours. Some exceptions apply.
- Any lapse in compliance with the GDPR Regulations will bring a fine of up to €20 million, or a prison sentence.
The guidelines in the GDPR successfully address the privacy concerns resulting from cutting-edge technologies like big data and AI. However, the most powerful aspect of GDPR is that its impact will be felt worldwide. It doesn’t matter whether the consumer data is processing, inside or outside the EU. All organizations will be under pressure to abide by GDPR, as it will become the seminal law for privacy protection.
In fact, businesses across the EU are already approaching the technology services providers for big data privacy solutions. Because it can help them navigate the legal landscape in the aftermath of the imminent new data protection law.
The questions that now need answers are – will they be compliant with the GDPR by the May 25 deadline? How many businesses will decide that they would rather keep following the old practices, and keep their activities more clandestine?