June 6, 2018
The recent start of the EU’s GDPR has added an even greater sense of urgency for a Facebook executive team already under intense pressure because of the Cambridge Analytica fiasco. Other companies may hope to stay under the GDPR radar for a while, but Facebook could easily find itself an immediate compliance test case – and with its privacy policies thoroughly dissected in the news, Facebook cannot claim to be ignorant of the potential consequences of noncompliance.
But Facebook’s current troubles could turn out to be a blessing for consumers because everyone, whether they live in the EU are not, is now thinking more seriously about what happens to their data. This will no doubt increase the pressure on organizations to complete their GDPR compliance journey – or make similar changes if GDPR does not apply to them – including the most important step of being transparent with consumers about how their data is being used and their ability to have that data deleted.
While most organizations don’t collect personal and sensitive information on the scale of Facebook, they can still face many similar challenges – especially those related to transparency and customer trust. Other challenges include:
- Getting explicit permission to use – that is, capitalize – collected personal data for commercial purposes, which can impact advertising programs, partnership strategies and other initiatives. This permission is in addition to the general consent to collect the data.
- Recognizing the difference between “personal” and “sensitive” data. Under the GDPR, in addition to collecting personal information “for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes,” companies must get explicit permission from users to process special categories of “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.”
Being transparent and specific about the use of data and getting the right permissions in place is critical at a time when governments around the world are demanding greater accountability related to privacy, and where consumers are finally getting more proactive. But it can also be a significant challenge for organizations if their current use of the personal or sensitive data they collect will in some way upset their customers.