It's Data Protection Day in Europe. Every January 28, people on this continent educate each other on how to keep their online data safe.
The GDPR or General Data Protection Regulation is the ultimate weapon the EU implemented about eight months ago. Under the law, a company which is found guilty of compromising on users' data could be fined up to four percent of its global revenue.
In terms of money, it means 50 million euros (57 million U.S. dollars) for American search giant Google, which is right now busy appealing
the first GDPR fine imposed by a French data protection watchdog on January 21.
It's also the biggest fine of its kind on a U.S. tech giant in Europe.
The French regulator accused Google of not being transparent enough and failing to get consent from users.
That's the basic spirit of GDPR: transparency and consent. You need to tell people how you collect users' data, how you use their data and make sure they agree with that.
Such a big fine can surely attract the attention of people and companies like Google. Things have changed and playing around with private data now comes at a price.
Data privacy is as critical as you think
Raising people's awareness about data privacy is important. For example, shopping, when we buy things online we need to provide our name and home address in order to receive the goods, which we don't reveal in a real store.
We don't automatically assume that the shopping website will record our address and use it for things other than delivery.
The truth is, some companies sell clients' data to make money and the buyers may resell the information to hackers, thieves and scammers.
Private information trading is an active "industry" that often leads to crimes.
These criminals can hack a company's server to obtain users' personal data. They can also use AI programs to post fake but attractive information on social media platforms like Facebook to manipulate users.
This kind of manipulation can even impact a political election in a country.
Another crisis we are facing about data privacy is targeted advertising. You may have grown tired of this phrase, but imagine if all the news and information you see online becomes "targeted." What if Internet giants show you only what they want you to believe?
The situation goes global as the Internet connects the world. Even in China data safety is a huge issue. Recently CCTV released a list of top 10 consumer rights violation cases in 2018, which included "personal data trade."
In China, last year, massive data breaches took place on online portals such as video website AcFun, job search site 51job, express delivery services YTO and SF-Express and even hotel groups like
Huazhu and
Marriott. At least 500 million Chinese people fell victim to the leaks.
"Private data is being traded like goods while people are running 'naked' online," CCTV commented.
In order to stop this, Chinese legislators are drafting separate laws on private data protection and data safety. It's highly possible these two laws will be discussed during the 2019 "Two Sessions," one of China's largest annual political events.
It's possible that China will impose laws similar to the GDPR since similar regulations have already forced tech giants like Apple to isolate their data centers in China.
What we need to do
In addition to tough laws on data privacy, what else can we do to fortify our personal information?
We must learn about data privacy. What kind of data can be considered personal? What businesses do with personal data? What kind of rights do people have on their own data stored in other people's computers?
These questions need to be urgently answered by lawmakers, government officials, policemen, and businesses.
Lack of information has become one of the key reasons behind data breaches. Imagine a company storing customer password in a text file without any encryption. Surprisingly, it does happen in a lot of businesses.
A lot of Internet devices, both at home and offices, are often not set-up with data security in mind. This is different from virus malware protection and therefore, home device owners like you and me can at least make a start by avoiding weak passwords for important accounts.