There’s a lot of talk about data, and it’s not often good news. We hear about data breaches, privacy violations, big fines, stolen identities, and a lack of transparency. … What do we actually know about data, and what can we do to better protect ourselves? We decided to dive deep into all things data with Global Data Privacy and Protection Officer, Debbie Reynolds, on last week’s GoodTech Vidcast. Proceed to read a recap of the show, or watch it in its entirety here.

“The Data Diva”

Debbie Reynolds is also known as “The Data Diva”. The alias was born out of a conversation Debbie had with a journalist from the Wall Street Journal. She tells us, “As I was explaining to her what I did, she was like ‘Oh! So you’re the data diva?’. At first I was very bashful about it, because I thought people wouldn’t take me seriously, but then I started using it and people loved it,” Debbie says.

Debbie travels all over the world to speak at conferences, often taking the opportunity to talk about data privacy laws. “I always try to give people practical things to take away with them,” Debbie says. “Knowing that the GDPR exists in Europe is one thing, but understanding what it means to you as an individual, and as a business person, or how you have to change the way that you operate a business. … That’s the way I try to sell the story to people, so that it’s relatable, and something that they can actually take away and do something with.”

Today’s Problem With Data

So, what’s the biggest problem we face around data today? Debbie gives an example: “You have your phone and you’re walking down the street, but you don’t understand that your every movement is transmitted by the phone in your pocket. Right now, I think people can’t really comprehend how companies are using this data, but it’s pretty frightening. I mean, something as innocuous as you walking down the street could be transmitted and sold to hundreds of companies, so it’s baffling and mind boggling to people that the information about them is collected.”

Debbie walks us through what happens when we sign up for services like Facebook. “They take your details and figure out who you know. Then they try to suggest people, and they’re pretty good at it. So, if you put your name in there, they can pretty much pull up people that either are your family, or that you’ve worked with or are connected to” Debbie continues by saying that the marketers on platforms like Facebook want the information to be very targeted, so that they can find out as much about you as possible. They might, for example, find out that you live in Barcelona and that you like to drink chai lattes. The marketers will then be able to tell companies to give them money for the access to your information, so they can deliver you personalized ads. “Once it gets past that third party, you have no clue where it is,” Debbie says. “These are billion dollar businesses, that are building on buying and selling this information, and it’s basically invisible to the public at this point. There isn’t enough transparency, which makes it hard for the consumer to object, because they have no idea what’s happening.” 

We all think Facebook is free, right? Well, what you’re actually paying with is your data. “Would you pay for Facebook if it cost 1500 dollars a year?” Debbie asks. “Probably not. But, it’s possible that Facebook, and all of these other companies, are making that much from you as a free user. Because, in exchange for using their software and their tools for free, they can take, package, and resell your data.” 

What is GDPR and CCPA?

We’ve all probably heard about GDPR by now, but how many of us actually know exactly what it is? Debbie takes a moment to explain to us that GDPR is a regulation that is enforced in the EU. It has to do with preserving the fundamental human rights of persons in the EU, to have their data protected or private. It extends across the world, for any company that handles a person’s data who’s in the EU. It means that wherever your data goes, so do your rights. Debbie says, “People think that GDPR is so tough, and it is tough in a lot of ways, but it’s not very different than the previous privacy directive that the EU had. I really think the GDPR got people’s attention. It got people thinking about the way that they’re operating. Even though the US doesn’t have GDPR-like laws, once the GDPR came out, every single website we go to has all these cookie consents. I think as these privacy laws get more complicated, the segmentation of being able to target and do different things with different people’s data is going to become more important.”

Similar to the GDPR, we have the CCPA – the California Consumer Privacy Act. But, is CCPA a mirror image of GDPR? “Well,” Debbie says, “The CCPA has some similarities to GDPR. Probably the most notable similarity is that the state of California had written that privacy is a fundamental human right, in their 1972 constitution. They’re currently the only state that has that, so that’s a parallel that they have with the EU.” Debbie tells us that the CCPA also tries to target individual’s rights including all of their data, as opposed to other laws in the US, that are mostly about certain types of data (like financial data, health data, data about minors etc). “So, CCPA is the first US law that is as comprehensive about all data types. Basically, they’re saying that, for anything that a for-profit company can use and possibly sell, of a consumer, they need to provide transparency. The GDPR, in contrast, is not just for for-profit companies, but for all types of different companies. So it’s broader in that sense, but the definition of personal information in the CCPA is a little bit more narrow than in the GDPR. I think one thing that people need to realize is that the EU had their data directive 15 years before the GDPR, so this has been codified in laws in the EU for almost two decades. CCPA is brand new and it’s not replacing anything that’s been in place. So, it’s hard to compare them, because in the US it’s so different to anything that we’ve had about data privacy.”

Debbie states that data privacy is really heating up around the world. Some countries have already had their own laws around data privacy, but when GDPR came out, they started to pass more comprehensive types of laws. “The activity has definitely picked up in the last four or five years, in terms of regulation or people trying to pass laws,” she says. “In the US, I think they say that since the CCPA passed, around 23 states are currently looking to pass some type of more comprehensive data privacy legislation than they currently have.”

With GDPR and CCPA in place, what are we still worried about? Well, just because we have laws doesn’t mean that it isn’t possible that your personal information can still be exploited or manipulated. Debbie gives an example, “Let’s say you said something online, and your employer uses it against you, but they don’t tell you. It may not even be legal, so you don’t know if your rights are being violated. Also, for example, you might happen upon identity theft. Say you want to apply for a credit card. To make sure that you’re the person you say you are, they ask you what house you lived in when you grew up, what was your best friend’s name, etc. If someone has hacked into your system and they have that information, they can answer those questions as if they were you. They then steal your identity, and it might be very hard for you to prove that it wasn’t you.” Another thing that can still worry us, is being listened to by our smart devices. Debbie says, “Our cellphones are set so that your voice assistant is listening for you to call their name, but they’re also listening when you’re not wanting them to. Some companies are getting into trouble because they’re actually keeping and listening to that information, and it’s not clear what they’re actually doing with it.”

So, even though we have laws such as the GDPR and CCPA, it’s still important to be careful about which platforms you choose to use. Even if you’re not an expert on all things data, it’s not that hard to make sure that your information stays in your hands. Idka is an example of a service that lets you own your data. There are no ads and no algorithms. Just your data, safe and private. Combined with all of the features you’d want in a platform, such as groups, chat, cloud storage, posts and notes, Idka makes the perfect tool for your organization to work effectively and privately. You can easily create your own free account today. Just head over to www.idka.com and sign up!