What next? Privacy or Profit?
Have we turned a corner in terms of our attitude towards personal data and privacy, or will it be back to business as usual once the current Facebook furor has died down? Digital technologies have enabled both governments and corporations to build up a comprehensive picture of every aspect of our daily lives. While some might argue that recent events show that the end goal is to “own us,” I would argue that there are always those who would seek to maintain the delicate balance between privacy and profit.
Regulatory protections have been in place for over 20 years. The European Data Protection Directive came into force in 1995, regulating the processing of personal data within the EU. It forms an important part of the EU’s privacy and human rights law, which exist under the auspices of the European Convention on Human Rights (ECHR). It provides a right to respect for one’s “private and family life, his home and his correspondence.” The data protection directive touches upon consent, disclosure, accountability and several other basic guidelines. However, this law was developed approximately a decade before the world’s major social media platforms.
The adoption of the General Data Protection Regulation (GDPR) in 2016 and which comes into force on 25 May 2018, indicates that society is rising to the challenge of slamming on the brakes. This regulation specifically addresses the export of personal data outside of the EU. This creates a physical, geographical and geopolitical border for the intangible world of electronic data for the first time in history. This new law is directly binding and applicable. The regulations also include the right to be forgotten and authorized data removal, enabling private citizens to control their online presence.
At Avaya, we are already well ahead of the curve. We are one of only 90 companies in the world to attain approval of Binding Corporate Rules (BCR), which allow us to transfer personal data internationally within the corporate group even in countries that do not themselves provide adequate levels of protection. Requirements include transparency, data quality, security, auditing, training, complaint handling and evidence that the rules are binding. The EU only authorizes the use of BCRs to companies proven to have very strong data handling practices, wherever the data is handled.
Adherence to these rules is crucial for the safety and security of our own, and our customer’s businesses. Avaya is investing heavily in exciting new artificial intelligence and blockchain solutions that are utterly transformative. They do however rely on big data. For this reason, a huge burden of responsibility rests on our shoulders. Avaya is already rolling out elements of GDPR ahead of time, including agreements that govern legal security measures for people responsible for data processing. Our technology ensures privacy by default and has privacy built in by design—these include, for example, the default setting not to record voice calls.
It is incumbent upon those of us who are developing technologies that use vast quantities of personal and business data, to lead the way. It is our responsibility to not only respect the privacy of the private individual, but to do everything in our power to ensure that we leave nothing but a positive, lasting footprint on the history of mankind.