Data protection is all about keeping the right balance

It’s been a bit more than 600 days since General Data Protection Regulations (GDPR) changed data protection all across Europe – and a bit more than 600 hours since California Consumer Privacy Act (CCPA) did the same in California and – at least unofficially – way beyond. For me this is a good reason to think about where we stand in terms of protecting personal identifiable information on this International Data Protection Day.

GDPR has been a game changer, even if it might not have changed exactly the way many players would have thought or wished… or maybe even dreamt. Sometimes “even the strictest and most rigorously worded sections of GDPR have been liberally interpreted by the companies they impact” as Deborah Dillon, Data Privacy Lead at Atos in the UK said in her recent expert opinion. At least in my conviction the way ahead will be lined by more and more interventions from Supervisory Authorities. If players do not play fair their leeway will melt away. And this is good news.

At the same time, we see “the movement […] continuing to go global” as Deborah said. More and more countries enter this field with their privacy laws, most recently California with the CCPA. Like with GDPR, also for CCPA “there are many parts that are still not completed and we are waiting to know what we need to do to be compliant with the law” as Janine Skinner, Data Protection Officer Atos NAO stated in her latest post. In parallel, other U.S. states are thinking out loud about their potential privacy laws. Let’s hope this is not becoming a competition of who can enact the strictest data privacy law.

Protecting personal data should allow for both, providing and enjoying convenient digital services as well as being the master of your own privacy. None of these needs to block the other. It is up to us in our everyday business to create the right balance in applying the rules in a responsible way. Let’s do it!

Happy Data Protection Day!