Technology

Why GDPR is causing more headaches than it cures

GDPR should build a trusted relationship between service providers and customers – but it’s currently doing the opposite.

You’ve probably noticed over the last few weeks that, when you’re trying to access your online accounts – email, video, social media, or whatever – that instead of just letting you in, you’re met with unfriendly gatekeepers, usually in the form of pop-up messages and a links. Entry is conditional on you reading through page after page about your rights and duties, then ticking a box that accepts your responsibility for anything that might go wrong. It’s on you now – but it always has been, so nothing really new there.

You’ve probably noticed over the last few weeks that, when you’re trying to access your online accounts – email, video, social media, or whatever – that instead of just letting you in, you’re met with unfriendly gatekeepers, usually in the form of pop-up messages and a links. Entry is conditional on you reading through page after page about your rights and duties, then ticking a box that accepts your responsibility for anything that might go wrong. It’s on you now – but it always has been, so nothing really new there.

It feels like a first-person shooting game set in the offices of a law firm, where account managers and privacy experts pour from every nook and cranny of cyberspace to wave updated contracts in my face.

But any attempt to vaporise the horde of rambling legal threats is doomed to failure. Plain English might be a silver bullet for the twisted syntax and legal newspeak. But then the notifications aren’t really written for the likes of you or me, but for solicitors, who can wave them and say “we told them so!” when upset customers drag the service providers to court.

Collins can help. It does not destroy but it heals. It is replacing long rambling sentences with sharp predicative structures. It erases redundant expressions. It unveils purposefully ambiguous messages.

This will be a long fight, my fellow first person shooters. If you doubt it, let me share a few encounters from the battlefield. (Original brand names are deleted, but the quotes are real.)

“XYZ has and will maintain technical and organisational measures to ensure the security of your data.” The author loves littering the sentences with useless words. She could say “We always keep your data safe”, but that would be a bold promise and she may not be able to deliver. “Maintaining measures” keeps the escape routes open.

Here comes a quote from a natural-born wizard of semantics. “…you or your employees will have more control over how your data is used and it ensures that organisations protect your personal data better,” he says. Notice the comparative form of the adjectives: the control is “more” and the protection is “better”, which mean improvement but not fulfilment.

The same wizard adds a link where you can read more about the “new privacy notice.” I could fill a roll of paper towel with the words of the Manic Miner. At one point he informs me that he takes “seriously [the] responsibility to help prevent the crime of modern slavery and human trafficking across our own business as well as that of our partners and suppliers. As part of our commitment, we ensure that our workers are not being exploited, that our work environment is safe, and that all employment, health and safety and human rights laws are fully adhered to.” If fighting for the human rights is part of your “new privacy notice”, what has been going on before?

The same wizard adds a link where you can read more about the “new privacy notice.” I could fill a roll of paper towel with the words of the Manic Miner. At one point he informs me that he takes “seriously [the] responsibility to help prevent the crime of modern slavery and human trafficking across our own business as well as that of our partners and suppliers. As part of our commitment, we ensure that our workers are not being exploited, that our work environment is safe, and that all employment, health and safety and human rights laws are fully adhered to.” If fighting for the human rights is part of your “new privacy notice”, what has been going on before?

There are encouraging examples as well. This one is the notification of a gym-chain: “We know this isn’t the most interesting subject in the world, but your privacy is incredibly important to us so we’ve updated our privacy policy in line with new data protection laws. This strengthens your rights and is part of our commitment to being transparent about how we use your information and keep it safe. You’ll be pleased to know that there’s nothing you need to do…”

My fellow first-person shooters, if only all companies would be that honest and concise. This is my final fantasy.


Originally published in Business Reporter Online: June 2018