One year into the General Data Protection Regulation’s (GDPR) entry into force (and our Privacy Party to celebrate the affair), we’re reflecting on the big wins and persistent issues that Europe’s data protection laws have brought about.
Data protection authorities have started enforcing new data protection standards under the GDPR, and Google was fined 50 million euros by the CNIL for overly vague privacy terms and mis-informed consent in January 2019. In September 2018, Facebook experienced a data breach affecting nearly 50 million users, which prompted an investigation by the Irish Data Protection Commission. If found to be in breach of GDPR, Facebook could face a fine of up to $1.63 billion. On top of this, in November 2018, the Internet Society of France, a non-governmental organization, filed a class action lawsuit against Facebook for €100 million. The NGO cites GDPR breaches and irresponsible data practices in its complaints.
Public Trust in Companies is Dwindling
And yet public trust in big business (specifically businesses engaged with the capital markets) is at an all-time low. The capitalist system has actually never been more distrusted to have the best interest of workers, the community, and the natural world at its core. A recent Deloitte study of Millennials and Gen Z illustrates that 73% of respondents are apprehensive about the security of their personal data held by businesses. Combine this with the knowledge that fully 25% of those surveyed have curtailed consumer relationships with companies because of their inability to protect personal data, and a massive risk to revenue starts to take shape for businesses flagrantly dismissing such concerns.
The concept of “trust” in a company is one we have fought against since our founding, and the very reason why we built Snips to be Private by Design. Ultimately, in the absence of binding and enforceable checks and balances, end users should not have to rely on “trust” in a third party when it comes to protecting their private lives while engaging with useful technology.
In this regard, the GDPR provides one level of checks, and helps ensure some minimal safeguards are implemented such as a level of security, of definition of purpose, and some transparency in terms of information. But the interpretation and enforcement of the GDPR’s standards are still being tested. Overall, there still aren’t many constraints on companies against doing what they deem necessary to fulfill their own purposes, even when this might come at a higher privacy cost for their end users.
The No-Compromise Approach to Data
The deal we make with end users at Snips is very straightforward: if they use our on-device voice assistant, their voice recordings never travel away from the device itself. This enables the technology itself to be deployed with privacy at its core, as an infrastructural necessity. Indeed, our choice to start a business and develop technology that is Private by Design from the very beginning still has huge impacts on what we build today. We’ve made GDPR-compliant software since our founding in 2013. And our privacy ethos is the number one reason our hires give for joining Snips. So on this first anniversary of the GDPR’s coming-into-force, we’re looking back at the last six years of operations at Snips, and bringing you the best blog posts and talks on Privacy by Design by members of the Snips team.
A great place to start is a recent post by Marion Bergeret, our VP of Legal, and Jo Dureau, our CTO, explaining the unnecessary compromise large companies force users to make between privacy and performance: Voice, Privacy, and the “No Compromise” Model.
To hear directly from our CEO and Cofounder Dr. Rand Hindi on the topic of Privacy by Design, check out a list of his best talks and interviews on our YouTube channel: https://www.youtube.com/playlist?list=PLmOf6ALFW9aZ0WTHqomPeFW7tOwIuUyUL
More blog articles from Snips on Privacy by Design: