Making sense of Big Data and the GDPR
In this article, we take a look at big data, the new set of Data Protection Regulations (GDPR) and ask if parents should be concerned about what their children share.
Earlier this year, following four years of negotiation the EU adopted a new set of Data Protection Regulations. The GDPR introduces substantial changes to European data protection law, along with severe financial penalties for non-compliance. The new regulations set the age of consent to sixteen by default. Member states are given the option of adopting a lower age, but it may be no lower than thirteen years. The UK has opted to keep things at thirteen.
The Department of Justice has opened a consultation on the ‘digital age of consent’ for services offered to children online, including social media. Tánaiste and Minister for Justice Frances Fitzgerald intends to bring a proposal to determine the ‘digital consent’ age threshold to Cabinet later this year, ahead of a new EU regulation due to come into force in 2018. Following the consultation, the cabinet decided the “digital age of consent” should be set at 13.
What is Big Data?
Most of the big online companies, Facebook, Google, Twitter, etc. are not in the business of providing online services; they are all in the data business. Basically, they collect your information and sell it to advertisers.
If you are on a website or app and you can’t work out what they are selling, it’s YOU.
Your data is a lot more than the photos you upload, the tweets you share, and personal information you enter in forms when setting up social networking profiles. It also includes information about where you are, who you are with, what you search for, what articles you read, what you buy, what phone you have.
There is an expression that Facebook knows what you are having for breakfast before you do. The data that they collect allows them to create a profile of you so detailed they can tell if you prefer Corn Flakes to Rice Krispies. This type of information is very valuable to advertisers. It means they don’t have to waste money trying to sell you products you aren’t interested in.
If you take your data and put it together with millions of other users’ data, you have what’s called big data. Companies use automated tools to analyse the vast amounts of data from millions of different users to identify cluster or patterns of behaviour. They can also have a pretty good stab at predicting what you will do based on what you and others like you have done in the past. This is the type of thing that insurance companies have been doing for years.
We all, either explicitly or implicitly, sign up to the ‘free’ internet deal. We get lots of cools stuff without having to pay for it and in return the people who make the stuff get to collect valuable information about us that they can sell for hard cash. Once we give permission for firms to gather our data and they only use it for the purpose we agreed; then everyone is happy. If anyone doesn’t keep their side of the bargain, we can go to the Data Protection Commissioner and ask for help.
Data protection for children
When it comes to children things are a little bit more complex. They are considered to be less aware of the risks, consequences and their rights in relation to the use of their personal data.
The law provides protection around the use of children’s personal data for marketing or to create online user profiles or accounts. Companies must get parental consent before they start to collect or use the data of anyone under the age of thirteen. Getting consent is a very big administrative hassle.
Without parental consent, and as a consequence without personal data, it isn’t possible for firms to create and manage user accounts on their service. This is why social media platforms like Facebook, YouTube, and Twitter are restricted to children over the age of 13. The threshold is less to do with child safety concerns and more to do with data protection compliance.
For more information on the new set of Data Protection Regulations (GDPR) go to: ec.europa.eu/justice/data-protection/