GDPR, Data Ethics and Implications of Cambridge Analytica
Takeaways from The International Association of Privacy Professionals Annual Summit
Achieved Compliance joined regulators, policymakers and privacy practitioners gathered in Washington on March 27-28 for the International Association of Privacy Professionals’ (IAPP) Annual Summit. The Summit is the largest gathering of privacy and data protection professionals in the world, and both the subject matter of the formal sessions and the hallway conversations provide a window on what is top of mind for regulators and for companies that collect and process data. The following are some takeaways.
The Growing Importance of Privacy Expertise to Company Compliance
IAPP serves as a convener and resource for companies seeking the most up-to-date information about data protection, governance and privacy. It provides training and certification for individuals who wish to obtain credentialing qualifications for work in privacy. Companies collecting and processing data – which today means all companies – increasingly understand that they are responsible for handling data appropriately and complying with regulation and law. These companies and their teams seek the guidance, information, expertise and networking opportunities IAPP provides.
The rapid expansion of IAPP’s membership and engagement highlight growing company awareness of privacy and data protection as a compliance issue. In 2012, IAPP had 10,000 members, and only six years later its members exceed 36,000 in number, located in 100 countries. The over 3,500 attendees at this year’s Summit included representatives of companies across all industries, including Fortune 100 companies and small and medium-sized enterprises.
GDPR & The Trend Toward Data Ethics
The May 25 compliance deadline of the General Data Protection Regulation (GDPR) was a clear focus of discussion at the meeting. But even as companies work to comply with the GDPR, they also are watching closely the efforts of policymakers in Europe and the U.S. to address emerging concerns raised by technologies such as artificial intelligence and big data analytics. The European Data Protection Supervisor (EDPS) in 2015 urged the EU and the international privacy community to promote an ethical dimension in the development and deployment of future technologies, with the goal of promoting values of human dignity in data use. It also created an Ethics Advisory Group to help the EDPS to assess the ethical implications of AI and big data analytics.
In January of this year, the EDPS issued a report of its work. Companies of all sizes and industry sectors are increasingly deploying and using these technologies and data processing techniques – whether directly or through vendors. Because these data activities can challenge our traditional notions of data protection, privacy experts, non-governmental organizations and regulators are examining ways to mitigate risk. This work of the EDPS was the subject of discussion among many at the Summit, and we can expect to hear more about the ethical questions raised by AI and analytics – and how to address them – in the coming months.
Finally, the Cambridge Analytica case was central to the conversation last week. Informal discussions focused on the United Kingdom data protection authority’s investigation and the implications for Facebook, other social networks, and data aggregators. Participants also spoke about the requirements of the U.S. Federal Trade Commission’s 2011 consent decree with Facebook and the possibility that the incident would resurrect calls in the United States for omnibus privacy legislation. There was general consensus that inquiries into these kinds of data activities, particularly via social media, would continue.
The wide range of data protection issues considered at the Summit illustrates the complexity of new data protection issues and how quickly they are emerging. While at first glance, these may appear to be the concern of large tech companies, cutting-edge data processing is rapidly becoming fundamental to the success of companies of all sizes and from all areas of commercial life. Addressing these issues is rapidly becoming the responsibility of organizations across the marketplace.
Achieved Compliance – helping you navigate the complex world of data compliance.
Through its software guided review and remediation process, education tools and representation services, Achieved Compliance makes it possible for companies to take all the steps needed for meaningful compliance that meets regulators’ expectations.
For more information as to how we can help your organization be GDPR compliant please contact firstname.lastname@example.org.