Nilson Roberto da Silva: Consent and protection

Read Time5 Minute, 31 Second

             Consent and protection

Introduction

Governments, enterprises and civil society are striving to ensure the protection of personal data stored on dedicated or cloud servers. There are already several regulatory vehicles, but the General Data Protection Regulation, GDPR, has been a pioneer of assigning extraterritorial guidelines.

You are required to follow data protection rules whether you have direct or indirect responsibility for storage and handling of any data. All those who seek to know their rights also need to look closely at the purposes of the GDPR or a counterpart legislation.

 

Why the concern

One day you go home and see a stranger sitting on the sofa, who, even before waiting for your reaction, greets you with a friendly smile and, without hesitation, asks how each person in your family is doing, calling everyone by loving nicknames.

The scene resembles that of a psychological kidnapping thriller. The state of shock would be the victims likely feeling. This is the context in which the individual authorization is infringed.

From personal relationships to trading transactions, unambiguous permission – antidote against unilateralism – should be the primary protection for any social interaction. Self-determination depends on the right of choice that, indeed, is more than a right. As long as we think and, therefore, exist, we can never disregard consent as a principle of freedom.

We are responsible for the safekeeping and disclosure of our own data, whether it be document numbers, test results, religious or political affiliations. For its part, the data protection legislation requires intensified commitments from institutions for the sake of collective security, as they caretakers of a huge amount of personal data in different circumstances.

The exercise of making the regulation resulted from persistent doubts about the use of personal data made available to organizations: What do companies perform with data and how long do business keep databases? Does private data go through to other firms, even without the data subject’s permission?

There are still other possible side effects, for instance, after researching the price of a simple crayon box, the computer screen can turn into a stream of school related supply ads for a long period.

Data psychology

Everything that seems pleasant, attractive and sometimes innocently free tends to influence decision-making processes. The psychology of conquest through fascination uses varied performance; it can subtract rationality to get our permission. The side effect of a roofie drink is an extreme example about the dangers of lack of people consent.

From retail peak that triggered global consumption levels to the most recent phase of massification through e-commerce, an underlying trait marked economic history. Trade deals used to bring the idea of the client’s tacit consent for eventual data employment. Until recently, firms have learned to cope with this type of consent.

The practice of data mining allows grouping customer profiles and predicting consumption patterns. This competitive differential made it possible to subtly stimulate expenditure trends for products or services that, without this crosswise technique, would remain in storages or without demand for longer period.

Mining is a combined tool for marketing, data processing and organization general management, which potential outcome is revamped data into valuable knowledge. In the end, it collaborated with reduction of administrative and production costs and, therefore, increased income margins.

However, the lack of limits between business independence and autonomous customer agreement has given rise to some economic structural breakdowns. The potential of mining, before data protection directives, provided conditions for the development of data oligopolies by niche markets or monopolies of knowledge for those who had the technical and financial resources to foster analytical skills.

The legal provisions aim to minimize imbalances between customers and companies and, thus, reducing the effects of information asymmetry – one of the innate market failures that causes distortions in free competition. It should be pointed out that State has the same responsibilities as the private sector in the management and handling of citizens’ data.

Consent, technology and protection

The insecurity or instability of systems increase the risks of cyberattacks in public and private organizations, as invaders can capture data to commit crimes that threaten people’s life, such as extortion through cyberstalking by using network connections.

Files known as cookies record our clicks during web navigation. These “biscuits” have appetizing ingredients: data profiles, browsing history, user preferences and login username and password storage. Any vulnerability in this technical resource could be the initial recipe for exposing individual profiles or receiving undesirable contacts.

The regulation sheds light on deployment need for painstaking security protocols, forcing organizations to control over data by nonstop surveillance. It is an opportunity to find techniques, models and harmonic systems to manage data in accordance with the regulatory mark. The outcome will bring suitable dynamics for the management of routine activities, such as:

1st – Filling in e-mail account, social network or outpatient facility registrations,

2nd – Records of documentary and biometric identifications for access to buildings, and

3rd – Data tabulation of surveys that make respondents identifiable.

The universe of data protection is compound by the GDPR, regulations, technical standards, international agreements, established practices, court decisions and comparative studies, considering the globalizing feature of the relationships. The set conducts missions of banning actions consent subtraction and encourage unequivocal agreement, in addition to paying attention to cybercrimes.

The regulation and its binding connections are comprehensive and the alignment provides legal security for everyone. Still, to avoid surprises – including penalties – in the face of any undesired leaks, natural persons and companies should be prudent and always ask themselves about the real need to provide or store register such as:

  • Personal data,
  • Religious belief,

  • Political and philosophical opinion, and

  • Genetic, biometric, ethnic or health data.

Keeping businesses in compliance attests to good governance and transparency, competitive differentials of social responsibility that reinforce organizational reputations both in the traditional market and digital economy. A misstep of database risk management causes problems as or more harmful than pervasive use of targeting advertisements or cold callings.

From making data available to his temporary ownership in any firm, prudence and reasonableness can indicate the best path to be taken by data. After all, consent and protection are actions that complement each other and depend on agents that interact mutually.

In conclusion, whilst clearly there is work to be done to achieve legal data protection compliance, the regulation also opens opportunities of demonstrating to customer and citizens that you have taken the appropriate measures to guard their interests. Surely a sign of trust and quality, essential element of sustainable business.

Read Consent and protection

By

Profile photo of Nilson Roberto da Silva

Nilson Roberto da Silva

Institutional Relationship Executive Manager / Economist, Brazil

Linkedin: Nilson Roberto da-Silva

 

 

About Post Author

Robert Williams

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: