The Holy Grail of Data Privacy: 4 Reasons Why GDPR Is Good for You (and Your Cloud Services)

GDPR remains true to proven principles. It builds on previous data protection standards and regulates the history of German legislation recognised across the globe. What has proven itself in individual countries now applies at pan-European level – standardised, universal and protecting the privacy of every individual.

GDPR has dominated the headlines for many months. Now that the first wave of anticipation has passed, we are realising that rarely before have we thought so intensively about the importance of our personal data and its protection in the digital age.

This alone has had a sustainable positive effect. It has increased our awareness of the issues at hand. The most important data protection principles were already enshrined in many national laws and now they apply throughout Europe:

• Personal consent: Any processing of personal data is only legal if personal consent has been obtained.
• Earmarking: Providers must document the purpose of data collection and further processing of it when collecting such data.
• Data minimisation: In principle, providers should collect as little data as possible. Provisional data collection is not legitimate.
• Transparency: Data processing should be comprehensible so that everyone can exercise their right to self-determination.
• Integrity: Providers must process information in a manner that ensures adequate data security.

The anchoring of these principles in European law is groundbreaking and is regarded by many countries as a model for data protection reforms that have become absolutely necessary in the digital age.

In May 2014,The European Court of Justice (ECJ) ruled that users can request search engine operators to remove search results about them. This represented a major step forward in the protection of personal data: the right to be forgotten.

Since then, Google has received over 700,000 requests to delist more than 2.6 million URLs. The search engine giant has now removed more than half of them from its search results. Google’s Transparency Report has made all the details public – transparency has become a selling point!

In the USA, deletion of data upon request is not possible and is the subject of controversial discussions. The argumentation is as follows: Search results are opinion-forming and covered by freedom of expression. Supporters of the ECJ ruling are against it, arguing that if search engines display personal data to which the users do not consent, there has to be a right to removal.

GDPR has helped supporters of the right to be forgotten come into their own. It is now firmly anchored in the regulation. Freedom of expression must not lead to the uncontrolled publication of personal information on the Internet. Every individual should have the possibility to prevent the dissemination of unwanted, outdated or false personal data.

The most effective way to minimise your data footprint is still to control the consumption of apps and digital services. Admittedly, our dependence on technology is massive and growing – read our blog post to find out how you can curb your technology addiction.

Since its foundation in the 1950s, European Union (EU) economic policy has been guided by market principles. A common, open market with undistorted competition between as many companies as possible should prevent a few providers from possessing all the market power.

With digital transformation, the definition of market power is changing. Put simply, those who collect more and more data are gaining the power. But this causes us to ask the legitimate question: Are the legal standards sufficient for the effective supervision of competition in digital markets?

The European Competition Commission has already given an emphatic “yes” to this question at least twice. Just last year, Facebook received a fine of EUR 110 million and its stock has been sent tumbling due to various data privacy scandals. In fact, the reason for the fine was due to the Facebook acquisition of WhatsApp, where the social media giant claimed that they would not share personal information between the messaging app and the social network – yet they did.

In the meantime, Facebook has confirmed that it will not completely link the two services in Europe until further notice, unless there is a data exchange solution that complies with the new European data protection requirements. GDPR is doing its job!

Even more impressive was the EUR 4.3 billion fine recently imposed on Google. The European Commission (EC) has prohibited Google from blocking competing apps on its Android operating system. At first glance, this is a typical antitrust case. However, if you look more closely, it says a lot about how consistent the EU is when it comes to defending freedom. Users should be able to decide for themselves with whom they want to share their data – independent of apps, operating systems and providers of digital services.

European Competition Commissioner Margrethe Vestager recently announced in an interview with Forbes that a team of 900 people is working on an analysis tool. This will help the EC to better understand how providers use data to reduce competition and, ultimately, to reduce the variety of products and services available to customers.

The EU has taken a big step with the enforcement of GDPR. In times when the volume of data is doubling every two years, the protection of personal data and the freedom to decide how that data is used ought to be an inviolable fundamental right of every individual. We have every reason to believe that GDPR is the first step, but certainly not the last, towards better data protection.

As a European cloud service provider, NFON addressed GDPR requirements at an early stage. We regard this regulation as a healthy development to guarantee customers and partners optimal data protection. Read this blog post to find out how we turned GDPR into a success story for our customers and partners.