You Have The Right To Speak Up. Anything You Do Can and Will Be Used - Online
<hl>TL;DRing online privacy regulations for you. It should not be complicated. It is actually fairly easy.<hl>
The Miranda warning has worked its way into not only everyday police procedure, but American culture as well — even if you’ve never been arrested, you probably know the words “You have the right to remain silent. Anything you say can and will be used against you.” The notion of being informed on our rights when our fundamental liberties are at stake, is integral to democratic societies, and for a good reason. But unfortunately, with regard to our information online, we are left completely in the dark.
Congrats. You weren’t aware, but you have brand new rights, and the regulations establishing them are spreading like wildfire across the globe. The most famous privacy regulation, the GDPR in Europe, came into force last May, and will be followed by the CCPA in January 2020 in California. Similar laws are already live or are in the process in many other countries such as India, Japan, Australia, and Canada. However, the problem remains the same. The majority of us did not even hear about these rights, and the small portion who did, do not have a single clue on how to exercise and benefit from them.
Theory vs Reality
Let’s take the GDPR, as an example and break down the two most important rights it provides.
The GDPR demands accountability from companies, and provides citizens in Europe seven powerful rights that give them transparency and control over their personal data. The most popular way to exercise any right is by email communication. Each company has appointed a Data Protection Officer (DPO) that is in charge of making sure your GDPR requests will be taken care of.
In Theory: Each company has to create a dedicated “privacy email inbox” to receive requests from its customers. This address should be visible and found easily on their website. Users can send their GDPR requests regarding their personal data to this address, and should receive an acknowledgment over the next 72 hours and a closed request confirmation within 30 days.
In Reality: Companies tend to hide this email address in their long privacy policies, making it very complicated to find. In other cases, this address cannot be found anywhere. Moreover, companies struggle to close cases in less than 30 days.
Your #1 Right – Send me my data (Article 15)
In Theory: You can send an email request to the company’s DPO and ask for a copy of all the personal data that the company has collected about you.
In Reality: The GDPR did not set a standard on how companies need to deliver your personal data. More specifically, in which exact format. Companies like Facebook and Google created a simple, although hidden, web interface to view your personal data. BUT the majority of companies are sending a file with their own format, which is unreadable to the Average Joe. These formats include JSON, CSV, Excel, PDF, Database Screenshots, XML, and more. It’s a true jungle.
Your #2 Right – Delete my data (Article 17)
In Theory: You can send an email request to the company’s DPO and ask to delete all the personal data that the company has collected about you.
In Reality: In the majority of cases, the DPO will try to deter you from your request. They might try to make the process more complex by sending many emails, asking a lot of questions, and taking the whole 30 days, or even more, to complete the request. It’s a real bureaucratic nightmare.
Demand what’s yours
Ultimately, privacy regulations are great, but in order to enjoy them, we have to be proactive. Starting to discuss our rights rather than ignore them is a key step in this battle.
The regulations are laying there on the floor, waiting for us to pick them up and use them. Nobody will do it for us.
Go reclaim yourself. It’s fairly simple.