In several respects, Europe’s General Data Protection Regulation is a terrible piece of legislation. Having been so long in the making, it appears outdated even before it comes into effect on May 25. The GDPR is also overly sweeping in scope and largely unenforceable in practice. That is not a great look for what has been billed as a landmark law intended to resound around the world.
Yet, in spite of its manifest flaws, the regulation has already achieved one invaluable goal. It has forced us to focus on how we treat the most valuable assets of our digital age: data. The law’s main aim is clear: to compel all organisations to be more transparent and accountable in their use of personal data and to give consumers greater control and choice.
The EU’s move seems timely following the outrage surrounding Cambridge Analytica’s misuse of Facebook data. The casual way in which 87m users’ details were accessed without their consent only reinforced the impression that the big social media companies regard personal data as mulch to be monetised rather than property to be protected.