The amount of data that individuals are creating, recording and sharing is increasing exponentially. This is one of the reasons behind the introduction of the European GDPR regime on 25 May 2018. Its aim is not only to adapt the current rules on the processing of data by businesses (especially those that use large amounts of data) but to bring about a change in culture of the data subjects themselves. By giving them more information and the ability to actively consider and object to how their data is collected and used, it is hoped that the everyday users will shift away from the freely disclosing their data without further consideration.
This is why one of the most concerning points in this piece is the amount of personal data which is said to be collected but untraceable. This lack of transparency is the main driver behind the imminent changes. Pseudonymisation (the removal of all details which can be used to identify the individual) may reduce the legal risks for companies collecting and processing data (especially for statistical purposes). However, much of the data collecting by smart devices will inevitably – or even necessarily – remain linked to the individuals and so companies will need to show that they have a lawful basis for processing any personal data.
For two months in early 2018, technology journalist Kashmir Hill let innocent household items spy on her.
She had turned her one-bedroom apartment into a “smart home” and was measuring how much data was being collected by the firms that made the devices.
Her smart toothbrush betrayed when she had not brushed her teeth, her television revealed when she had spent the day bingeing on programmes, and her smart speaker spoke to the world’s largest online retailer every day.