May 25th, 2018: Two years ago the European Union release the EU General Data Protection Regulation (GDPR), what would change the internet — at least for companies doing business in the EU. So first of all, #HAPPYBIRTHDAYGDPR.
Slightly later, in June 2018 California published the California Consumer Privacy Act (CCPA).
Internet and online applications create a vast amount of data. Where possible this data is linked to “real” persons (or their representations in form of user accounts or cookies) to make the information more valuable. Especially in the field of online commerce and advertising, personal data is the new gold these days.
But various data breaches disclosed sensitive information of persons and therefore the EU decided to put a law in place, to give the end user the possibility to own its data. The other way around, the fines for companies not sticking to the law, are not neglectable anymore.
More explicitly, companies need to provide the possibility to users to retrieve “their” data and also have the right that this data is deleted. Hence companies need to implemented measures to either not store such personal identifiable information (PII) or have the possibility to provide this data to the legitimate users.
These days, the question “Do I have to ask a user before I collect data?” is a central topic of hot discussions. The Planet49 case is one of the examples on the legal side as well as the rise and impact of the CMPs (Consent Management Platforms) on the product side.
But not only users themself realize that data protection is important. Also, the big players have identified this as a relevant topic for trust and as a result several browsers already block tracking and 3rd party cookies. And you can assume, this is only the beginning.
