Why regulations like GDPR are not enough to protect your consumer data privacy

Why regulations like GDPR are not enough to protect your consumer data privacy

Day-to-day activities across generations are shifting faster from offline to online than ever before, especially this year. While the shift to digital means more convenience and flexibility to do things from the comfort of your home as the new normal (education, business meetings, real estate showings), the question inevitably becomes – who is watching?                        

One of, if not the, top concerns people have about online activities is data privacy. What information is being captured about me? How is that information being used and who has access to it? The phrase “if you are not paying for a product, then you are the product” has never resonated as strongly as now.

Big tech has been in the spotlight on the topic of data privacy for many years. Last year, Facebook agreed to pay $5 billion to the FTC in order settle data privacy concerns. This topic did not elude Zoom, the online video conferencing tool we all became familiar with during the COVID-19 lockdowns, who faced allegations from the FTC that they engaged in a series of deceptive and unfair practices that undermined the security of its users despite claiming to provide “end-to-end 256-bit encryption” to its users.

There have been larger measures to protect consumer data such as the implementation of General Data Protection Regulation (GDPR) in Europe in May 28 2018, which requires strict obligations on how organizations (European or otherwise) target or collect data related to people in the EU. GDPR has undoubtedly fueled the debate on whether a regulation like this needs to be implemented in other parts of the world- such as extending the California Consumer Privacy Act to other states in the US.

Do policies like GDPR solve all the challenges facing consumers and businesses when it comes to data protection and privacy? No. While policies and regulations are a step in the right direction, the reality for businesses to implement it are complicated.

One of the primary challenges to implement GDPR is limited data capabilities of many organizations whose databases often run on legacy infrastructures. This makes even managing consent information a complex and sometimes manual workstream. Therefore, such organizations can view consumer data as a liability rather than an asset.

Consumer data protection and privacy has become a critical part of management strategy, and organizations who can harness their data within these parameters and deliver it into something actionable are proving to be at a true competitive advantage.

Gartner recently released their Top 10 Technology Trends for 2021 – and one of the trends mentioned that is promising for unlocking an organization’s data is privacy enhancing computation technologies.

Privacy-enhancing computation, or confidential computing, is a cloud based cyber-security technology that directly addresses how an organization can leverage data in a protected and secure way – both for internal use cases and direct collaboration with external parties.

“This trend enables organizations to collaborate on research securely across regions and with competitors without sacrificing confidentiality. This approach is designed specifically for the increasing need to share data while maintaining privacy or security,” writes Gartner.

Big tech cloud providers Amazon, Google, and Microsoft have all recently announced their increased investment into confidential computing. Microsoft Azure was the first major cloud provider to deliver confidential computing, while Google Cloud announced at Cloud Next’20 their confidential computing with confidential virtual machines program as their newest cloud security program.

However, there are start-ups who are already dedicated to building confidential computing technologies. Zürich-based startup decentriq just raised a $3.8 million funding round in Oct 2020 from tech security investors btov Partners and Paladin Capital Group. decentriq’s platform runs on the latest cryptography-based confidential computing technoloy; their key proposition is to provide organizations a way to secure user data in real-time even while analyzing them on the cloud, ensuring zero leakage risk and GDPR compliance.

“decentriq can prove mathematically that nobody else in the chain (including decentriq itself and the respective cloud provider) has access to these confidential assets,” says Andreas Goeldi, decentriq’s investor at btov Partners.

Confidential computing is an emerging technology that can help organizations address data privacy and protection for their users. With the increased investment from tech giants and startups alike, it is one of the biggest trends to come in cloud technology and security to protect consumer data.

About the Author

Melissa Chien authorMelissa is an experienced growth marketing leader currently at decentriq. She is an expert in bringing new tech products in legacy industries to market in the US, UK and across Europe. She has collaborated with companies across a wide variety of industries including Klarna, Amazon, Google, Citi and JetBlue.

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.