European Data Protection Day: are EU citizens really protected?

According to Superrr Lab founder and activist Julia Kloiber, citizens usually do not know for what purpose their data is being used or the kind of profiles it creates. This is simply because technical know-how is often lacking and because companies do not voluntarily disclose information about how they proceed. [Nikolay Antonov/EPA]

European Data Protection Day aims to raise awareness and promote privacy and data protection best practices. However, according to Julia Kloiber, activist and founder of Superrr Lab, European data protection is deficient and it remains questionable if citizens have the necessary know-how to assert their rights. EURACTIV Germany reports.

The European Data Protection Convention was signed on 28 January 1981. Since 2007, European Data Protection Day has been marked each year on the same day.

Today, net-political actors from the political sphere and civil society are holding lectures, writing social media posts and giving interviews to raise awareness about data protection and informing the public of the EU’s General Data Protection Regulation, known as GDPR.

But this is no easy task.

Data protection is a technical topic, and to understand it, you have to invest a lot of time, which many people do not have, Julia Kloiber told EURACTIV. Kloiber, who is a programmer, is also the founder of Superrr Lab, which explores how digital technologies can create more inclusive societies.

France hits Google with €50 million GDPR fine

By hitting Google with a fine, the French data regulatory authority has set a precedent which may rattle digital leaders across Europe – the derelictions of duty which Google is accused of in France are shared by many other operators. EURACTIV France reports.

Ignorance is powerlessness

Kloiber considers the GDPR’s implementation to have been deficient so far.

In theory, EU citizens have considerably more rights since the regulation came into force in May 2018, such as the right to surrender or delete collected data or the right to object to data processing.

Yet, for the citizens themselves, this usually just means clicking through a few pop-up windows to get to the desired website. “You just click quickly: OK, OK, OK,” said Kloiber, for convenience.

And that is already enough to consent to one’s data being collected. With the help of the collected data, companies then create profiles of the users to provide them with customised content or to analyse their behaviour.

On social media, this can even lead to so-called “filter bubbles”, where users get ‘fed’ information that confirms their worldview. And this could lead to polarisation.

EU seeks 'concrete' improvements to Privacy Shield, as advocacy group calls the accord a 'big mistake'

The European Commission has called for a number of ‘concrete steps’ to be made in order to improve the EU’s data transfer accord with the US, the Privacy Shield. Meanwhile, the data protection group Access Now has come out in criticism of the agreement and called for it to be suspended.

Lack of clarity about user profiles

According to Kloiber, citizens usually do not know for what purpose their data is being used or the kind of profiles it creates. This is simply because technical know-how is often lacking and because companies do not voluntarily disclose information about how they proceed.

Thanks to the GDPR, it is in principle possible to request information about data processing. Yet, it remains unclear whether companies have to disclose, for example, what kind of profile has been created and how advertisements and other content are adapted to match a profile.

Above all, it seems questionable whether people with little technical knowledge would know how to address these companies.

For Kloiber, the GDPR itself is the biggest problem, given that it shifts responsibility for data protection to citizens, who lack the knowledge and information to assert their rights.

95,000 complaints issued to EU Data Protection Authorities

Recent figures issued from the European Data Protection Board to the European Commission reveal that EU Data Protection Authorities have received more than 95,000 complaints from citizens across the continent.

Increased pressure

Therefore, it would seem that raising awareness among citizens is not enough. Instead, Kloiber has the vision of a Europe in which state institutions, rather than companies, would be the ones providing digital infrastructure for users.

As an example, she cites a possible EU browser as a replacement for Google Chrome or Mozilla Firefox, which would be subject to democratic control and could, therefore, offer much better data protection.

However, the sensitisation does have one effect: even if citizens lack the technical know-how or motivation to assert their rights, there is increased public pressure on companies.

For instance, the latest Cambridge Analytica scandal showed that data-based profiling and tailored advertising could influence democratic decisions.

In 2018, it was discovered that Cambridge Analytics was collecting data from Facebook users to place personalised political advertisements for Donald Trump’s presidential campaign.

Although it is hard to determine how well this worked, the revelation nevertheless sparked a storm of indignation. While Cambridge Analytica had to file for bankruptcy, Facebook lost about a million users within six months of the scandal.

Following the incident, offering robust data protection is now considered a valuable asset for companies, according to Kloiber.

UK data chief demands overhaul of campaign rules after Brexit

The UK’s data chief has called for a new code of practice on the use of digital information in political campaigning in a new report published on Tuesday (6 November) in the wake of data scandals connected to the Brexit referendum.

[Edited by Britta Weppner/Zoran Radosavljevic]

Subscribe to our newsletters