European Data Protection Day aims to raise awareness and promote privacy and data protection best practices. However, according to Julia Kloiber, activist and founder of Superrr Lab, European data protection is deficient and it remains questionable if citizens have the necessary know-how to assert their rights. EURACTIV Germany reports.
The European Data Protection Convention was signed on 28 January 1981. Since 2007, European Data Protection Day has been marked each year on the same day.
Today, net-political actors from the political sphere and civil society are holding lectures, writing social media posts and giving interviews to raise awareness about data protection and informing the public of the EU’s General Data Protection Regulation, known as GDPR.
But this is no easy task.
Data protection is a technical topic, and to understand it, you have to invest a lot of time, which many people do not have, Julia Kloiber told EURACTIV. Kloiber, who is a programmer, is also the founder of Superrr Lab, which explores how digital technologies can create more inclusive societies.
Ignorance is powerlessness
Kloiber considers the GDPR’s implementation to have been deficient so far.
In theory, EU citizens have considerably more rights since the regulation came into force in May 2018, such as the right to surrender or delete collected data or the right to object to data processing.
Yet, for the citizens themselves, this usually just means clicking through a few pop-up windows to get to the desired website. “You just click quickly: OK, OK, OK,” said Kloiber, for convenience.
And that is already enough to consent to one’s data being collected. With the help of the collected data, companies then create profiles of the users to provide them with customised content or to analyse their behaviour.
On social media, this can even lead to so-called “filter bubbles”, where users get ‘fed’ information that confirms their worldview. And this could lead to polarisation.
Lack of clarity about user profiles
According to Kloiber, citizens usually do not know for what purpose their data is being used or the kind of profiles it creates. This is simply because technical know-how is often lacking and because companies do not voluntarily disclose information about how they proceed.
Thanks to the GDPR, it is in principle possible to request information about data processing. Yet, it remains unclear whether companies have to disclose, for example, what kind of profile has been created and how advertisements and other content are adapted to match a profile.
Above all, it seems questionable whether people with little technical knowledge would know how to address these companies.
For Kloiber, the GDPR itself is the biggest problem, given that it shifts responsibility for data protection to citizens, who lack the knowledge and information to assert their rights.
Therefore, it would seem that raising awareness among citizens is not enough. Instead, Kloiber has the vision of a Europe in which state institutions, rather than companies, would be the ones providing digital infrastructure for users.
As an example, she cites a possible EU browser as a replacement for Google Chrome or Mozilla Firefox, which would be subject to democratic control and could, therefore, offer much better data protection.
However, the sensitisation does have one effect: even if citizens lack the technical know-how or motivation to assert their rights, there is increased public pressure on companies.
For instance, the latest Cambridge Analytica scandal showed that data-based profiling and tailored advertising could influence democratic decisions.
In 2018, it was discovered that Cambridge Analytics was collecting data from Facebook users to place personalised political advertisements for Donald Trump’s presidential campaign.
Although it is hard to determine how well this worked, the revelation nevertheless sparked a storm of indignation. While Cambridge Analytica had to file for bankruptcy, Facebook lost about a million users within six months of the scandal.
Following the incident, offering robust data protection is now considered a valuable asset for companies, according to Kloiber.
[Edited by Britta Weppner/Zoran Radosavljevic]