Everything is based on location. Whether you are ordering food, taking a drive, or ordering medicines, everything has location as a core component. Hence with an exponential increase in connectivity, ubiquitous cameras and sensors, there is a huge amount of data being produced every moment. While it can benefit companies in a big way by capturing these data in innovative measures, customers or common man feel a threat to their privacy.
There is also a growing trend where customers are increasingly sharing their location data with map or navigation and weather services. To address privacy concerns and bring current privacy rights in accordance to digital age, EU is implementing the new General Data Protection Regulation (GDPR) in May 2018.
According to the regulation, enterprises that collect data from citizens in European Union (EU) countries will need to comply with strict new rules around protecting customer data by May 25.
What is GDPR?
The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years, replacing an outdated data protection directive from 1995. The European Parliament adopted the GDPR in April 2016. The regulation entails provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. It also looks into the exportation of personal data outside the EU.
Having a widespread reach to all 28 EU members, the regulation ensures that all companies and businesses will have to adhere to one standard. However, to maintain such high-quality standard most companies will have to make a large investment to meet and to administer.
This might also have an adverse effect as according to an Ovum report, about two-thirds of US companies believe that the GDPR will require them to rethink their strategy in Europe. Even more (85%) see the GDPR putting them at a competitive disadvantage with European companies.
How is GDPR going to impact processing of location data
According to GDPR location data is considered as “personal data” in Article 4 (1). Under this clause personal data are granted extended rights, including a right to access and a right to erasure.
Under the right to access users can obtain confirmation about whether data concerning them is being processed, where and for what purpose. The right to erasure can put an expiration date on the data already collected.
GDPR consequently describes requirements for data processing companies and organisations. Processors are required to offer explicit and transparent notification about their data practices. A “Privacy by Design” approach should ensure that data processors take the measures necessary to collect, process and store data in a secure way.
The regulation also mentions that special rules that apply to the processors of sensitive data. This will include guidelines for data assessments and the mandatory appointment of an official data protection officer to inform and advise the organization.
Furthermore, the regulation emphasises the importance of consent. In future it will need to be clear and affirmative, putting an end to pre-checked checkboxes when installing or using apps.
Need to understand location complexities
Location data is extremely personal and valuable. Considering its complexities, it is difficult to foresee as to how many ways location data could be used and misused in the future.
Hence, this issue needs to be researched and there is dire need to educate people about privacy rights as well as data science. Organizations can use GDPR as a guideline to evaluate their data practices and to ensure their external communication gives users all the information they need to provide consent.
In times to come GDPR will steadily increase the pressure on businesses that process data. There is an immediate need to improve security standards and also set measures about how data is being used.