American Intern Meets the GDPR

Wednesday December 12th, 2018 by Barbara Moss

Editor’s Note: Barbara Moss worked with TechGDPR as a research intern in late 2018. During her final week, we asked her to share her thoughts on learning about data privacy in Europe as a “digital native” from the U.S.A.

Arriving with an American Perspective

Since the enforcement  of the General Data Protection Regulation in the European Union, data privacy has become a part of everyday conversations in Berlin. To me, as an American, this approach to privacy is quite the contrast from the “online safety” classes I took as an adolescent. The extent of our education about being aware online focused heavily on how not to fall victim to online predators. There was absolutely no discussion of data collection and processing conducted by the platforms we were using, so we didn’t even think about it.

The only time “cookies” are mentioned by my American peers is when we’re buying airline tickets and want to deter rising prices. Since we already know that clearing our cookies can lower the prices offered to us on travel, how is it that did we not also consider how all of our search patterns are being tracked? I think this disconnect is due to the lack of awareness and concern by the typical American internet user. Perhaps we could have made this connection more clearly had we just paid more attention or had privacy rights included in our “online safety” classes.

Many Americans have been conditioned to believe our personal data is no more necessary to protect than what we ate for dinner. What we do not consider is that when we googled the dinner recipe, we told advertisers more than we realize. Without knowing it or understanding the ramifications, Americans have surrendered extensive details about our purchasing preferences, our eating habits, our location, as well as our family/relationship status, all of which are being monitored, stored, and sold. I was blindsided by the amount of information being collected about me.

The Bigger Picture

Lack of information about data security is, of course, a main challenge to Americans caring about online security, but Americans are also lulled by convenience. By pushing all of our login data through third-party sites like Facebook, we allow sites to collect additional unnecessary browsing and user information. Large advertising companies partnering with platforms like Facebook evolved so quickly, the social media providers could not keep up with what data was being breached. If huge technology companies were not able to keep up with the fast paced evolution, policymakers – and even more so, ordinary citizens – can hardly be expected to effectively manage privacy laws either. Instead it has taken multiple security breaches (i.e Facebook, Home Depot, Marriott) for the United States to start making changes. The efficiency of this action could be questioned as well, though as the average age of an American Congressperson is 57.8 years old. To understand just how behind Congress really seems to be in grasping current technologies, one need only watch about twenty seconds of the April 2018 Facebook Senate hearing.

In the wake of another large data breach (Marriott), members of Congress are now attempting to make federal changes to the way in which businesses handle personal data. California has already enacted its own version of the GDPR, the California Consumer Privacy Act. The Act does not have privacy coverage to the extent of the GDPR, but it is a step in the right direction. Americans need to realize that data protection is a right. I believe new legislation regarding data protection will become a much larger conversation in the United States as the world continues to evolve in how humans think about privacy.

Heading Home with a New View

As a 20-year-old raised in the technological world, the “technological culture shock” I experienced during my internship at TechGDPR was disorienting, but not hopeless. Since working at TechGDPR, I have a newfound respect for internet security which I have been able to pass along when people ask about my internship.

I no longer blindly accept cookies or sign in through Facebook so willingly. Luckily, I have been able to work in Germany where the GDPR has really resonated with policymakers and individuals alike. Not every American will be exposed to this perspective, which challenges the assumptions we are raised to accept in the U.S. As support for online privacy rights grows throughout the world, it is just a matter of time before the United States must improve data protection and user privacy, or risk losing a competitive edge in the global technology market.

Barbara Moss

Tech GDPR Research Intern

Barbara Moss is studying International Studies and Political Science at Indiana University (2020).

Response to the GDPR-relevant points in the German Blockchain Strategy of September 2019
September 29th, 2019

GDPR compliant products debunked: it’s all about HOW you use it
September 26th, 2019

GDPR’s Right to be Forgotten in Blockchain: it's not black and white.
August 13th, 2019

What is the difference between personally identifiable information (PII) and personal data?
June 27th, 2019

Personal data and cold calling under the GDPR
June 25th, 2019

Blockchain & DLT under the GDPR explained to the European Commission
June 4th, 2019

One year of GDPR: GDPR enforcement and awareness
May 25th, 2019

Our first open GDPR Canvas workshop
May 21st, 2019

WiFi-Tracking and Retail Analytics under the GDPR
April 8th, 2019

How to develop Artificial Intelligence that is GDPR-friendly
February 28th, 2019

Artificial Intelligence (3)
Beyond EU (5)
Big Data (2)
Blockchain (11)
Court Cases (1)
Data Subjects (6)
DLT (1)
DPO (2)
European Commission (1)
GDPR Canvas (1)
GDPR Status (1)
Germany (1)
IoT (4)
Privacy by Design (7)
Regulation (1)
Speaking (1)
Startups (1)
Strategy (1)
Terminology (1)
WiFi (1)
Workshop (2)
Article 17
Artificial Intelligence
Big Data
call center
Cold calling
European Commission
GDPR Analysis
GDPR Compliance
GDPR so far
gdpr workshop
gdpr year one
German Blockchain Strategy
one year gdpr
open workshop
personal data
personally identifiable information
Privacy by Design
Retail Analytics
right to be forgotten
right to erasure
September 2019 (2)
August 2019 (1)
June 2019 (3)
May 2019 (2)
April 2019 (1)
February 2019 (2)
January 2019 (1)
December 2018 (2)
October 2018 (1)
September 2018 (1)
August 2018 (3)
July 2018 (5)
June 2018 (1)
March 2018 (1)

Contact us to find out how we can help you with your GDPR compliance.