On May 25th the European General Data Protection Regulation (GDPR) went into effect. The following morning the sun rose right on schedule, and people went about their daily lives as if nothing had changed.
In fact, people had been receiving email messages from online services for weeks, advising of new “privacy policies”, supposedly to comply with the GDPR. I suspect most people ignored them, just as they did when signing up for a new service.
So what was all the fuss about?
GDPR marks a turning point in the way organizations handle personal data, not because the average citizen will notice any big change right away, but because it's the first time a major governing authority in the western world has passed a law regulating personal data –– with any teeth.
GDPR comes at a time when people everywhere are waking up to the fact that an unfathomable amount of data is being generated and collected about them by unseen unaccountable entities that don't necessarily have the their best interests at heart.
While this is often framed as a discussion about "privacy," the word may have inadvertently confused what is really at issue.
Originally, privacy meant the ability to be unobserved -- what you want when you're in the "privy."
It can expand to mean that which two people who are intimately involved with each other want from the rest of the world.
Expanding its meaning still further could cover a situation where a small group of people having a conversation would be offended if an eavesdropper were found to be taking notes.
And finally, if you were walking down a public street, although you would have no "expectation of privacy" in that anyone else on the street can see you, if someone were to follow you or record where you had been, that would clearly be seen as a violation of your privacy -- , if not an actual threat.
None of these definitions, however, actually describe what people expect when they engage with companies to obtain products or services. In that case, you are handing over data about yourself, and implicitly creating interaction and transaction records in the process. You'll probably agree that you have a right to expect that the company will use that data for the purpose of facilitating current and ongoing transactions with you, but not that they will give or sell that data to unknown third parties. Especially if those parties will use that data for purposes to which you have not agreed.
A better description of your right to have your data handled properly is the right to confidentiality.
When a company agrees to hold your data in confidence, they have created an obligation to you.
That's why we created JLINC.
It's a tool that gives individual citizens an easy and manageable way to enter into verifiable confidentiality agreements with the companies and organizations with whom they interact.
"Privacy" does not have an exact equivalent in all European languages, so the GDPR actually defined new personal data “protection” rights instead of data “privacy” rights for EU citizens. In the US, "confidentiality" has much greater legal standing than privacy.
JLINC implements both privacy and confidentiality.
It also makes explicit and visible whether the parties are keeping their agreements with each other, thus building their reputations. Reputation is what people rely on to establish trust in their every day interactions.
Why do we care so much about this? In a world where mutual distrust has taken over the public sphere, and where some of the biggest corporations that we all depend on, routinely make the "most hated companies" list, our quality of life steadily declines. Not only is this bad for people, it's manifestly unsustainable for companies in the long run.
We want to change that. We are creating a win-win for companies and their customers by making mutual trust the new paradigm.
Real long-term societal change doesn't come from on-high. It comes from an accumulation of all interactions, large and small, that people engage in every day.