GDPR puts control of personal data back in hands of users

• The Facebook-Cambridge Analytica data sharing scandal has raised concerns over how and for what purposes shared data are being used
• At this point, Europe has tougher a regulation than the US and the rest of the world
• Europe's General Data Protection Regulation gives the right and ownership of data back to the individual

The idea that companies today can easily access and use different forms and types of personal data from individuals or third-party organisations that collected them for purposes which may be totally different from what were originally given consent for is alarming. Yet, it is not surprising. Today, we, especially the digital natives are so accustomed and comfortable with allowing companies to access and even own our personal data in exchange for services that they offer, often free of charge, without a second thought.

The Facebook data sharing scandal involving now defunct Cambridge Analytica did not show any actual criminal wrongdoing. However, it did throw up a host of business ethics issues about how and for what purposes the shared data was being used. It had allegedly been used to influence million of voters in the US, in which the candidate without the popular vote, Donald Trump, won.

The crux of the issue is who owns the data? In the US and many parts of the world, the company which has been given consent to collect that data owns it. So, Facebook legally owns all their customer data and has every right to use them as befit their purposes. However, in Europe, the introduction of the General Data Protection Regulation gives the right and ownership of data back to the individual and it will be interesting to see how it pans out.

Today, many argue that data is the new oil in this digital economy. Everything freezes up if data does not follow. The question is what level of individual data protection is adequate without unnecessarily stymying business and commerce.

This despite so called legal safeguards, such as personal data protection regulations, to limit and protect such data.

The current practice does not go far enough and is often no more than a legal cover for the very companies that seek to access and use the data. There is still no comprehensive regulation to define what data can be collected and how they may be used.

It really rests on what these companies are allowed to do by regulations, as they have shown that they are incapable of self-regulation, ie. not just the tech companies such as Facebook but conventional enterprises and even once highly respected ones such as Wells Fargo and Commonwealth Bank of Australia have reportedly abused the customer data in their possession.

So, at this point, Europe has tougher regulation than the US and the rest of the world. Even as the regulators are starting to come to grip with the extent of protection to be granted to personal data, there will not be a definitive resolution until the issue of individual ownership and right to that data is unequivocally addressed.