5/24/18 · Law and Political Science Studies

"Administrations and companies should have adapted to the new data protection regulation earlier"

Photo: UOC

Photo: UOC

Miquel Peguera , UOC professor and expert in Internet law

 

From 25 May 2018 it will be compulsory to comply with the General Data Protection Regulation (GDPR), promoted by the European Union and designed to toughen control and penalty systems. Miquel Peguera, professor at the Faculty of Law and Political Science and expert in Internet law, believes that the GDPR will mean a paradigm shift where users will have more control over their data and companies will be more rigorous in complying with the law. However, he warns that as a society we are still too carefree with our online activity.

 

 

From 25 May 2018 it will be compulsory to comply with the General Data Protection Regulation (GDPR), promoted by the European Union and designed to toughen control and penalty systems. Miquel Peguera, professor at the Faculty of Law and Political Science and expert in Internet law, believes that the GDPR will mean a paradigm shift where users will have more control over their data and companies will be more rigorous in complying with the law. However, he warns that as a society we are still too carefree with our online activity.

 

Are we sufficiently aware of the personal data we leave on the Internet?

Recent cases such as Cambridge Analytica and other personal data leaks have perhaps made us more aware of the trace we leave on the Internet. But we still don't read privacy policies, downloading apps without taking much notice of the permissions they request and without understanding the scope of the permissions we grant. Comfort makes us careless.

Are administrations and companies ready for the new European regulation?

The regulation is applied directly but member states must pass national legislation to cover some aspects of it. In many countries, including Spain, this hasn't been done yet. Both administrations and companies seem to be arriving late; they have to make several changes and as things stand they won't do so in time. The data protection authorities have done a great deal to educate but adaptation to the new regulation will be complicated.

Why?

The regulation obliges them to assess risks and to know how data is processed in detail: the data they manage, for how long, what processes they follow, how they are stored, what security mechanisms are available, etc. In many cases the so-called RPA (Record of Processing Activities) will have to be created. Complying with all obligations can be a costly and cumbersome task and in some cases the regulation requires the appointment of Data Protection Officers to ensure compliance with the regulation and to be fully conversant with the flow of all company data.

These officers have to fully understand the GDPR and have specialized knowledge of data protection. Are there enough people with these skills?

No, a lot of training will be needed both now and in the future. Here at the UOC we have a data protection programme that provides this kind of training in issues that people will need to understand from now on. Over the next few months, the need for training in this field will become even more apparent. Companies will need to train workers involved in data processing as well.

Will the new regulation provide the right response to the concern about personal data protection?

Europe has always taken the lead in terms of personal data privacy and protection and the GDPR will make regulation really hard-hitting. People's right to have control over their data has been strengthened, and companies will have to change habits and be far more rigorous. The GDPR seeks to give people more peace of mind; it wants to ensure that they have enough information about what will be done with their data and that they won't be taken by surprise by illicit uses. However, the effectiveness greatly depends on the attitude of users, who will have to take the protection of their data seriously.

How is the law adapting to the fact that every day more of our data is online?

The law is always one step behind reality; it is slow and finds it hard to provide rapid solutions to technological changes. It has a lot of ground to cover. The law tries to regulate conflicts that can emerge between people and watch over their interests. These conflicts also happen online, sometimes with specific characteristics, so the law must provide tools to resolve them.

Will the regulation persuade us to change our Internet habits?

I'm quite sceptical and think that for the most part we'll carry on as we are: on the one hand, we'll be very combative when there are stories in the media about infringements and we'll demand respect for our privacy, but on the other we'll continue to ignore the terms and conditions on websites and apps we download. Likewise, the increase in information we will receive, a veritable avalanche, might end up being counter-productive and cause us to pay even less attention.

 

Press contact

You may also be interested in…

Most popular