As EE Times’ Junko Yoshida reported, it’s not just the data-processing giants like Google, Facebook, and LinkedIn of the world affected by the regulation. If you buy and sell products to Europeans, GDPR affects you and the way you set up your contractual data-sharing obligations with trading partners. If you are designing, manufacturing and distributing products, including Internet of Things devices that foster greater inter-device connectivity and information gathering and sharing, you will have to include privacy protection provisions. And, if you’re data is flowing out of your system and into the hands of other parties, you’ll want to look at what levels of protection are built into those data flows.
The reality is GDPR is going to have far-reaching impact, could trigger other countries to adopt similar measures, and will, sooner or later, compel companies to rethink how and why they collect and use individual’s personal data.
“We need to break these assumptions that regulators, companies and, sometimes, consumer groups make that consumers are this group of ready, willing, able users of technology with plenty of time on their hands to familiarize themselves with all the ways this technology works and how it is using their data. They are not,” said Amanda Long, director general of Consumers International. “This is why most of the provisions in the GDPR have been added. It is making companies think holistically about the data it collects and the impact it can have on people’s privacy.”
Electronics industry organizations and forward-thinking companies already know this and are taking steps to ease compliance issues. The IEEE, for instance, has created a cross-organizational task force that is working to ensure consistency in how volunteers, members, and professional staff worldwide collect and use personal data.
On stage during their MWC “AI Everywhere: Ethics and Responsibility” presentation, Clara Neppel, IEEE senior director, European Business Operations, and Aurélie Pols, data governance and privacy engineer and IEEE P7002 Data Privacy Process Working Group participant, spoke about the importance of adopting bottom-up approaches to drive greater global privacy protection awareness.
“We are working with engineers to gain a bottom-up understanding of what the law requires,” said Pols, adding that IEEE is examining areas such as privacy impact assessments, determining which ethical values can be further designed into products, assessing liability and developing standards from working party discussions. “If we can work together with the engineers, we can develop something that will be beneficial for humanity.”