Alright GAFA, whose turn is it this month?
It was Facebook in July, followed by Google in August: so it seems only natural that it was Amazon’s turn to face a privacy concern backlash in September, leaving us all wondering what inevitable act of data negligence Apple will own up to in October.
A report in the Wall Street Journal revealed that the e-tail giant is investigating allegations that some Amazon staff members had sold customer data to third-party companies, mainly in China. This information allegedly included sales figures and contact information for product reviewers, allowing retailers on the platform to contact customers in an attempt to change their reviews.
It has become clear in recent months that a significant portion of security breaches are due to human error or malicious behaviour - with some estimates as high as 90 per cent. It’s therefore of paramount importance that all companies, no matter how large or small, review their internal processes to minimise the risk of a breach.
GDPR lays out some very basic ways in which this can be achieved, including the appointment of a data protection officer and department who can help ensure that data is handled in both a GDPR-compliant and ethical way. Restricting access to confidential customer data and sharing anonymised or synthetic data sets with developer teams are some other great ways in which businesses can mitigate risk.
Über fine for Uber
Two years after Uber’s 2016 data breach - in which the ride-hailing app paid $100,000 to hackers in order to keep the breach under wraps - the company has agreed to pay a settlement sum of $148 million. Ironically, this figure is significantly larger than the fines applicable under pre-GDPR legislation.
The breach, which affected 50 million riders and 7 million Uber drivers, was not reported until more than a year after the company had been made aware of it - an act that would surely be in breach of GDPR if it had happened today. We’re very hopeful that the new regulation helps to ensure an instance like this won’t happen again.
So Solid Tim
Founding father of the World Wide Web Tim Berners-Lee took to Medium this month to announce his latest open-source project: Solid. The platform, in a nutshell, will be designed to grant users control over where their data is stored as well as who can have access to it.
It’s clear Tim feels a great amount of personal responsibility for helping to create the Internet environment as we know it today, where "digital giants" can influence the way we live our lives through the use and misuse of our personal data. Decentralised solutions - like Tim’s proposed Solid - are the only way to give complete control back to the user, and consequently we completely support these projects.
At Hazy, we are just as bothered as Tim is by the monopolisation of the Internet and the exploitation of personal data. Not only is it blatantly unethical for companies to mishandle vast quantities of confidential customer data, but the granularity involved is completely unnecessary. Once again, the answer lies in ethical and secure technologies, like anonymisation and synthetic data generation.
We look forward to reading Tim’s future updates on Solid and the decentralised web.