The GDPR is the newest data privacy directive in the European Union. It is a very complex policy that is meant to address the vast privacy concerns that have arisen in the 23 years since the previous data privacy law was passed.
Data scientists and legal experts are both debating the nuances of the new law. One of the topics that has surprisingly not come up much is the impact that the GDPR will have on online collaboration tools, such as Facebook Messenger and Slack.
How will the GDPR our affect these platforms? Will the brands hosting the platforms be solely responsible for enforcing data privacy laws? Or will some of the users share responsibility?
Here are some factors to consider.
Users may be more comfortable using certain online collaboration tools
Many people have stopped using online tools that try to store their data. They will be more comfortable using tools that are compliant with the GDPR, since they know that their privacy will be better protected. This could increase usage of these services, which will be a boon for consumers, developers and content providers alike.
Data storage abilities vary by platform
Data storage abilities are different on many platforms. On some platforms, data is automatically stored to the server. This is common with many web services, such as Facebook groups and social media platforms.
Other services are desktop or device based. Most of the content itself is stored on every user’s own device, which means that the company that developed it does not have access to it and cannot store it. Yahoo! Messenger is one example, as they point out in their Compliance Guide for Law Enforcement.
Yahoo! does not stored content for the downloadable Messenger client. Yahoo! Messenger client users can archive Messenger communications, however, by storing the archives locally on their PC or on whatever media they designate. If a user has archived Messenger communications, the archives can be viewed locally through the Messenger client resident on the user’s computer.
While the service provider may not retain records of the content, they may keep other records, such as IP addresses, timestamps and the duration of conversations. All of these records could be subject to the new GDPR requirements.
Some responsibility will fall on Yahoo and other companies that use desktop communication applications with instant messaging features. However, the bulk of responsibility will likely fall on the Internet service provider.
Since the only records of the content itself are stored on the devices of each user in the conversation, they could theoretically both be expected to comply with the GDPR. However, the regulations were not intended to apply to consumers. EU data regulation enforcement officials would most likely only target commercial users of these services.
Ability to combat fraud could be limited
Law enforcement officials frequently depend on online data to investigate fraud, racketeering and other crimes conducted over the Internet. This means that cyber criminals are likely to abuse the GDPR to cover traces of their misconduct.
As a result, the new data protection laws are a double edge sword for many users. Legitimate organizations can use the provisions under the lot to sanitize their own digital footprint, which minimizes the damage if a cybercriminal manages to breach one of their servers. On the other hand, since criminals can do the same thing, it may be more difficult to protect against them. This can keep them from getting restitution from hackers, ransomware developers and other criminals. It could also make it more difficult for organizations to activate the coverage of their insurance policies, since they may not even be able to show evidence that a cybercrime was even committed. Finally, it can make it harder to identify patterns or even notice an unusual HTTP request from a hacker that attempted to penetrate their servers before.
This is important to realize, because cyber criminals can use online collaboration tools to spread malware and hunt for new victims. Companies using these tools need to be particularly cautious.
Freemium applications may become obsolete
Many mobile applications depend on freemium revenue models. Instead of charging customers a fee to download them, they depend on selling ancillary services or serving advertisements that appear within the application.
The profitability of these applications may fall in the future, because advertisers pay higher CPMs for more targeted advertisements. They usually want to target their advertisements to users of specific age, income and gender groups. They also often want to restrict ads to people using certain mobile devices.
As the GDPR takes effect, this type of data will be more limited. It will reduce the value of ads for mobile content developers, which may force them to start charging for the application itself.
