The large number of breaches shouldn't lead to the conclusion that data protection doesn't matter anymore, quite the contrary.
It shows that making the legitimacy to use personal data dependent on the functioning of technical measures or privacy self-management is totally over.
It shows that making the legitimacy to use personal data dependent on the functioning of technical measures or privacy self-management is totally over.
Of course, orgs must care about security, and they must be liable for not doing so. But there will always be shady actors who will use dirty data for shady purposes.
In any case, we need to make sure that legit entities cannot legally use dirty data without risking everything.
In any case, we need to make sure that legit entities cannot legally use dirty data without risking everything.
Regulating how entities can legally use/process personal data is basically what the EU data protection regime is about. Enforcing it requires bureaucratic procedures from documenting data processing to audits to general deterrence etc.
Like with dirty money, there are pitfalls.
Like with dirty money, there are pitfalls.
Admittedly, it's even more difficult to prevent law enforcement or intel agencies from using dirty personal data. But also for governments, just because data is available, e.g. because technical measures or privacy self-management have failed, shouldn't make it legitimate to use.
Some groups may always have to take special care by themselves, e.g. journalists or activists.
But the majority of people should be able to simply use digital tech and openly participate in society without being required to care about data protection and security all the time.
But the majority of people should be able to simply use digital tech and openly participate in society without being required to care about data protection and security all the time.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
