As Facebook and Amazon face scrutiny over their methods of collecting and managing ‘personal data’, public trust for online businesses is at an all-time low. For all the good that mass collection of information has done, the GDPR will be the first regulation of its kind to prioritise user privacy.

Sage has revealed that six out of every ten Europeans do not trust online businesses and as many as 66 per cent are concerned about the security of their personal information. These concerns have been reinforced by a number of recent scandals in the ‘big tech’ industry, which typically refers to the FAMGA companies: Facebook, Apple, Microsoft, Google and Amazon.

Facebook, which boasts over 2.1 billion users worldwide, has admitted to selling personal data to third-party businesses who then use this data to create targeted ads on the social media platform, even if the ads are unrelated to the app through which the data was originally obtained. In the case of Cambridge Analytica, personal data was collected on millions of Facebook users under the disguise of a personality quiz. This data was then repurposed to create political ads supporting Brexit in the UK and Donald Trump’s presidential campaign in the USA. Facebook’s reputation has been further tarnished since it revealed it collects and sells information on non-users, also.

Furthermore, both Amazon and Google have filed patents for their respective AI-powered home assistant technologies to be able to listen to any conversations inside customers’ homes at any time. This could include recording the conversations of any visitors, who may not have given Amazon or Google expressed permission.

The term ‘big data’ refers to the mass collection of information which can later be used to potentially identify patterns to help drive solutions. Crucially, it has helped to encourage huge innovations in AI and machine learning, enabling the creation of software that help in a wide range of ways; from allowing businesses to maximise efficiency by identifying sales and production patterns, to permitting medical institutions around the world to share data, thereby improving quality and speed of care.

Big data has directly led to the invention of numerous modern apps which are now widely used, like Uber and Instagram. However, it is now common practice for firms to trade user data to not only expand the big data available to them for service improvement, but as a means of raising revenue.

This culture of using data to expand knowledge and raise revenue has been allowed to develop for two key reasons: national politics has failed to keep up with advancing technology; and firms lack incentive to protect user data over maximising profits. A side effect of this culture is the rising number of people around the world that are increasingly voicing their distrust for online businesses, such as the recent #DeleteFacebook movement.

The European Commission was the first to recognise this disparity between advancing internet technology and user privacy and, in 2012, it proposed to update data protection laws for what has since become known as the General Data Protection Regulation (GDPR). This is due to come into effect on May 25, 2018, and will not only update the definition of ‘personal data’ to include more modern means of user identification, such as IP address, online behaviour and geolocation, but is the first regulation of its kind to apply its strict laws based on the customers’ EU status, rather than the location of a company’s headquarters or servers. In other words, any organisation collecting and using any data on any EU citizen is subject to EU rules, regardless of where it is based.

The GDPR aims to hand control over personal information back to EU citizens by ensuring organisations adequately protect data on their servers and give citizens the right to contact organisations over how their information is being collected, used and stored and, should they request it, to have their information deleted in its entirety — the so-called ‘right to be forgotten’. Any organisation that fails to comply with the new regulation can face fines of up to €20 million or 4 per cent of its annual global revenue (whichever is highest).

Critics have argued that the GDPR will stifle industry growth by restricting what information organisations can gather and how. While this remains to be seen, the GDPR will likely continue to stimulate innovation as the regulation will not ban the big data strategy, but merely serve to regulate against the collection and use of personal data without the expressed permission of EU citizens themselves. Furthermore, as scandals like those of Facebook, Amazon and Google continue to reinforce the public’s opinion that companies housing personal data cannot be trusted, the GDPR offers organisations a chance to reinvent their policies and image to regain customer confidence.