I’ve been reading a fair bit of software vendor marketing and press from around the world about the GDPR. It seems to me that a lot of it misses the point. GDPR is seen as a compliance burden, an unwelcome dose of EU bureaucracy or at best a useful opportunity sell security software. It is perhaps useful to reflect on why the GDPR and its predecessors in data protection legislation came into being.
I was walking to the train station in the rain this morning, and I paused for a moment by the pair of Stolpersteine (tripping stones) on the corner of the street where we live. I’m not sure why I took the picture today, perhaps they glistened from the drizzle. I wondered what Salomon and Paula were like, what were their hobbies and their foibles, did they watch football or play tennis together, what jobs did they do, was she left handed, who were their friends, what colour was his favourite tie, did he make puns that made her smile, did she play Chopin on piano so that the notes drifted down the street on the breeze, did they hold hands as they walked beside the Neckar on that summer’s evening for the last time?
Gunter Demnig began this art project in 1992. The first stone was laid in Salzburg, Austria, and now there are over 27,000 plaques across 22 countries, and growing. Think of it as a distributed museum. They all follow the same format, size and font. In situ, on the doorsteps of houses, for me they are more powerful and poignant than any centralised memorial or museum. They bring an uncomfortable intimacy and they force me to think about how easily such an evil could come into being. (check out more about the stones here).
The GDPR exists to protect our data (and our person) from abuse.
This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data. (Article 1 (2) GPDR)
Software has the potential for enabling goodness, yet it can also empower evil. Software can encourage democracy, but it can undermine it too. Software can level the playing field, or it can entrench privilege. The power of software to find, sort and group people is both awesome and awful. It is a mighty thing that we wield.
As an industry we need to see people’s data as something to treat with care and respect. The GPDR is a long overdue firm nudge for us to remember that.
One of the pioneers of artificial intelligence, Joseph Weizenbaum, fled Berlin for the US as a child in the 1930’s. I suspect there is a stoplerstein for his family on a street in Berlin. His book, Computer Power and Human Reason, should be required reading for all those building software.
““The computer programmer is a creator of universes for which he alone is the lawgiver. No playwright, no stage director, no emperor, however powerful, has ever exercised such absolute authority to arrange a stage or field of battle and to command such unswervingly dutiful actors or troops.”
We proclaim gleefully that software is eating the world, and data is more valuable than oil, so it is high time the software industry took its human rights responsibilities more seriously.
I, for one, welcome the GDPR.
(Cross-posted @ Vendorprisey)