Privacy, democracy & bureaucracy
28 May 2018
If you're a website manager maybe you've been writing those emails and ensuring your site is compliant with the new regulations.
It's been interesting (for us anyway) to listen to reactions to GDPR. It seems that people are split between "what a nightmare - so much paperwork" and "this is great - it protects our privacy" and there is no doubt that we have felt a bit of both.
There is an entire section of the tech industry that has a business model of: provide a free app, get people's personal information and sell it to anyone who'll pay.
You know... that app that wants access to your location, all the details of your contacts, your emails and browsing history so that you can play virtual ping-pong.
But free ping-pong is awesome and what's the harm anyway?
If the Cambridge Analytica scandal is anything to go by, then enough to threaten the fabric of democracy in the developed world!
At Downtime Monkey we've always considered privacy and security important and right from the start we've put a fundamental principle at the heart of our service:
We don't ask for personal information unless we truly need it.
We keep third parties to a minimum but use some to enable us to provide our service and we apply the same principle to them.
Here's an example:
We use a text message API to send downtime alerts because the service is reliable worldwide and it saves us having to reinvent the wheel.
If your website goes down and you've set up SMS alerts Downtime Monkey relays your phone number and the website URL to the API and a text message is sent to your phone. We don't include your name or any other details - just the information needed to get the job done.
Following this principle means that there has been very little for us to change for GDPR. We haven't had to make any changes to the functionality of our application.
However, we have had to check our systems, ensure that all the third parties that we use are GDPR compliant, and put some documentation in place.
We dedicated a few days' work to this and although we'd rather have spent the time developing our services, we're happy that privacy is being taken seriously by (some) regulators.
So will GDPR fix the tech industry's privacy problem?
Although GDPR may help, it's unlikely to fix the situation completely. It's predictable that the organisations whose income is made from collecting their users' personal information and selling it to the highest bidder will find a way to get round the regulation, or just accept the fines that come their way.
One way or another we can't see this section of the tech industry disappearing overnight.
On a positive note though, maybe the regulation will encourage more developers and startups to use a model of business that puts customer privacy first.