GDPR, Trust And Personal Data Sharing: Literature Review

Following the revelations of the Facebook-Cambridge Analytical scandal, Google unlawfully collecting iPhone users’ data and the numerous other reports of data misuse cases, GDPR (General Data Protection Regulation) has been implemented. GDPR law gives the individuals the choice on how an organisation may use, store and control their personal data. It came into force on the 25th of May 2018, although, already being adopted by the EU Parliament in April of 2016. The main aim of enforcing GDPR is to ensure the protection of all EU data in order to eliminate the risk of personal data being breached. It will also mean that there is an increase in the levels of legal precision organisations take for data protection and gives room for data-driven innovation to take place within the EU. In cases of malpractice, companies will face fines of €20 million or 4% of the company’s global turn over – whichever cost is the highest.

Previous literature has directed research focused on children aged 7 – 11 years old to grasp an understanding of whether they are aware of what is considered to be private data. They were tested and questioned on their knowledge of privacy in general, so that websites and apps that are developed specifically for children are able to clearly present their GDPR regulations. However, no research has pinpointed its focus onto 18 – 25 year olds to view whether they understand the terms and conditions they are agreeing to. Furthermore, there is no research regarding whether organisations display their regulations in a manner that is comprehendible, for this age bracket. The UK has set legislation that allows children from the ages 13 and onwards to be able to consent to their personal data being processed, without parents or legal guardian’s permission.

It can be argued that the government deems this age onwards as responsible and aware of the actions they are taking regarding data consent. However, it does not mean that they are fully aware of the actions they are taking. The Privacy Paradox goes on to characterises the intentions a person may have contrast to the actual behaviours they show. This has led to the research of the topical debate as to why many young people feel comfortable sharing personal data on social media, but then experience feelings of betrayal when the same data is breached by organisations. This theory can help question as to why individuals feel differently about sharing personal data with organisations and social media. Public social media platforms are available for all to view and many contain personal data from birthdays to locations. When an organisation shares the personal data of the individual, they no longer feel trusting towards this organisation. If a company show high levels of transparency when laying out the uses it may have for your data, it has been proven for the individual to have a stronger element of trust in an organisation. This is due to the fact that they have been made aware of the potential ends for their data, prior to the data being processed.

The literature continues to show interest in what organisations and job professions individuals trust more with their data; however, the reasoning as to why this is the case is not present. For this piece of exploratory research, the focus is directed at whether the terms trust, privacy and personal data are understood. By identifying groups of individuals, data collections methods can be carried out to aid the answer of the research. There is a push in interest as to why individuals feel differently about sharing personal data on different platforms and who they trust the most with their personal data.