GDPR – How Personal Data is Collected

GDPR – How is your data collected? More ways than you think

The General Data Protection Regulation (GDPR) goes into effect on May 25, 2018. The new European Union (EU) regulation affects anyone dealing with the persona data of a European Union citizen. In addition, parental consent is necessary for European children under the age of 16 years of age. In a previous blog post, I covered the definition of personal data. The post also contains some examples like email address that spell out a name making it easy to figure out who the email account belongs to. Not all data is online data. A physical street address is also personally identifiable so GDPR affects direct response mailings as well.

Data that falls under the realm of GDPR is collected from a variety of sources. Examples include medical records, air travel tickets, website cookie data, and unlimited online sources including social media accounts. Your personal data can be unknowingly gleaned from social media accounts through a process called data scrapping. Scrapping online accounts for data is generally against the terms of service of most online channels, but it happens.

GDPR is meant to address the legitimate acquisition and usage of your personal data. GDPR mandates that citizens should be able to understand, in simple language, how their data is being collected and processed. That means that social media giants such as Facebook can no longer post complicated terms of service and agreements that make it impossible to understand exactly what data is being collected and how it is used. That includes Facebook allowing advertisers to access audience behaviors and interests.

Facebook can collect quite a bit of personal data from user profiles. Adding family members and identifying children in a profile tells Facebook and it advertisers that the user is a parent. A phone numbers used to add two step authentication reveals what carrier you use. Photos of your home or automobile suggest income level.

Facebook, as well as Google, use location data to track your location. For Facebook, it is used to tag location in photos and video. It is also used to generate reports for advertisers. For example, if an advertiser shows a Facebook user an advertisement for a retail locate promotion then Facebook can use your location data form a mobile device to track and see if you actually entered a store.

Personal data tracking has many legitimate uses. The issue begins when it is also being used for purposed unbeknownst to the person who owns the data.Google uses location data from your smartphone as well. It is used for apps like Google maps, but it is also to track the effectiveness of AdWords advertisements.

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers