The importance of GDPR discussion in Latin America
29 Sep 2020
TL;DR The European Union (EU) began the implementation of the GDPR (General Data Privacy Regulation) in May 2018 with the aim of developing a legal framework that provides more control over the use of personal data obtained through online services or databases. Today, the discussion has begun in countries such as Brazil with the aim of providing users with greater security and knowledge of their actions, and to avoid repeating episodes such as Cambridge Analytica and Facebook.
After Cambridge Analityca scandal, in which this company along with Facebook, used data from users of the social network to influence the US presidential elections and the Brexit referendum in 2016. The inappropriate and uninformed use of users’ personal information was evident. This episode started the debate about how secure the data we share is in the free services we use on the internet.
As a result of this, the EU took an important step by creating and implementing the GDPR policy, which began its implementation in May 2018. The central objectives of this policy are: 1) “To give people more control over how their personal data is used, taking into account that many companies such as Facebook and Google exchange access to people’s data for the use of their services; and 2) “to give companies a simpler and clearer legal environment to operate”. However, it must be considered that, despite the existence of these regulations, some companies have organized their terms and conditions in such a way that users give their consent as a forced choice; otherwise, their service is canceled due to not accepting the “rules”.
At this point the question is: how does the GDPR operate in our lives? The companies that collect, store, record and process personal data with databases or while browsing a website, must explicitly express the uses of data collected. An example, it is to explicitly request the use of cookies when entering a company website. These ones allow navigation to be faster and the experience to be more efficient each time the webpage is visited. However, they also allow identifying the information in the browsing history and to be sold or shared with a third party. But these ones are tricky and in general, they are displayed on a small popup in which it is explained that the cookies consent is needed to continue browsing, the size of the cases is small, and due to the eagerness to continue browsing we “give” consent without reading in depth what is written.
Taking into account the aforementioned, companies that operate within EU and international that have an audience inhabiting the EU, must comply with the GDPR. Hence, the interest of several companies to understand this regulation and apply it in order to avoid penalties. In this context, experiments based on the behavioral economics methodology and choice architecture have made it possible to increase the number of users who are aware of terms and conditions presented in the privacy policies.
In a study recently conducted by Expilab Research S.L. for a multinational insurance company, it was possible to increase informed consent over cookies and marketing communications. In this study were developed different interventions based on the GDPR regulations. This study achieved, on the one hand, an increase from 0% to 79.37% of informed consent over cookies with an increase of 24.73% in their comprehension; on the other hand, an increase from 17.35% to 31.32% of informed consent over marketing communications with an increase of 21.18% in their understanding.
Currently, the replications of GDPR are moving to other latitudes, particularly in Latin America, to countries such as Brazil and Colombia. The first one is the development of the Lei Geral de Proteção de Dados, which was approved in the government of Michel Temer in August 2018 and implemented in August 16, 2020. This one shares common subjects with the original, such as the right to access the data or to deny consent and its consequences. However, there are differences such as who will be the Data Protection Officer, which in the Brazilian case, it requires to be a full-time laborer.
In the Colombian case, there is the Law 1581 which aims to regulate the collection and disclosure of public, semi-private, private and sensitive data. Within this normative it’s not included: databases of personal, domestic, banking, censuses and services, and information about security, defense, military intelligence and journalism. Although it is a regulation of this type, the in-depth conversation about the actual use and protection of data has not taken place at the level of debating it in congress or formulating a strong regulation similar to the GDPR.
This mandatory was issued at the beginning of September 2020 by the Superintendency of Industry and Commerce. With this one, Google’s attention was called for failing to comply with 52.63% of the requirements of the aforementioned regulations. Because of this, the company was required to request authorization from its users to be registered in the National Database Registration, and to create a privacy polices based on the article 12, Decree 1377 of 2013.
Motivated to continue studying how this regulation applied to Latin America has modified the behavior of Internet users, Expilab is supporting Master or Doctorate students who are interested in developing their master or doctoral thesis on these topics and finding solutions to these problems. If this topic is of interest to you, do not hesitate to contact us at assist@expilab.com.
Finally, the controversy that this issue has aroused in recent years in the world is largely. The publication of research on the misuse of user information on social networks and platforms for political purposes has been evidenced in the elections in Brazil, Mexico, Kenya, Nigeria, Malaysia and Colombia. The modus operandi is reflected through the mass dissemination of false news from their opponents or the capture of data with surveys, personality tests or offers of mobile data in exchange of receiving advertising.
Therefore, these facts (and others that have not been public) have promoted the need to broaden the debate of the ethics of private data. Here, the question is to what extent the person is a victim when cosenting without having clear information about what they are accepting. Additionally, there is a manipulation of social networks to their users in order to keep them connected and interacting as long as possible; thus, obtaining useful data for companies. This is an important subject discussed in the documentary “The social dilemma” available on Netfix.
References
Cababie, P. (2017) . Análisis de la Política de Protección General de Datos en Europa (GDPR – General Data Protection Regulation). Consecuencias, Compatibilidad, implementación y casos particulares de GDPR (tesis de maestría). Universidad de Buenos Aires, Buenos Aires, Argentina.
Bergram, K.,Bezençon, V., Maingot, P., Gjerlufsen, T & Holzer, A., Digital Nudges for Privacy Awareness: From consent to informed consent?. (2020). Research Papers. 64, 1-17.
Eltiempo.com (4 de septiembre de 2020). La orden de la SIC contra Google por incumplir protección de datos. Eltiempo.com. Recuperado de: https://www.eltiempo.com/tecnosfera/novedades-tecnologia/orden-de-la-sic-contra-google-en-colombia-por-incumplir-proteccion-de-datos-535943
Portafolio.com (4 de septiembre de 2020). SIC ordena a Google a que cumpla con estándares de protección de datos. Portafolio.com. Recuperado de: https://www.portafolio.co/negocios/empresas/sic-ordena-a-google-a-que-cumpla-con-estandares-de-proteccion-de-datos-544294
Hern, A. (25 de mayo de 2018) Facebook and Google targeted as first GDPR complaints filed. The Guardian. Recuperado de: https://www.theguardian.com/technology/2018/may/25/facebook-google-gdpr-complaints-eu-consumer-rights
Webgraphy
https://www.powerdata.es/gdpr-proteccion-datos
https://cookiefirst.com/es/lgpd-la-ley-que-es-la-version-brasilena-del-gdpr/
https://www.endpointprotector.es/blog/lgdp-vs-gdpr-las-mayores-diferencias/,
https://www.insideprivacy.com/international/brazils-new-general-data-privacy-law-follows-gdpr-provisions/
About
Expilab Research S.L. is a specialised technological partner with a record in designing, programming and conducting complex behavioral experiments in social sciences, consumer research, and public policy-making. Expilab’s research platform allows creation or replication any online environments from search engines, web-stores, showrooms, healthcare portals, social networks to fully-functional and realistic online gambling websites.
Need any advice and recommendations from our technical team – just get in touch with us (here) and we will be happy to answer all your questions. You can read more about how we help you with programming, designing and conducting your experiments whether you are from Academia or Business Organization. Don’t wait, get in touch with us now!
![Expilab Research](data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" width="180" height="55"><rect width="100%" height="100%"><animate attributeName="fill" values="rgba(153,153,153,0.5);rgba(153,153,153,0.1);rgba(153,153,153,0.5)" dur="2s" repeatCount="indefinite" /></rect></svg>)
30 Sep 2020
Nathy Gomez
Political scientist and Magistrado in Cultural Studies at the Pontificia Universidad Javeriana, Colombia. Her investigative work has focused in qualitative research via field work using in-depth interviews and analysis of social & cultural phenomenons. She has been a fellow of the Pensar Institute, the IPCC and CLACSO. She has also worked as a Lecturer at the Pontificia Universidad Javeriana and Universidad Nacional de Colombia.