Monkeynoodle.Org

Monkeynoodle logo

ai architecture artificial-intelligence blog blogging Book Review business career Compliance Content Corporate Life Customer Support cybersecurity data data-science DevOps education entropy fitness garmin leadership Licensing life marketing microservices Monitoring music Observability Operations Partnership philosophy Product Management Products saas Sales Security software-development technology User Experience wordpress writing

GDPR is great for Facebook and Google

Published by

Jack Coates

on

Dada-ist sculpture of the base of the world

GDPR is going to be great for Facebook and Google.

“Over time, all data approaches deleted, or public.” — Norton’s Law. See Haunted By Data by Maciej Cegłowski and The State of Artificial Intelligence by Andrew Y Ng for more background and viewpoints.

Picture two types of data store, public and private. If your store is private, you can use it to advantage as suggested by Andrew Ng’s talk. If your store is public, everyone can use it and advantage is created in other ways.

Say a company wants to live dangerously and creates a private store of personally identifiable information about people. Say that company suffers a cybersecurity incident and the store of data becomes public. Say that there is no long term negative impact on that company.

Say that this pattern happens over and over again for many years. A sensible executive might infer that it’s not so dangerous to live dangerously.

Of course I’m talking about credit card number storage in the early days of web retail, not anything modern 🙂 For all of its issues, PCI changed the picture of credit card storage by putting real financial penalties on the problem.

Now companies either perform the minimum due diligence, with separate cardholder data environments and regular audits, or they outsource card-handling to another company that is focused on this problem.

Putting more and more credit card data into a single store obviously creates a watering hole problem, but it also allows focusing protective efforts. Overall it’s a net good. Until that third party hits a rough patch, but entropy is what it is.

Since GDPR has the same impact on a broader set of personal data, it seems likely that the same outcome will eventually occur. Either protect the data yourself, or outsource the problem to a broker.

The broker needs to provide analytics tools so you can do all the market and product research you wanted the data for. It would also be handy if they’d take care of AAA, minimizing the impact of change (name, address, legal status, &c).

And who’s in a great position to do all those things already? Google and Facebook.

Discover more from Monkeynoodle.Org

Subscribe to get the latest posts sent to your email.

Previous Post
Next Post