The State of GDPR and Data Privacy 

Over the past couple of years, data privacy has been a focal point among executives and government leaders. In the wake of major scandals involving the likes of Facebook, officials have enacted measures like GDPR and CCPA in an effort to curb the mishandling of data — and give peace of mind to customers about their personal information.

Then the world flipped upside-down.

Now, leaders and decision makers are funneling their time and energy into crisis management, hoping to reverse the course of this global crisis and adjust as needed for the “new normal.” No stone will be left unturned, including those related to data protection and collection.

Prior to COVID-19, businesses and customers alike were still facing widespread data privacy issues, and discovering the limitations and flaws of policies like GDPR. These include thousands of recent data breaches because of continued gaps in protection, and millions of dollars in fines for businesses that didn't protect their customers or continued to misuse their privileged information. There are also complaints that government agencies are underperforming in their own measures, such as resources allocated to data protection watchdogs.

In the post-COVID world, not only are these issues ongoing — and their resolutions likely delayed — but experts predict a new set of challenges and debates in data privacy. A slippery situation is poised to grow even more complex. As a business owner and operator, staying up to date with data privacy matters is increasingly critical, especially as we head further into uncharted waters.

A significant component of the COVID recovery plan involves location tracking of patients and “contact tracing,” or logging details about the people who have come in contact with infected individuals. Tech giants like Apple and Google are leading the efforts, bringing COVID-focused apps to market with help from public health departments.

Contract tracing and patient location tracking will generate a flurry of personal data, which will inevitably create new privacy risks. The European Union has pushed for the anonymization of this data to help protect individuals, as well as published guidance that prevents these efforts from being used in broader surveillance.

However, many believe that increased population surveillance is now inevitable — and necessary, for the time being. A recent Fortune article notes that successful efforts in several Asian countries have shown that absent a vaccine or effective treatment, the best way to fight COVID-19 is to aggressively "track and trace" infected individuals. These efforts involve using tools like location tracking to smartphone apps to monitor shifting patterns of movement, indicating where restrictions should change and which people need to be informed of potential infection or contact with someone carrying the virus.

In the U.S., an increasing number of contact tracing efforts are going into effect or being planned. As millions of businesses prepare to reopen, employee monitoring may be the next major step in COVID safety, along with more aggressive health screenings. These considerations are already raising debate about worker privacy and what’s necessary vs. excessive.

Smartphone tracking was a controversial storyline well before the epidemic. In the “information economy,” user location data gathered by our mobile devices became a currency of sorts, helping marketers identify opportunities based on location histories and predictions. This same data became a target for cybercriminals, whether for targeted attacks or black market resale to data brokers.

Now, with tensions at a rolling boil, the specter of increased tracking adds yet another storyline to follow. But like the masks we’re now wearing on our daily walks, it may be a critical step in winning this unprecedented battle.

In the fall, data privacy measures will be on the ballot once again in California, this time with the California Privacy Rights Act (aka CCPA 2.0). It will include provisions to the law that “encourage data minimization and require opt-in rights around the use of sensitive data.” As COVID-related data tracking comes to the forefront, measures such as these could be paramount for balancing protection and abuse of trust when it comes to data privacy.

Steve Maul is the chief revenue officer for LocatorX, which provides technology that enables brands and consumers to access an item’s current location and audit trail from its origin, protecting against theft, counterfeiting, and product diversion while increasing consumer engagement with manufacturers.