The Power of AI and Big Data: What Will GDPR and CCPA Mean for You?

by | Sep 16, 2019

What does your data say about you? More than you think. A study of the University of Edinburgh highlights the power of AI and big data to predict the views of “silent” social media users, while GDPR crackdown looms on California-operating companies anticipating CCPA implementation in January 2020.

Last week, a study at the University of Edinburgh demonstrated that AI could predict the political and religious views of “silent” social media users, or individuals who do not post any content online. Their findings demonstrated that existing methods of analysis which assess the text of an individual’s post was less effective than analyzing the way people engage with others content by liking or following specific posts and people. This proves that even online, actions speak louder than words. 

In the study, researchers examined the data of 2,000 public Twitter accounts and were able to reveal ~75% of people’s views on key issues, including atheism, feminism, and climate change, by assessing online actions (likes, followers, etc.) in combination with their personal posts. 

Such findings will revolutionize the way people track the data of social media users, unlocking the ability to accurately predict information about “silent” users for the first time. 

Researchers explained that this dangerous new approach leaves people vulnerable to being targetted with false information, as malicious users can better predict individuals behaviour and gear information that appeals to their personal biases. In light of this, the researchers call for “improved privacy measures to prevent publically available data being used to infer people’s personal views.” (Source)

Such findings highlight the potential abuse of power when pairing AI with big data, as well as the “need to develop regulations and counter algorithms to preserve the privacy of social media users.” (Source) However, changes in privacy protection, are necessary not just in terms of social media, but across all sources and activities. 

Last week, GDPR indicated a willingness to impose monumental fines in cases of extreme data breaches, as a record £183 million fine was dolled out to British Airlines as a result of a breach on their website which redirected users to a fake site that compromised 500,000 individuals’ personal data (Source). The size of the fine suggests that one year in, GDPR is calling on companies to respect data regulations with the threat of pursuance by regulatory authorities.

The fine was equivalent to 1.5% of their 2017 global revenue, a fraction of the potential financial penalty. In the future, we expect to see fines upwards of USD $3 billion, as the Information Commissioner’s Office (ICO) has the potential to assign noncompliance fines of up to 4% of a company’s global revenue. With such high stakes, and a national US data privacy law in the works, a transformation of corporate responsibility and accountability is coming.

In January 2020, the California Consumer Privacy Act (CCPA) legislature will be implemented, marking a real change in data privacy (Source). With the intention to increase the transparency of data usage by tech giants and data trafficking companies, this will enable Californians to have more control over their data. Starting in a few months time, all Californians will be able to request for their information to be provided to them or deleted, and opt-out of it being sold from retailers, restaurants, banks, and many other companies. In fact, this will relate to any for-profit business that does business in California or collects data on California residents that meets any of the following criteria: (a) has an annual revenue of over $25 million, (b) holds information on over 50,000 consumers, or (c) earns 50% of its annual revenue by selling user data. This means that even companies who only have an online presence that services Californians will be affected. According to IAPP, approximately 500,000 US businesses will meet the criteria, including the likes of Starbucks Corp., Wells Fargo, and Mattel Inc.

The new rights given to Californians will require most companies to overhaul their data collections systems. As of today, the mass of disparate systems used to store data will not enable companies to provide accurate results to state residents. However, despite the looming deadline, a PricewaterhouseCoopers survey last year of over 300 executives of US companies with a revenue of over USD $500 million, showed that only 52% of respondents expected their company to be CCPA-compliant by January 2020. On the other hand, companies like the Gap, who operate in Europe and had to become in compliance with GDPR last year are at an advantage moving forward.

While CCPA legislature infractions are not the same as those of GDPR, the fines could easily equate to USD $1 million. This is because any business operating in California could face civil charges of $750 per violation per user. This means that sizeable data breaches in corporations with large customer bases will add-up quickly (Source).

In the wake of GDPR crackdowns, perhaps the prospect of monstrous regulatory penalties will motive some companies to change rapidly to avoid the potential of hefty fines and ensure customer trust remains at a high in the emerging digital economy.

On top of that, as more governments begin to implement privacy protection laws, the potential for companies to be held legally and financially accountable for their data breaches by multiple regulatory authorities across levels of government holds a real possibility. The message is clear, as AI and big data to continue to unlock ways to analyze people, corporations must improve their data security and privacy protection techniques, or risk fines that will have a real impact on business operations.

Join our newsletter