#GDPR compliance: Manetu to the rescue?

| March 18, 2020

On 11 March, Swedish regulators slapped Google with a $7.6 million fine for failing to adequately respond to customers’ requests to have their personal information removed from the search engine’s listings. The penalty was the ninth-highest since the EU’s watershed General Data Protection Regulation (GDPR) kicked into force in May 2018–yet it paled in comparison to the €50 million fine French data protection authorities hit Google with in January 2019.

To make matters worse, less than a week after the Swedish decision, one of Google’s smaller rivals filed a GDPR complaint with Irish regulators. The rival firm, open-source web browser Brave, alleges that the tech giant has failed to collect specific consent for sharing consumers’ data across its various services, and that its privacy policies are “hopelessly vague”. The latest complaint means that Google’s data collection practices are currently facing three open investigations by Irish privacy authorities.

Nor is Google the only company to face increased scrutiny over the management of its customers’ data. While the GDPR has netted some €114 million in fines so far, regulators across the European Union are itching to enforce the sweeping privacy regulations more thoroughly. Companies, for their part, simply aren’t prepared. Nearly two years after the GDPR entered into force, some 30% of European firms are still out of lockstep with the regulation, while surveys of European and North American executives have identified privacy risk monitoring as one of the most serious issues affecting their firms.

Despite spending billions of euro on lawyers and data protection consultants, many companies which process and retain consumer data—in practice, nearly all businesses— have not have developed a clear plan to ensure they are fully compliant with cutting-edge privacy legislation like the GDPR. Even the majority of companies which have been certified compliant are concerned that they will be unable to maintain their compliance long-term.

Among the particularly thorny issues firms are grappling with are how to pull together all the data they hold on any given consumer—and how to modify or remove that data following a customer request under the GDPR or similar legislation, such as California’s Consumer Privacy Act (CCPA).

A variety of start-ups, however, are springing up to offer innovative solutions to ease the burden of complying with increasingly strict privacy legislation. The latest, Manetu, is set to roll out its Consumer Privacy Management (CPM) software in April. The software uses machine learning and correlation algorithms to pull together any personally identifiable information which businesses are holding onto—including some data which they may not even be aware of. Consumers can then access the system to manage the permissions they’ve granted for their data, including at a highly granular level.

At the core of Manetu’s approach is the notion that giving consumers greater control over their data—a pillar of legislation like the GDPR—is good both for customers and for businesses. As CEO Moiz Kohari explained, “Putting consumers in control isn’t just the right thing to do. Ultimately, it’s good business. Treat your customers well is an old mantra, and it’s still a great one. But in today’s world, we also need to treat their data right. Do that, and you’ll earn a bond of trust that will pay dividends for a long time.”

In addition to earning customers’ trust, a more consumer-centred method of managing data can help companies optimise time and resources—both while processing data and when proving compliance with GDPR or other privacy legislation. Automating consumer requests to access, modify or delete their data drastically reduces the costs companies are currently incurring by manually addressing these requests.

In a similar way to how blockchain technology makes markets more transparent by recording all transactions in a permanent ledger, Manetu’s platform combines automation with an immutable log of exactly what permissions consumers have granted and when, and how, they have changed those permissions.

This documentation can be invaluable to companies needing to demonstrate to regulators that they are compliant with privacy regulations like the GDPR. EU rules establish, among other things, a “right to be forgotten.” Manetu’s log allows firms to both comply with “forget me” requests and prove that they’ve done so—without retaining access to information that the consumer has asked them to forget. Firms will be able to point to a comprehensive register of all the permissions users had granted or withdrawn.

The twin blows against Google—the GDPR fine imposed by Swedish authorities and the fresh investigation by Irish privacy regulators—confirm that data privacy will be one of the biggest challenges facing firms operating in Europe for the foreseeable future. It will be increasingly imperative for companies to streamline their data management processes to enable them to have the level of oversight which both regulators and consumers now expect.

Comments

Facebook comments

Tags: , , , , , , , , ,

Category: A Frontpage, Business Information, BUSINESSEUROPE, Competitiveness, Consumer protection, Consumers, Copyright legislation, Data, Data protection, Digital economy, Digital Single Market, Digital Society, EU, European Data Protection Supervisor (EDPS), Open data, Regulations, Single Market

Comments are closed.