JUNE 27 2023
5 years of RGPD: is the label of trust established or is its legitimacy still contested?Since it came into force on 25 May 2018, the General Data Protection Regulation (GDPR) has played a significant role in safeguarding personal data and digital rights. So, five years on, has the RGPD become an indicator of consumer confidence in businesses or, like a king without a crown, is it still seeking its legitimacy? Major challenges remain: its uneven compliance and its necessary adaptation to technological developments, the risks linked to Artificial Intelligence (AI) and the changing needs of European citizens.
For the past 5 years, the RGPD has played a key role in ensuring respect for personal data, making stakeholders more accountable and harmonising regulations across Europe. But although the regulation affects all types of business, including SMEs, VSEs, professions and healthcare practitioners, many companies still seem to think that the RGPD applies mainly to the digital giants, overlooking their own obligations. It is not uncommon to read in the media about digital giants being fined for failing to comply with the RGPD. Just last week, Virgule.lu reported that Spotify had been fined nearly €5 million for failing to communicate accurately enough about how it uses its users' data. At the end of May, Le Quotidien reported that Meta had been fined €1.2 billion for breaching data protection rules. To ensure compliance with the RGPD, it is essential to raise awareness and adopt a proactive approach to ensure proper compliance.
The development of artificial intelligence also raises new challenges. The current legal framework must be sufficiently robust and relevant to govern the use of personal data by these new tools. On Thursday 15 June 2023, Delano reported that the previous day MEPs had voted on new rules aimed at limiting the risks associated with AI and promoting its ethical use, in line with EU values, particularly as regards human surveillance, privacy and non-discrimination. Protecting privacy in the development of AI is a crucial issue for maintaining trust and ethics. The main challenge is to shape the development of privacy-friendly AI by providing appropriate and pragmatic support to the players in this sector, in order to avoid any misuse of personal data while promoting innovation and growth.
In this context, communication plays a central role for businesses. By establishing transparent, clear and ongoing communication with users and promoting effective internal communication, businesses can strengthen their compliance, preserve user confidence and seize the opportunities offered by technological developments while protecting the privacy of individuals. According to our recent LinkedIn survey, 50% of consumers say they are more likely to trust a company that clearly communicates its data protection practices. The RGDP has become a mark of trust, a differentiator. Communication should therefore be seen as an essential part of the RGPD compliance strategy, enabling companies to preserve their reputation, gain the trust of users and stay in step with regulatory developments.
Author: Jennifer Pierrard - Adapted into English by Natalia Núñez Bolaño