The Council of the European Union, the European Commission and the European Parliament designed the GDPR (General Data Protection Regulation) in an effort to protect people’s personal data and privacy when on a website. Through the GDPR, websites are now required to disclose to users that cookies will be used to track their digital footprint and allow users to opt out. Most users find it cumbersome to complete the process and disregard the option. There is also a regulation that grants users the right to be forgotten which allows them to contact companies that collect, analyze and sell their data and request that they be deleted from their databases.  

GDPR laws were not designed in the interest of the user but rather in the interest of the Big Tech giants: Google, Facebook, Amazon, Apple and Microsoft. These key content providers and data collectors, along with many others, profit on the acquisition of user data. Google’s business model masters the art of data collection with Facebook, Amazon and Apple following in their footsteps. Microsoft, while a slightly smaller player in this arena, should not be overlooked for their influence in helping craft the GDPR.

Along with Big Tech, politicians have used the GDPR as a false cover to pretend they are concerned with digital privacy. If politicians really wanted to protect users’ digital data from Big Tech, then the laws would have been differently crafted. The right to be forgotten has confusing loopholes and is nearly impossible for users to implement. In order to be forgotten, a user must make a request to every individual company that collects data and ask to be removed. It’s a daunting task because there are so many companies who collect, analyze and sell data and it’s almost impossible to track them all down. Even if you could contact all these companies, they are constantly generating new partners with whom they transfer your data and the endless cycle continues. This is insanity.  If the laws were crafted with users’ privacy as the primary concern, they wouldn’t be called ‘the right to be forgotten’ but rather ‘the right to be remembered’.  

Let’s pretend the GDPR laws allowed users the same, simple ability to opt out of being tracked as it currently does now to opt in with a single click. If this were the case, websites would never get any user information! Big Tech companies are not affected by GDPR regulations because people are lazy, don’t care or simply do not understand what’s at stake.  If there was a right to be remembered then users would have a real choice, not an obscure, confusing set of steps deeply entrenched within a privacy policy or user agreement. The problem is that users are “informed” but not in ways they can ever access. Who reads a privacy policy or user agreement? It’s easy to slip in consent to collect data in these online documents. It would be much more difficult if every third party host who wanted to place a tracking cookie on your device had to ask for your consent every time. No one would take the time to write companies to allow themselves to be tracked and people would have a real chance at protecting their digital information. These laws need to be re-thought and re-crafted to truly protect digital information.