Today in my Digital Culture class we discussed the idea of Cultural Lag which is defined as:
a condition of strain or maladjustment produced by the lagging of one of two corelating parts of culture behind the other. (Schneider, 1945)
An example of this would be privacy laws around data protection on the internet being passed years after the founding of the internet. The culture of privacy has lagged behind the culture of the internet.
Governments are trying to fix this lag with laws like the General Data Protection Regulation (GDPR) which was purposed in January 2012 (Voss, 2012) but took until 2018 to take effect. In taking 6 years to come into effect the lag has grown between what people and companies have been doing to protect user’s privacy and what the law says they should be doing.
Until 2018 anything that a company did was mostly up to them and their own business ethics. Now everyone is being held to a similar level of account. The questions now are, is the law accurate for the times? Is the law feasible? Is the law accomplishable? I attended a training recently for school leaders and one of the takeaways I had is that teachers need to ask if you can really access what they want to access in the way that they have planned to access it. In other words, will that assessment type actually access the skills, knowledge or understanding that you think it accesses?
I wonder if GDPR is truly able to do what it wants to do in the way it wants to do it or will it end up becoming so unmanageable and unreasonable that companies will be unable to function within the regulations.
I also wonder if GDPR is someone taking away the personal responsibility a user has to protect themselves online. Users have been told for years how their data will be used, but how many of them actually took the time to read the user agreement before clicking “accept”? As a person in a school who is responsible for creating student accounts, I do take the time to read them. Even before GDPR come into action many companies clearly stated how they used data and what data they collected. You simply had to read and make a decision for yourself.
The problem comes when people say but I have to click “agree” to use the service and I “want” the service but I don’t want them doing … with my data. Well, then you don’t use the service. You can’t have it both ways. The company clearly states (yes not always) how they use your data. Your “wants” are not the companies responsibilities.
I have had to tell teachers repeatedly that they can’t have a program/app because it doesn’t meet with guidelines acceptable for use with students. Their response is but it does exactly what we want and we won’t put any personal information in. Sorry but not allowed. And yes sometimes those companies only put restrictions in so that they don’t have to deal with the legal issues, but “thems the breaks”.
I also think that topics like GDPR help give rise to scare tactics. “See there are all of these bad companies out there trying to sell your data and you are going to have trouble with your privacy from this”. Data being sold is not a new issue. My mom receives magazines all of the time that she never ordered. Someone sells her address to a subscription company, they send her a couple of magazines and then a “You’ve had a few copies, now try a subscription” notice or even worse a “Your subscription is about to run out” when she doesn’t even have one notice.
We have all had our phone numbers sold on. These are exactly the type of data problems that the internet has. Have any laws, rules, or regulations been effective at preventing them?
Yes, it’s annoying and yes there should be accountability but is accountability even possible? And if it isn’t possible what is possible in regards to data protection of personal data?
Schneider, J. (1945). Cultural Lag: What Is It? American Sociological Review, 10(6), 786-791. Retrieved from http://www.jstor.org/stable/2085849
Voss, W. (2012). Preparing for the Proposed EU General Data Protection Regulation: With or without Amendments. Business Law Today, 1-5. Retrieved from http://www.jstor.org/stable/businesslawtoday.2012.11.02