GDPR and Mojeek
23 May 2018
Scandal after scandal. Making all the front pages, the best example would be Facebook's frail and unwilling grasp on the privacy of it's users and how this has recently taken the world by storm. This issue surrounding the sanctity of user identity stored in online data is being talked about and explored more so now than ever before. About time! Whether that's specifically to do with GDPR or a simply a wake up call, it has become clear that change is needed after countless amounts of personal data over the years have been collected, distributed and abused by many companies.
With the looming implementation of the GDPR on May 25th it's not just the tech giants that need to worry about the negative press and potential crippling fines coming their way (this can be up to €20 million or 4% of annual global revenue, whichever is larger). GDPR can affect many companies, from a local artisan cafe with a monthly newsletter, to a recruitment agency who still email an applicant from 3 years ago, despite the fact they have had 4 jobs since, to the corporate business sitting on an old database full of potential leads from countless networking events waiting to be taken advantage of.
What is GDPR?
The GDPR stands for the General Data Protection Regulation. GDPR is a law that applies to companies that do business within Europe, regardless of being a member of the EU, so Brexit means nothing for those within the UK. There are some fundamental points in regard to controlling personal data that these companies now have to abide by. Personal data, being personal information related to the individual, such as names, email addresses, location details, IP addresses and more. When dealing and controlling data on individuals, companies must be as transparent and crystal clear as possible. Data must be determined necessary to the functionality of the company with security measures put in place. When there's a data breach, hushing it up is not going to help as there is a maximum of 72 hours after becoming aware of the data breach to make the report and individuals may have to be notified. In fact, if the individuals rights are infringed in any way then you are not GDPR compliant.
According to GDPR, individuals have:
- The right to be informed - individuals must be notified before data is gathered allowing users to have an option to opt in/out for their data to be gathered with clear consent given.
- The right of access - upon request, an individual should be given a copy of personal data used with details of how it is being used within 30 days.
- The right to rectification - individuals can request for their data to be authentically changed if the pre-exisitng data is incorrect or incomplete.
- The right to erasure (right to be forgotten) - if the user is no longer a customer or if they don't give the company consent, their data should be deleted.
- The right to restrict processing - individuals can simply request that their data is not to be used for processing.
- The right to data portability - the individual can have personal data transmitted from one controller of the data to another.
- The right to object - individuals can stop the processing of data for direct marketing, once requested, the controller must stop processing.
- Rights in relation to automated decision making and profiling - Companies can only do this type of decision making when it is necessary for the entry into/or performance of a contract, authorised by member state law, or consented to by the individual.
It might be important to read the GDPR in full, just to ensure you know what it takes to become fully compliant. It's hardly bedtime reading, but if you want to make sure you tick all the boxes and have some time to spend reading all 99 articles, we highly recommend you do.
Additionally, Hacker News has, and continues to feature a lot of healthy discussion on the interpretation of GDPR. In some instances, some debate it's affect on SMEs stretching their resources too much, whereas others justify GDPR, calling for calm on the hysteria which has arisen. Nonetheless, it might also be useful to read some of these debates to see where your business stands, and to understand the importance of becoming fully compliant.
How does GDPR affect Mojeek?
Fortunately for Mojeek, GDPR mainly doesn't affect us. This is by no means because we have managed to dodge the changes to the law. It is simply because we live and breathe the fundamentals of GDPR as it essentially glues Mojeek together. As a search engine which values privacy, this revolves around our no user tracking policy, where we don't attain or store any personal data on the people that use Mojeek.
The remaining standard log data (country, time/date, page requested, referral data, and browser), only contains non-identifiable data and in any case, would never be sold or distributed to any third parties. This data is kept private for the sole purpose of storing historical traffic volumes and country demographics of our visitors. Unlike other search engines who track and store your data for increasing advertising revenue, our agenda is to do what is 'right', therefore ensuring users are given genuine and unbiased search results without compromising their privacy.
Many businesses are dreading May 25th and sweating at the thought of GDPR being implemented, but we believe it shouldn't be seen as a pain at all. Instead, it is a chance establish a better relationship with the individuals your services and products are designed for. Understanding why customers value privacy could be an extremely useful opportunity to learn and lead your market. Especially when an individual's identity is at stake, we believe ignoring GDPR is not only financially risky, it is an abuse of their fundamental human rights.
Here at Mojeek, privacy is at the heart of everything we do. Where other search engines and online services fail to respect your identity, we succeed. When using Mojeek your personal information is anonymous, meaning you are free to search the web without the ominous feeling of trackers lurking over you and following you around. Mojeek wants to do what is 'right', so we believe respecting your privacy is one fundamental way of doing just that. Hopefully, other companies will be also inspired by the values of GDPR and how they are paramount for giving the power back to users online, as it should be.
23 May 2018