Cyber intelligence is probably one of the important weapons against terrorism.
GDPR is a barrier against the freedom of intrusion of a wide variety of powers in the personal life of common people.
These two statements are strictly connected: that’s why one of the most heard statements in these dark days is “less privacy for more security”.
Looking more in depth at the variety of powers mentioned above, we find governmental intelligence agencies first, followed by anti-crime organizations but the list doesn’t stop here: terrorism supporting organizations are at work as well with cybercrime. Finally there is the business either to self protect or to expand its reach.
A lot of different powers, some good, some bad, some grey. Are we able to distinguish? Are we able to keep a different approach towards each of them, or the security push is going to crush every defence, including, perhaps, also the GDPR?
This the first issue but not the only one.
The GDPR approval process is happening while:
- the safe harbour agreement is cancelled making transatlantic relations more difficult
- the cloud strategy is entering its main course with its potentially uncontrolled data export implications,
- Russia approves a privacy bill that imposes to keep Russian citizens’ data inside Russian borders, and
- US re-states that data stored on a server owned by an US Company are under US legislation regardless where the server is located.
Free information movement across borders is one of the cornerstones of the internet era and for a long time we have been used to reading stories about social media helping people movements against dictatorships.
Now it seems that Governments are realizing that information is really a relevant piece of their power and that they are starting to look at the noble data protection right in a new way: as a useful tool to control somehow the cross border information flow or, otherwise, as a constraint to the possibility to benefit from such a flow.
It’s really difficult to foresee the end of this story and probably it is also useless. What is really crucial is the awareness that our discussion on GDPR is not just a technical issue for a small group of professionals but a key issue which our future of citizens, not only of professionals, will be built on.