Moodle 3.5 gave a definitive solution on the technical side to site privacy-responsible roles and concerns about the LMS’s ability to handle rules and user requests for their data and “information about their information.” However, it bears repeating: Moodle’s tools provide a technical solution, but actual compliance depends on the information manager’s ability to respond to requests. Then again, sound sensitive data practices should be encouraged by Moodle at all levels, across scales and geographies.
If security as a core value is not reason enough to enforce data privacy policies, perhaps the world news regarding compliance should serve as a healthy scare. Beyond Europe, but definitely thanks to GDPR –although not exclusively, there is also a fair amount of fake news to thank–, more places around the world are getting serious about protecting their citizens’ data, and their own as well. Here are some recent events likely inspred by GDPR.
The California Consumer Privacy Act of 2018 has passed into law. Going as far as being called “GDPR on steroids,” it allows Californians to request full erasure of their digital information. But unlike the recurring, vague wording of the European text, California’s includes no-room-for-error passages, including the citizen’s ability to demand absolutely no sharing of personal data with a third party of any kind. Its passing is particularly interesting considering the power of Silicon Valley and its position on user data. All the US-based tech giants you can think of gathered behind industry lobby Internet Association against it, to no avail. CCPA will go into effect in 2020.
Slower to enforce digital rights than industrialized countries –not to say Europe’s signing of GDPR was in any way speedy–, emerging economies are increasingly connected and aware, at least in the urban areas and sprawling digital hubs. Furthermore, many regions, like Latin America or the ASEAN countries, place a large weight on the digital economy to sustain their rates of economic growth and progress against poverty and towards development. Some countries might still be years away from being in a position to enforce legal privacy provisions, but others, like Vietnam, could help the GDPR momentum across the periphery. The Socialist Republic’s new cybersecurity law, in GDPR fashion, will now require foreign internet-based companies to store their citizen’s data within their geography. The less laudable part of the law involves the government’s ability to request user data if they are “suspected of anti-state activity.”
Not content with GDPR, the European Parliament is heading towards a new directive, this time focusing on copyright. The proposed new law would demand media platforms, including social networks, to embed copyright filters and obtain licenses before being able to add outbound links to news and other sites. Opposers, including hundreds of European Parliament members, argue that, as well-intentioned as the law might be, its consequences for the freedom of information could be nefarious. Wikipedia, for example, could be lethally compromised.
The “less-than-democratic” parts of the world
Around the world, particularly in places deemed “oppressive” by Human Rights Watch, the fact that many companies decide to just secure everyone, not just Europeans, with the same GDPR-based safeguards, could be construed as a civil victory. It is commonplace that regimes curtailing freedom of expression set harsh censorship online, something GDPR can do little about. But the second act in many places involves the use of personal data to target who they deem “problematic,” or worse. As a recent HRW Q&A document argues, these people can make sure no system stores information about themselves, or more generally helps authoritarian officials from leveraging it against them. This news could be a source of hope for millions the way encryption failed to, as time and again private companies gave in. ■