Internet of Things
IoT Viewpoints explore the IoT opportunity in 2018 and beyond. Download our latest e-book to get our newest collection of thought leadership articles on the emerging IoT trends, technologies and opportunities.
The General Data Protection Regulation (GDPR) now being enacted throughout the European Union gives consumers new rights and powers regarding access to and use of their personal data by businesses. While those powers are intended for individuals, they create a unique opportunity for collective action.
Article 15 of the GDPR gives EU citizens the right to demand access to their personal data and a description of how it is being used. Upon request, the data protection officer of the company must provide an overview of the types of data being used, as well as a copy of the actual data, the purposes to which it is being put, who has access to it, and how it was acquired. This must be done within one month of receiving the request. Furthermore, Article 17 provides a right of erasure, meaning citizens can request erasure of all their personal data for a variety of reasons and can ask to never be contacted by that company again, barring a legitimate reason, such as execution of a contract.
On the individual level, these rights and requirements are harmless and work as the GDPR is intended: to provide greater control of privacy and security for EU citizens and their data. However, the legislation does not appear to consider what would happen if a large group of citizens were to coordinate their actions and make their requests at the same time. Subject data access requests cannot be ignored and are not supposed to be unduly delayed once received. The processing of these requests – a nontrivial task – can overwhelm a company's ability to comply, slowing its operations to a crawl in order to process them or subjecting them to significant fines if they fail to comply. In short, if enough people decide to act, they can effectively cripple a company, or at least some of its departments, by performing what is in effect a distributed denial-of-service attack.
Realistically speaking, it is unlikely that such a "consumer strike" will be at all common, as the effort required would probably be reserved for egregiously bad corporate behavior. There are enough cases where normal protests and boycotts have grown beyond a business's ability to tolerate, though, that such a scenario cannot be overlooked. Another consideration is that there does not appear to be any proof required on the part of the citizens that a company is using or accessing their data before they make a disclosure request, so mass actions can quickly grow to immense scope, whether they are based on legitimate complaints or not.
GDPR and the Critical Importance of Locating Personal Data, IT0014-003324 (August 2017)
"Fines aren't the only penalty awaiting businesses under GDPR," INT002-000049 (December 2017)
Marshall Lager, Senior Analyst, Customer Engagement
Service Provider Markets
ByMike Roberts 01 Oct 2018
Verizon 5G Home is a milestone in the telecoms market because it is the first large-scale commercial launch of broadband services based on 5G technologies, albeit not on a fully standardized version of those technologies.
ByEvan Kirchheimer 26 Apr 2018
Service provider interest in justifying 5G investment through its potential to open new revenue streams from the enterprise segment is growing ever greater.
Europe, Middle East & Africa team - +44 (0) 207 017 7700
Asia-Pacific team - +61 (0)3 960 16700
US team - +1 646 957 8878
Already an Ovum client? Login to the Knowledge Center now