Chances are you have heard the European Union is strengthening data protection for EU citizens. Much has been written about how this will make things more difficult for companies such as Google and Facebook when it comes to navigating in Europe.
The truth is, the General Data Protection Regulation (GDPR) will impact any company that in any way handles data relating to individuals in the European Union/European Economic Area. This is pretty much every company that does business in the EU, including news media.
Starting on May 25, 2018, the GDPR is meant to modernise data protection laws. The previous regulation, which is more than 20 years old, was created pre-digitalisation and cloud. It didn’t foresee either Big Data or the enormous volumes of cross-border data traffic we are experiencing today.
Privacy tech to the rescue
One way to look at the GDPR is as an opportunity for the industry to catch up on data protection. At Schibsted, we are treating it as a springboard to sharpen our technology related to privacy. We want to use it to build trust and strengthen our relationship with the end users.
Our privacy engineering lead, Dr. Narasimha Raghavan Veeraragavan, is not surprised privacy engineering is getting a lot more traction in the tech community these days. His vision is that data protection and privacy will become a key distinguishing factor for Schibsted’s online business.
Enter Schibsted’s Privacy Broker, a piece of software that enables privacy controls in large-scale systems and addresses quite a few of the GDPR requirements.
Dr. Veeraragavan usually describes Privacy Broker as a centralised privacy control box, which will eventually integrate all Schibsted services that process personal data.
The ultimate goal for Privacy Broker is to effectuate users’ control choices across our tech stack. It will provide scale and a reliable communication platform to communicate the privacy choices of users to relevant services that process the personal data of end users. It will also guarantee the privacy choices are honoured by all relevant services within a certain time period.
How it works
Considering the massive portfolio of products and services we offer, the privacy team realised users may do privacy control settings at various sites and with consequences for numerous systems and solutions. The users’ control settings only make sense if the settings are honoured by the relevant backend services. For the backend services to honour the settings, it is crucial for the services to know what a user’s choice is on every privacy setting offered to the end user.
So, how do we take the choices of 200+ million users to the appropriate backend services in a scalable and reliable way? This is what Privacy Broker does. Between now and next May, it will integrate several thousand services that power up our products. We will first roll it out in Europe to meet the GDPR deadline, and then to the rest of the world.