As digital technology continues to develop at a rapid pace, we have entered into unmapped territory in which we are no longer merely using the digital world as a tool –  we are living in it. But as attempts to regulate our data collection pick up, concerns as to their ability to fully restore our privacy rights remain.

Digital privacy, or lack thereof, is on the tip of everyone’s tongue – and with good reason. The benefits of having access to the digital world to satisfy our every whim have come with unprecedented ramifications. We are the holders of our own digital identities without being fully aware of what it means that our private lives now extend into our virtual ones.  

The problem data privacy advocates have pointed to for years is that what private individuals perceive as the advantages and benefits of the Internet exist within a framework that was set up by private enterprises that see our data, and therefore privacy, as a commodity.

The extent to which our data is used is alarming and transgresses our previous understanding of what privacy really means. The Cambridge Analytica scandal, a now infamous psychometric data analytics group who are believed to have been critically influential in the 2016 U.S. presidential elections, has provided new insight on the effects that the ever-increasing infringements on our privacy could have on our everyday lives.

Despite calls for change, representatives of Big Tech are reluctant to give up their freedom to use our private data. This is understandable, since freedom from regulation is at the core of Internet giants’ business models. The data extracted from users is what earns Facebook, Alphabet or Amazon their revenue, and privacy is a term these companies interpret differently. Data about digital behaviour is relentlessly collected and fed into algorithms to find possible preferences for the consumer and earnings for companies.

Let us not make any mistake, Big Tech as we know it takes advantage of the framework that is currently in place.  We could not have foreseen how the development of the Internet would lead to the ways we’re making use of it today; that is, a tool that allows us new levels of social interaction. But then the way in which our private data is used for marketing purposes and to influence our lives on a daily basis was not foreseen either. And that is to say nothing of the rise of virtual hate speech and the spread of fake news online. In light of this, it is time to start considering a rulebook that extends the protection of privacy rights into the digital world.

But what exactly should we regulate? The difficulty of answering this question could be seen during the US Senate hearings with Facebook CEO Mark Zuckerberg in April 2018. Policy-makers present were shown to be ill-educated on the Internet and the business models it has generated.

One example of how the use of personal data may be regulated is being spearheaded by the European Union with the “General Data Protection Regulation” which entered into force in late May 2018. It covers all private individuals, regulates the use of private data within the EU and is the first tool allowing for citizens to actively decide how their data may be processed. It may also simplify the regulatory environment for international business, but the workload to comply with the rules is hefty.

The GDPR takes hold of all nuances of everyday life, including police and criminal justice data exchange, newsletter subscription, and even streaming habits on the Internet. Every country is obliged to establish a supervisory authority for data privacy in order to hear and investigate complaints. People have to give consent to the processing of personal data for one or more specific purposes, and they can even request the anonymisation of their data, making it impossible to match people to their online data. Sanctions for businesses who are non-compliant are substantial: up to € 20 million or 2 percent of the annual global financial turnover of an enterprise.

Although countries such as Austria have already publicly announced they will not enforce the regulation, the scheme can provide us with a hint of how a framework to protect our digital selves might function. Future motivated policy-makers are needed to push it to the next level.

It can be said that the EU is now recognising that our identities have extended far into the digital landscape, and privacy rights beyond the offline world therefore need to be developed. Hopefully it is not too late.