Friday, 04 May 2018

The European Union's General Data Protection Regulation which will be enforced from 25th May 2018 will bolster open source software's underlying and have major implications for digital industries.

"Free software" means that user's freedom and comunity is respected. Users have the freedom to run, copy, distribute, study, change and improve the software. "Free" refers to matter of liberty rather than price.

Richard Stallman pointed out that running a free software operating system offers no protectio against the loss of control. Requiring the cloud computing service to use the GNU Affero GPL license does not solve this problem- just because users have access to the underlying code that is running on the servers does not mean they are in the driver's seat. The problem does not like with code but with the data.

By running free software on your own computer allows you to retain control of your own data, however this is not the case with cloud computing services or most online services (e.g. e-commerce sites or social networks). Highly personal data is routinely held by the companies in question. Whether or not they run their servers on open-source code (as most now do) is irrelevant, what matters is that they control your data- and you don't.

The new GDPR changes all of this. GDPR empowers people by giving them the ability to control their personal data, wherever it is stored, and whichever company is processing it. The GDPR will have a major impact on the entire online world because its reach is global as explained on the EU website- "The GDPR not only applies to organisations located within the applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company's location."

Under the legislation, companies which fail to comply with the new regulations can be fined up to 4% of their global turnover, regardless of where they are based. Google's total turnover last year was $110 billion, meaning non-compliance could cost them $4.4 billion. This almost guarantees that every business in the world which deals with EU citizens will be fully implementing the GDPR, in effect making it a privacy law for the whole world. According to a report in the Financial Times last year, the top 500 companies in the US alone will spend $7.8 billion in order to meet the new rules. 

Recent scandals such as Cambridge Analytic's massive collection of personal data using a Facebook app will also put pressure on businesses globally to strengthen their protections for personal data for everyone.

The GDPR contains two important rights; "the right to access" and "the right to be forgotten". "The right to access" means people are able to find out whether or not personal data concerning them is being processed by an organisation. They must be given a copy of the data, free of charge upon request. "The right to be forgotten" is the right to data erasure, this applies when data is no longer relevant to the original purposes for processing or when people have withdrawn consent. However, that right is not absolute, the public interest in the availabilty of the data may mean that it is not deleted.

The GDPR embraces "privacy by design and default". Privacy must be built in to technology from inception. Privacy can no longer be an afterthought. "Privacy must become integral to organizations priorities, project objectives, design processes, and planning operations. Privacy must be embedded into every standard, protocol and process that touches our lives." 

Due to their flexible process, transparency and feedback mechanisms, open-source projects are in a good position to make this happen. Also under the GDPR, computer security and encryption are becoming increasingly important. Especially with new requirements for "breach notifications". Both the relevant authorities and anyone affected must be informed rapidly of any breach. Open source applications may have an advantage here due to the ready availability of the source code which can then be examined for possible vulnerabilities. Fines for those who fail to comply with breach notifications (up to 2% of global turnover) could act as an additional incentive for companies to require open-source solutions so that they have the option to look for problems before they turn into expensive infractions of the GDPR.

Although the impact of the GDPR on open source is subtle, it is still profound. It will effectively address the key problems left unresolved by free software how to bestow users with the same kind of control that they enjoy over their own computers, when they use online services.

Latest jobs

Senior Java Developer

Hamburg, Germany | €50,000 - €80,000 pa

My client is a company based in Hamburg and they are currently seeking a Senior Java Developer.


Client Technical Support

Munich, Germany | €45,000 - €60,000 pa

My client is a company based in Munich and they are currently seeking a Client Technical Support

See all jobs Submit your CV

Register for an account

Create an account today to start applying for jobs and receive email alerts on your job criteria.

Register Today

J-People is a trademark of VMR Consultants | Registered Number: 4234001. VAT Number: 774 4848 82

Website design and built by: Revive.Digital