My last post was about the dangers of spoofing / malware / ID theft - and a major reason why this is happening so much is that too many companies are recklessly and carelessly exploiting customer details and data - in fact various different types of your personal digital signature and ID. You for example order a pizza online - and are forced to fill in a mobile phone field - meaning forever after you have to fend off myriad call centres up and down the country or indeed on other continents - where the initial site has somehow managed to distribute your details to all and sundry, sometimes intentionally and for payment, yet occasionally unintentionally too. These sites try to catch you out by changing around the sign up mechanisms - so sometimes you tick the boxes to opt out, sometimes to opt in - and occasionally this is switched around every now and again to catch you out - GDPR should bring a halt to that.
In this modern age of personal ID / identity theft and interception of transactional and message data, anyone not using some form of ad or privacy blocker is woefully and naively exposed. There are so many threats to your personal data now that you are under assault pretty much 24/7. GDPR serves to redress the balance a little and put control and ownership back in the hands of the consumer / original identity owner - so that their personal and private data cannot be shared willy-nilly to any scheming or potentially criminal party out there. List brokers rarely do any due diligence on whom they are selling their data lists to - and from 28th of May, they will be explicitly forbidden by law to do so unless you give you exact and very explicit consent on each occasion - for whatever way said company may choose to process or pass on your data. If you have not explicitly consented then they are breaking the law and can be fined as much as the equivalent of €20 million or 4% of group worldwide turnover - whichever is greater.
So GDPR should pretty much kill dead in one way or another any and all unsolicited calls and messages you have hitherto been subjected to. GDPR should in theory cover for most types of spoofing and spam, but there will of course be unscrupulous parties that try to navigate around this. It does NOT also cover the kind of App and Account Sign-In spoofing we’ve been seeing of late.
The various Tech companies need to up their game considerably too so that the wrong party does not get hauled into court - by way of someone spoofing their domains or brands in any way. Of course Fraud is Fraud, but I believe there is so much more that Google, Amazon and Apple could do to safeguard their consumers.
I think the case is similar to vehicle security - where auto manufacturers have done little to make their vehicles more theft-proof in the last few years, in fact several vehicles seem to be easier to hijack than before. Legislation is needed also to enforce new standard of security and authentication which easily and properly prevent the really enormous amount of internet crime that happens on a daily basis.
With GDPR - you are back in charge and with full ownership of all your customer details and data - as well as anything and everything that can be done with them. Companies that you are signed up to for services need to fully and transparently set out exactly how they use your details, and need your explicit consent to maintain records or do any data processing with those details in pretty much any way and if you don’t like the look of something you can opt out, or even demand erasure / complete removal of your details.
Companies will be obliged to indicated how your data will be processed and by whom, and exactly on what basis and how that is justified as part of delivering a service/services you have signed up for. If you don’t like something you see - you can permanently and perpetually opt out. You can demand also that any organisation that holds data send you the full breakdown of every single datapoint they have on you and for what purposes they have it. If it cannot be justified, then said organisation is in breech of GDPR and stands to face very stiff penalties.
I personally cannot see how Direct Marketing and List Brokerages can navigate around this - for if you don’t want any third parties to hold or use your details then they are obliged by law to stay away.
A lot of companies have contributed to and inadvertently perpetuated the fraudulent landscape that currently exists - by exercising no due diligence or safety controls and simply selling or passing on sensitive details to all and sundry. So GDPR should bring a halt to a lot of the fraud, even though there are a number of spoofing techniques that will still need separate measures to be tackled. Those practices are already illegal, yet the major networks and Technology companies have not yet overly committed themselves to ramping up their security levels to adequately deal with much of what is currently out there.