Addressing a knowledge gap of key digital requirements
Key digital requirements like GDPR enforcement, cookies and password management are part of our everyday lives, but many people still don't understand why they’ve been implemented and how they affect us. How can we address this knowledge gap?
Key digital requirements like General Data Protection Regulation (GDPR) enforcement, cookies and password management are ubiquitous but lack a robust educational element. This means that although these requirements are a factor in our everyday lives, many people still misunderstand why they’ve been implemented and how they affect us.
The EU’s GDPR legislation was introduced on 25 May 2018 and will be brought into UK law post-Brexit as the ‘UK GDPR’. GDPR aimed to strengthen data protection for everybody. It replaces the older 1998 Data Protection Act (DPA) with a stronger emphasis on individual consent before personal data is gathered and stored. GDPR further dictates that data holders must store personal data securely. Fines for GDPR violations increased by as much as 40% in 2020, proving that many businesses are still struggling to properly gain consent and store data securely.
Many lower-level employees unwittingly commit GDPR violations, which puts the wider business they’re working for at risk of receiving huge fines. Two examples are email sign-up sheets, which are still ubiquitous, despite frequently not accurately securing consent from those who sign-up to make their email address visible to everyone else. It’s also not uncommon for couriers to reveal personal information, like phone numbers and addresses, when delivering a parcel to a neighbour’s address or designated safe space (like a corner shop, for example), although that violates GDPR.
Cookie control, the message that pops up whenever you visit a website asking for your consent to store cookies, was introduced after the 2011 EU Cookie Law. Post-Brexit, it’s unclear whether or not UK citizens will continue to be subject to cookie control. While it still stands though, many people quickly accept cookies tracking their behaviour on-site without understanding how cookies work.
Tracking pixels are often used in conjunction with cookies to monitor the behaviour of internet users and target advertisements to them more effectively. Although many people can surmise why they’re being advertised a product they’ve already viewed, inferred marketing can often be disquieting and creepy. It’s not uncommon to hear people say: “My phone’s listening to me” because their targeted advertisements are so close to products they’ve mentioned. However, it’s not the case that your phone’s listening to you. Instead, intelligent algorithms are getting better at advertising products based on your browsing history. For example, if you’re Googling ‘back pain’, it’s not uncommon to be advertised mattresses. Educating people widely on this will demystify cookies and empower individuals to make intelligent choices when they’re being marketed to.
Although there are not the same legal obligations regarding password formatting, we’re frequently subject to archaic password requirements. More needs to be done to explain to people why 16-character passwords, with a random assortment of letters and digits, are more secure. Many people seem to have a vision of hackers trying to guess passwords manually; as if there’s a hooded figure typing ‘Password1… no, Password2’ into your Sainsbury’s banking account. In reality, computer systems can guess at the slowest speed about 1500 passwords a second. If more people were aware of this, they may take their password security more seriously and protect their data better.
NCFE’s mission is to power education access. We plan to make free resources that explain exactly what a cookie is, and what GDPR is, and how both relate to you. We want to educate the public on proper password management, so they feel empowered to take control of their data security. Our plan is to close the knowledge gap with freely available resources that empower individuals.