GDPR conundrums

 

 

Consider this.

Imagine you have applied for a patent. Patent award approval takes some time (or more) and during that period, your name is publicly available and related to that patent request to be granted.

And after that. until a patent expires and goes into the archive. Where your name is still available and associated with a patent expired.

All of that is standard patent related stuff. And this is rightly so. But. In that context only.  In the context of individuals data protection probably not. How?

Each of us. Yes, not some, but each person who was ever doing anything on the Internet. Has a set of data grouped and tagged as uniquely describing a single person. You for example. And now that you have applied for a patent, there is even, more details available about you. And publicly so.

GDPR describes this kind of situation as “special categories of data”.  The patent approval process is tested, mature and proven. And it requires the requestor name be known. Publicly. And I assume requestor knew this in advance and has given a consent for its data to be in a public domain.

But this is just in that context. Patent approval process. The problem is in the ability of data harvesting systems to link the data. All under one name. Yours for example.  Are your passwords somewhere in there? You bet they are. Your bank statements? You bet they are. And now we know you want this patent to be awarded to you. So we can start speculating about your personal profile. About your purchasing power, your personal preferences, even about your health. And all to the astonishing level of details.

This automatic personal profiling on top of data available about you is a common and widespread practice. “They,” say it is strictly for marketing.

Your public data linked to your private data gives to the data harvesting systems, all the advantage they need.

ps: I was inspired by THIS good article.

Leave a Reply