GDPR: it’s top of mind for every company that does business in Europe or does business with European companies.
Jun 14, 2018
Since Delphix delivers a data platform, as you can imagine, GDPR is of a very keen interest to our customers. As a result, I have developed this subconscious “GDPR brain” that is constantly analyzing everything I see for applicability to the the regulation.
In the first episode of season two of Netflix series, “Black Mirror,” the fictional scenario presented immediately triggered thoughts about GDPR.
[Spoiler Alert] Without giving away all the details, the episode posed the question about your rights to leverage a deceased loved one’s data footprint to “recreate the experience of them.” In the episode, a widow grants access to all of her deceased husband’s social media to a machine learning application. The application parses through all the footprint and then becomes a chatbot that interacts with her in all his mannerisms, turns of phrase, etc. In her quest to “have more of him”, she enables access to all his email and photos, etc. The additional access creates new capabilities for additional fees, such as telephone conversations and even an android.
The episode was really thought-provoking, and raised some possible future conundrums.
Do we retain our right to data privacy after we die? To be clearer, what if the husband didn’t want his data to be used this way? Afterall, many people have Do Not Resuscitate (DNR) orders as a part of their official documentation because they do not wish to live a life that may be of little or poor quality thereafter.
At what point does the spouse’s right end to the deceased’s data? In the case of the fictional example above, most of the data footprint generated was necessarily an amalgam of the two spouses. Does one spouse have the right to how that data is dispensed, or do all rights transfer to the living spouse? Perhaps it would have to be the “two yesses/one no rule,” whereby you’d need both people’s express consent before moving forward with sharing this type of data.
Would GDPR, in its, current state allow me to declare in my will how my data can be used in perpetuity?
Could my estate planning include a “wipe my data from the verse” clause that allows me, and my persona, to rest in peace forever?
Would current data rights expire after so many decades, like intellectual property laws, unless my power of attorney or designee files the necessary paperwork?
Many, many more questions along these lines came whirling through my head. And though these were generated by an obtuse work of fiction, I am reminded of the truism that truth is often stranger than fiction because fiction is obligated to stay within the realm of the possible.