Keeping sensitive data safe from unauthorized organizations is a top priority for all of us these days – including national governments. While most people are now accustomed to the General Data Protection Regulation instituted in 2018, there could soon be fresh changes afoot in Europe regarding data security.
What the Court had to say
The ruling by the Court of Justice of the EU was given in relation to a case that took place in Lithuania, regarding the country’s anti-corruption laws. However, its implications could prompt dramatic transformations across Europe as the Court seems to urge a wider – and stricter – interpretation of what counts as sensitive data.
According to the Court, it appears that the data which could infer a person’s sexual orientation by deduction or comparison should now be counted as sensitive information; thereby falling under the protection of GDPR’s Article 9.
If this approach is adopted across Europe, online platforms – such as Facebook and other social media giants – which track and profile their users in order to provide targeted advertisements, could face new privacy restrictions that prevent them from doing so.
The ruling would also, unsurprisingly, have a profound effect on dating websites and apps, creating some new and complex legal hoops for them to jump through when it comes to handling their users’ data.
While social media companies and other sites which use data for their own purposes will probably regard the ruling with trepidation, it is sure to come as welcome news for anyone who is tired of having their data used with impunity.
Not for the first time
Europe’s dating and social media sites have already been coming under fire from many users in recent years. Notably, at the end of 2021 the popular app, Grindr, received a hefty fine from the Norwegian government for passing on its users’ data (including sensitive information) to advertising companies without asking consent to do so.
The Norwegian Data Protection Authority determined that, in doing so, Grindr was breaching Articles 6 and 9 of the GDPR laws. Originally, the fine was set at just over US$12 million but in the end, the company received a US$7 million penalty, as Grindr was found to be making fewer profits than it had estimated; the company had also begun implementing measures to redress its poor data handling processes.
What does the future hold?
Your personal data is constantly collected and shared by apps, browser extensions, and social media sites and it eventually gets into the hands of data brokers. There are a variety of tools we can all use to protect our privacy, ranging from VPNs to password managers and security apps to data removal tools that remove data from brokers for you.
With complaints regarding the handling of personal data piling up, and with this latest EU Court ruling, it seems highly likely that Europe – and perhaps the wider world – will soon witness the introduction of stricter privacy laws to protect its citizens.