Currently, new technologies like Artificial Intelligence, Internet of Thing and Blockchain start to be commonly in companies, Industry 4.0. Also, working together in incident response, or cybersecurity, teams are gaining popularity. On the other hand, law and regulations are implemented and will be improved coming years to tighten up the law regarding privacy. Are the authorities limiting the progress of technology usage in our economy? Is the increase in cooperation between cybersecurity teams enough to counter the risks of cyber-attacks?
Let’s start positively, the increased use and intelligent use of data support our economy to evolve. Work smarter, not harder to excel within your branch. When treating cybercrime, cooperation and putting together the knowledge of multiple specialists will for sure improve the ability to counter cyber-attacks timely. Sharing details about attacks, and how they were countered is very beneficial for all companies within the same community. So, we can say the topics that are getting incorporated into businesses more and more can have a positive effect on the business itself.
A lot of consumer data is shared, some data by the consumer they are aware of to use a product or gain an advantage out of providing data; but also data of consumers are shared that they are not aware of, like companies selling the data or data that is collected by on the background of a website. To make sure the consumer gets back some control over their information, regulations provide support. Understandably, a company needs certain information about their clients and a community website will have the information you share within your profile, but the usage of information solely for business benefits whilst the consumer is not aware of the usage will be less understandable by the consumer. Therefore, law and regulations support the individuals for taking back control of the data they share.
All the benefits for the businesses and consumers make very good sense, but when putting together it can have influences slowing down the evolution of the technology. Think about the GDPR and blockchain for example, the blockchain technology uses add-only ledgers to which data can be added, by design blockchain is not meant for removing data from the chain. In a community the blockchain ledger will be on every data processing unit, a single data processor is therefore often hard to assign. Also, for the use of artificial intelligence and big data, a lot of data is preferable to have to use it most efficiently and effectively, however for the GDPR data minimization must be used when collecting personal information. For specific branches, it can be a burden to collect all data anonymously so a possibility to verify the outcomes with the individuals or a follow up on the same group is not possible.
And what about cybersecurity groups? What information can be shared? Of course, as much as information can be shared to get a clear view of cyber-attacks, however, personal data might not be involved. For cybersecurity groups not only the GDPR can be a burden, but also the Internet of Things. More and more devices directly connected to the internet are installed day-by-day, by businesses and consumers. The security of these devices is not always well-tested and certainly also not well used/set. The use of all kinds of devices in a cyber-attack will increase over time. The float of technology that also can be used to commit cybercrime will make it very hard for communities to keep up with the threats and risks.
And what about the law and regulations? Well, it’s not easy for them either. Whilst technology evolves and the rights of individuals are becoming more clear local data processing authorities have difficulties in answering all the notifications and questions. Considering that local authorities can have an addendum on the GDPR the consumers and companies will have difficulties in determining what’s right and what’s wrong, for example in the Netherlands an addendum is written that excepts the use of biometrics for security purposes, but that’s not but default accepted in the GDPR.
Besides, as with every law, the answer is not always that simple to determine for the individual or company that is part of personal data. For example, a fingerprint scanner uses a pattern to check which finger belongs to which person. The software does not store the fingerprint itself, but stores a pattern; is this part of sensitive data or not? It is not possible to reconstruct the original fingerprint from that data. And how about other technologies that will come? And how much should governments invest in data processing authorities knowing the amount of personal data processed daily is immense and therefore the reported incidents and questions will increase?
Discussion regarding the pros and cons of new technology, law and regulations and their effect on each other are very useful. Besides, it shows the technology industry is very complex since it needs to deal more and more with ethical and legal questions. Of course, the combination of all factors will slow down each other; however, this should be seen as a positive thing.
The technology that transforms the industry, also named ‘Industry 4.0′ should have a solid foundation. A problem is that it is hard to keep up with the rapid development in technology, however, when adopting new technologies, a bit later when authorities and communities embraced it, all forces can work together to create a solid foundation. Also, communities and authorities will have the problem it is hard to keep up with the changing environments, so it takes time for them to form an opinion. It will be very important to focus on the topics that will have the most impact and have the highest risks. Also, the need for specialists with a broad technical, legal and secure view on technology will increase, so investments in this business area must be made.
Looking at the current industry changes, most important is to keep in mind that changes that will affect the business must be effective and efficient. Given the cybersecurity threats, a risk appetite (what risks can you afford) must be defined for the part of the business that will be affected when selecting other technologies and moving forward. Keeping in mind the ethical aspects like processing of personal information all aspects together will make our current evolution in the industry solid and well-founded. Will technology evolve and be embraced as fast as it can? For sure that will not be the case; however, building a solid foundation takes some time and can count on the support of a broad audience.