David v Goliath
Thanks to a mention in the latest RISKS-list email, I've been reading a blog piece by Bruce Schneier about the Facebook incident and changing US cultural attitudes towards privacy.
"As creepy as Facebook is turning out to be, the entire industry is far creepier. It has existed in secret far too long, and it's up to lawmakers to force these companies into the public spotlight, where we can all decide if this is how we want society to operate and -- if not -- what to do about it ... [The smartphone] is probably the most intimate surveillance device ever invented. It tracks our location continuously, so it knows where we live, where we work, and where we spend our time. It's the first and last thing we check in a day, so it knows when we wake up and when we go to sleep. We all have one, so it knows who we sleep with."
With thousands of data brokers in the US actively obtaining and trading personal information between a far larger number of sources and exploiters, broad-spectrum and mass surveillance is clearly a massive issue in America. The size and value of the commercial market makes it especially difficult to reconcile the rights and expectations of individuals against those of big business, plus the government and security services. This is David and Goliath stuff.
GDPR is the EU's attempt to re-balance the equation by imposing massive fines on noncompliant organizations: over the next few years, we'll see how well that works in practice.