The General Data Protection Regulation comes into force today. It requires organisations to be more open about how they store and use data, and to consider how their services can support people’s digital rights.
With Open Rights Group, we’re building a new service that lets people look up an organisation and see the new information businesses are required to share. This includes who is in charge of data protection, how an organisation processes data and how long that information is kept for.
I think this service will be valuable for both organisations and individuals. Even with changes in how they should be written, privacy policies are still difficult to understand and navigate. We’re starting with the fintech sector but looking to expand that as the project progresses.
A business could use this tool to better understand the relationships it has with third parties that handle data on its behalf. Individuals could use it to easily find the email address, form or button they need to exercise one of their new digital rights. Making this information easier to access will help ensure that organisations that process personal data are more accountable.
We want to make this information available through an API. This will fill a gap in the infrastructure that developers need to make services that help people exercise their GDPR rights in practical ways.
Over the next few weeks, we’ll be iterating an early prototype we’ve made and talking to people to understand the most important information, and potential use cases, for a service like this. If you’d like to get in touch with your ideas, email me directly at firstname.lastname@example.org. We’re still working on the name of the service, so we’d welcome any feedback on that too.