Privacy and your digital future

Not so private: Facebook chief Mark Zuckerberg in the public lens before a US Senate hearing in April 2018. ©Leah Millis/Reuters

“We care about your data privacy and security. With this in mind, we’re updating our privacy policy by 25 May 2018 in compliance with the EU's General Data Protection Regulation (GDPR). Click to learn more.”

You’ve probably seen messages like this filling your inbox and social media apps of late. What is it all about, and why should we be concerned?

Every time you post a photograph or a story on Facebook or Instagram, you leave a trail of personal information online, about you, your family and friends, what you like, where you travel, work, eat, and more. This intelligence is valuable to advertisers, who are the main source of income for companies like Facebook and Google. But as the data is about you, social media firms should seek your consent before sending it to someone else. This has become all the more sensitive since political advertisers have become involved, potentially affecting election and referendum outcomes.

To understand how serious all of this is, think back to the Facebook data-handling debacle that dominated the news in March and April 2018. The affair led to several questions about privacy in today’s rather open online world.

It exposed some of the unseen ways a person’s data can be mishandled and exchanged across the internet, without their knowledge or permission. Remarkably, it took as long as three years before some 87 million Facebook users discovered that their own data had been acquired by a consultancy firm, Cambridge Analytica, for use in political campaigns. Unlike in previous cases concerning Uber and Yahoo, in which hackers had reportedly stolen data, this was a normal commercial transaction involving data that had been compiled using an online quiz posted on Facebook called “This is your digital life”.

But it was not a transaction those millions of Facebook users necessarily wanted. This not only rekindled a heated policy debate on personal data protection and privacy online, but touched a nerve that runs through the heart of today’s economy: How trustworthy is our digital world, and how regulated do we need, or want, the internet to be?

OECD roots

The timing of the Facebook issue could hardly have been more poignant, erupting just weeks before the EU’s new General Data Protection Regulation (GDPR) comes into force on 25 May.

The regulation, which replaces a 1995 directive, aims to harmonise data protection laws throughout the EU and bring some coherence to the tangle of different national laws that have grown over the years. The GDPR’s spirit and much of its detail reflect the OECD privacy framework that was developed three decades ago and revised in 2013, notably upholding the importance of openness and promoting respect for privacy as a fundamental condition for the free flow of personal data across borders. 

But the GDPR adds some new teeth too, like ensuring users have the right to transfer their data to other controllers without any hindrance—so-called portability—and making it mandatory that privacy breaches be notified to the local Data Protection Authority within 72 hours of their discovery, unless the breach is of no consequence to the data subjects.

Tough fines also feature: €10 million ($12 million) or 2% of worldwide annual turnover, whichever is higher, for failing to notify a personal data breach, and as high as 4% of turnover or €20 million, depending on which is more, in those cases where the failure amounts to a breach of fundamental data protection principles. Compare it with the Federal Trade Commission (FTC) rules in the US, for instance, which can impose a fine of $40,000 per proven violation of its 2011 consent decree. Also, the risk of costly lawsuits in the US should normally act as a deterrent. Except that in the case of Cambridge Analytica it didn’t.

The OECD framework also recommends adopting appropriate laws, data breach notification and adequate sanctions for failure to uphold privacy, though it also emphasises organisational accountability and education, as well as national strategies and interoperability of systems as ways to go.

Even if views in the US Congress appear divided on what to do next when examining the Facebook case, CEO and co-founder Mark Zuckerberg was less uncertain, for while he apologised for the incident, he also said his company would consider complying with the EU regulation on a worldwide basis. Facebook has since moved to tighten its data management, a point which Mr Zuckerberg emphasised again at a hearing in the European Parliament in late May.

But will other firms follow suit? Most people care about privacy, and many firms are coming to recognise that showing they care too is a business opportunity, but not all. In the absence of robust enforcement, it is all too easy for anyone to let their guard down, or behave in contradictory ways. This is one reason why policymakers around the world, and not just in the EU, need to take a hard look at their approaches to raising privacy awareness and enforcing privacy and data protection. 

Open for (honest) business

A key question is how to assure both privacy and an open flow of data?

Data, especially big data, has been called the capital of the digital age, and as with all capital, the freer the flow of data, the lower the costs. The internet’s openness has brought enormous benefits by overcoming barriers in the physical world. Breaches of trust jeopardise that progress.

But a completely open internet, however aspirational, does not exist in reality, with various controls imposed by different countries. Viewed in this light, the GDPR should, thanks to better data protection, improve trust among users and enable freer data flows throughout the EU’s own significant market. The rest of the world wishing to do business in that space will benefit fully as long as they comply with the GDPR. If they don’t, then a “border” will kick in for those suppliers. 

Click to watch the video.

But could this approach go too far and create unnecessary borders online? Some countries are concerned it might. It certainly means compliance costs for businesses, albeit for access to a lucrative market. However, some question whether all EU countries have the means and legal tools needed to police the new regulation.

The Facebook affair and the new EU data protection rules may have set markers for our digital futures. We must draw the right lessons, and through international co-operation which the OECD will continue to support, set the ground rules for a thriving, trustworthy digital world economy. In the meantime, the rest of us users must get to sorting out those consent notices in our in-trays.

References and further reading:

EU’s General Data Protection Regulation portal:

For more on the OECD Privacy Framework, including the Revised Guidelines on the Protection of Privacy and Transborder Flows of Personal Data2013, visit

Constine, Josh (2018) “Zuckerberg says Facebook will offer GDPR privacy controls everywhere”

IAPP (2018), “FTC investigating whether Facebook violated 2011 consent decree”, on, website of International Association of Privacy Professionals, March

McKinsey Global Institute (2016), “Digital globalization: The new era of global flows”

Romm, Tony (2018) “Facebook’s Zuckerberg just survived 10 hours of questioning by Congress” in The Washington Post, April

©OECD Observer May 2018

Economic data

GDP growth: +0.6% Q1 2019 year-on-year
Consumer price inflation: 2.3% May 2019 annual
Trade: +0.4% exp, -1.2% imp, Q1 2019
Unemployment: 5.2% July 2019
Last update: 8 July 2019

OECD Observer Newsletter

Stay up-to-date with the latest news from the OECD by signing up for our e-newsletter :

Twitter feed

Subscribe now

<b>Subscribe now!</b>

To order your own paper editions,email

Online edition
Previous editions

Don't miss

  • MCM logo
  • The following communiqué and Chair’s statement were issued at the close of the OECD Council Meeting at Ministerial level, this year presided by the Slovak Republic.
  • Food production will suffer some of the most immediate and brutal effects of climate change, with some regions of the world suffering far more than others. Only through unhindered global trade can we ensure that high-quality, nutritious food reaches those who need it most, Angel Gurría, Secretary-General of the OECD, and José Graziano da Silva, Director-General of the United Nations Food and Agriculture Organization, write in their latest Project Syndicate article. Read the article here.
  • Globalisation will continue and get stronger, and how to harness it is the great challenge, says OECD Secretary-General Gurría on Bloomberg TV. Watch the interview here.
  • OECD Secretary-General Angel Gurría with UN Secretary-General António Guterres at the 73rd Session of the UN General Assembly, in New York City.
  • The new OECD Observer Crossword, with Myles Mellor. Try it online!
  • Listen to the "Robots are coming for our jobs" episode of The Guardian's "Chips with Everything podcast", in which The Guardian’s economics editor, Larry Elliott, and Jeremy Wyatt, a professor of robotics and artificial intelligence at the University of Birmingham, and Jordan Erica Webber, freelance journalist, discuss the findings of the new OECD report "Automation, skills use and training". Listen here.
  • Do we really know the difference between right and wrong? Alison Taylor of BSR and Susan Hawley of Corruption Watch tell us why it matters to play by the rules. Watch the recording of our Facebook live interview here.
  • Has public decision-making been hijacked by a privileged few? Watch the recording of our Facebook live interview with Stav Shaffir, MK (Zionist Union) Chair of the Knesset Committee on Transparency here.
  • Can a nudge help us make more ethical decisions? Watch the recording of our Facebook live interview with Saugatto Datta, managing director at ideas42 here.
  • The fight against tax evasion is gaining further momentum as Barbados, Côte d’Ivoire, Jamaica, Malaysia, Panama and Tunisia signed the BEPS Multilateral Convention on 24 January, bringing the total number of signatories to 78. The Convention strengthens existing tax treaties and reduces opportunities for tax avoidance by multinational enterprises.
  • Globalisation’s many benefits have been unequally shared, and public policy has struggled to keep up with a rapidly-shifting world. The OECD is working alongside governments and international organisations to help improve and harness the gains while tackling the root causes of inequality, and ensuring a level playing field globally. Please watch.
  • Checking out the job situation with the OECD scoreboard of labour market performances: do you want to know how your country compares with neighbours and competitors on income levels or employment?
  • Trade is an important point of focus in today’s international economy. This video presents facts and statistics from OECD’s most recent publications on this topic.
  • The OECD Gender Initiative examines existing barriers to gender equality in education, employment, and entrepreneurship. The gender portal monitors the progress made by governments to promote gender equality in both OECD and non-OECD countries and provides good practices based on analytical tools and reliable data.
  • Interested in a career in Paris at the OECD? The OECD is a major international organisation, with a mission to build better policies for better lives. With our hub based in one of the world's global cities and offices across continents, find out more at .
  • Visit the OECD Gender Data Portal. Selected indicators shedding light on gender inequalities in education, employment and entrepreneurship.

Most Popular Articles

OECD Insights Blog

NOTE: All signed articles in the OECD Observer express the opinions of the authors
and do not necessarily represent the official views of OECD member countries.

All rights reserved. OECD 2019