Peter de With is a professor of video coding and analysis at Eindhoven University of Technology.

15 October 2019

Just about everybody reading this should be familiar with the GDPR – AVG in Dutch. This law dictates the rules and methods for storing personal data safely. Since it was put into force about two years ago, it seems a good time to evaluate. How does the GDPR benefit citizens? It turns out to be a two-edged sword.

In surveillance, environmental data recording companies like Google and Cyclomedia in the Netherlands found out that Europe was serious about this issue, which was put into motion by Germany and Switzerland. The citizens of those countries, in particular, signaled at an early stage to local governments and companies that continuous recording of their lives (houses, environment, and so on) shouldn’t be taken for granted. When Google refused to give guarantees on personal data removal, it was barred from further public environment recording in Germany. Nowadays, companies do record but the quality of such pictures is either deteriorated as a solution, or faces and license plates are blurred to prevent individual person tracking.

When the GDPR was adopted in the Netherlands and other countries, the FANG companies had already established their databases and were making billions of dollars on personal data. The main effect of the new regulation is that we have become aware of this. ING Bank and Tomtom, for example, were publicly corrected on re-selling private data to third-party companies to release personal advertising on people depending on their buying and traveling behavior, respectively.

So far so good. However, in my personal experience, the law has changed dramatically how researchers such as myself go about our work. It significantly delays progress in computer vision and research.

Only a few years ago, a mutually signed page with a limited but clear list of terms was sufficient to come to an agreement on data usage. Last year, a data processing agreement took 5 to 7 pages with various definitions and multiple restrictions and conditions. This year, it has the size of a 20-page project consortium contract, loaded with legal terms and conditions and in need of signing by a director or higher – although he/she has little or no idea about the data and what we’re doing with it. Besides the required data agreement, the privacy officers want to assess the project plan and want to see a detailed plan of data usage and the people’s way of working.

It appears that the GDPR is a great success for both lawyers and managers but a clear loss for technicians and engineers. It hampers our research and development and delays the process and progress with – in my estimation – 10 percent or more. Our competitors in the USA, Japan, Korea, China – they smirk at that silly, serious Europe!

I hope we can remedy this situation. I propose we re-balance it, taking into account both privacy issues and the overhead it causes for research purposes. For the sake of Europe’s progress, I hope we can find ways to get temporal permission for testing and evaluation of systems without all these burdens. I hope we get some more pragmatic realism in our society and politicians while keeping an eye on protecting the citizens of our continent. I hope we learn from this through debate and become less naive about international relations and trading, for the sake of those same citizens.