Q = How do you sustain a business model in which users don’t pay for your service?
A = Well, we make users our product!
According to the popular quote “If you’re getting something for free, you are the product.”, is all about the fact that companies are selling you to advertisers as clickbait. Since the majority of businesses have been exposed to the critical assets of technology, the risk of data breach and theft has risen exponentially. In response, several governing bodies and regulators around the globe have established several frameworks, regulations & standards for securing users’ private information.
What Does “If Something Is Free, You Are The Product” Mean In Context With GDPR
Keeping that in mind, The General Data Protection Regulation Act (GDPR) was implemented in 2018. It is the toughest privacy and security law that calls for safeguarding the personal data of citizens living in the EU. GDPR makes data protection laws fit for the digital age since an enormous amount of information is being floated and processed everyday. According to GDPR, all the businesses and service providers catering to the European Union (political and economic union of 27 member states that are located primarily in Europe) market need to comply with the GDPR rules & regulations.
|In case you are new to the concept of GDPR, you should check out our previous articles to get a better idea about the law, its importance on the global level, how you can get compliant with GDPR, and so on:|
On that note, understanding the regulations and whether your business needs to get GDPR compliant or not is a crucial decision. When it comes to software developers & service providers, it is imperative for them to acknowledge and be transparent about how their customer’s personal data (of EU citizens) is collected, stored, and managed. According to GDPR, all businesses are required to design and build software and applications while keeping every requirement of the privacy & security law in mind.
To be honest, developing software that is truly GDPR compliant can be a complex task. Especially when there are dozens of data protection measures that need to be taken care of at every stage of SDLC that involves accumulating & processing users’ private information. Nonetheless, there are a couple of websites & service providers that could not adhere to the regulations & hence came into the radar of GDPR authorities responsible for imposing fines & penalties.
What Exactly Happened?
Much has been already said and written about the risks to privacy for using free products & services. Despite this, there are a lot of users who prefer using tools that don’t cost any money and can be immediately downloaded on their computer or mobile device. However, in many scenarios, these freebies are too good to be true.
In certain cases, you might not realize but when you use a free application or land upon the websites that offer free web-based tools, you are plugged into the personalized AD tracking networks of those companies. If you think that using tools from reputed companies causes no such threats, then you probably need to think twice. Because even tech giants like Google are no less!
Lately, a company based out of Germany has been fined for using Google Fonts in the “cloudy way”. According to the legal complaint by the District Court in Munich, an undisclosed German company has been ordered to pay €100 as a fine for transferring a user’s data “IP Address” to Google through the use of Google Fonts without the consent of the website visitors. Based on the court’s statement, “The website operator could theoretically combine the gathered information with other third-party data to identify the “individuals behind the IP address, which contravenes GDPR laws.”
Based on GDPR rules and regulations, data such as IP Addresses, cookies, advertising IDs are counted as Personal Identifiable Information (PII). Hence, businesses must seek users’ permission before collecting, managing, or processing their information. They should also have a documented reason for accumulating each type of information on their servers.
You might want to read: France Fines Google for violation of GDPR
Warnings From GDPR Authorities
GDPR Fines & Penalties would certainly be harsher going forward if these free-to-use websites don’t fix the violation. The German court’s ruling threatens a fine of €250,000.00 for each case of infringement or six months imprisonment, if the free sites’ owners do not comply and continue to provide Google with IP addresses through their use of Google Fonts.
The EU GDPR certainly attracts so much coverage, since there’s a huge rise in the administrative fines and penalties for non-compliance. You can check out this page to learn about the imposition of fines and the range of corrective powers and sanctions to enforce the GDPR. If you want to know about how GDPR fines are calculated and what other action can data authorities take, you can skip to the Easy-to-read guide to GDPR fines and penalties.
As A Web/App Developer Should I Be Worried?
Well, more than 50 million Websites are already using Google Fonts API. Chances are, several site owners may not even know they are using them. Considering this fact, it is important to analyze who would be subjected to European Courts in such scenarios.
If you want to ensure that you don’t get penalized for breaking GDPR rules & regulations, then you must learn to use Google Fonts in a private way. Alternatively, you should consider self-hosting the fonts.
|The Biggest GDPR Fines So Far (2019, 2020, 2021 & 2022)
GDPR Compliance simply demands you to respect users’ privacy and ensure you do not violate their following basic rights related to their data. This includes :
- Right to Access = Users may request access totheir personal information. They have the right to know how their data is collected, used, processed, and transferred to third-parties & so on.
- Right to be Informed = You need to make sure that you inform and take your website visitors’& users’ consent before collecting and processing their data.
- Right to be Forgotten = Users have the full right to refuse or withdraw their consent to collect or use their data. They may ask to have their personal information deleted.
- Right to Object = There are certainly no exceptionsto this right. If a user objects to your ‘use or processing method’, they can request you to stop.
- Right to Rectification = Users have the rightto get their data updated or rectify the stored information according to their convenience.
|Important Points To Remember Before You Download Free Programs
In my POV, we are finally seeing the practical effects of GDPR, and that’s certainly beyond just fining the US tech companies. The act has encouraged businesses and organizations to build and enhance their cybersecurity measures to limit the overall risk of a potential data breach. Now customers and users are far more likely to accept mandatory opt-in from businesses they are interested in. They are very well informed about how the websites they have interacted with are collecting, using, and processing their data. This has also increased the trust and credibility between the business owner and its customers. For organizations, getting GDPR compliant has helped them to improve the overall data management process. It has also protected and enhanced the brand reputation since they can effortlessly flaunt the saying – “Privacy is key to trust!”
Before I wrap up today’s article, I would like to ask, Is Free Software Worth It For You? Tell us your opinion in the comments section below! Follow us on social media – Facebook, Instagram and YouTube.