Interview: Ahmed Banafa on the anniversary of GDPR
Following our video podcast with Prof. Ahmed Banafa, we asked what he thinks of the European GDPR and what it means for privacy.
Cybersecurity Magazine: How important is privacy these days, specifically in light of user profiling and user tracking?
Prof. Banafa: Privacy is always important and now it’s more important than ever. Given the uptick in using online services and switching to work-from-home style, most if not all of our activities suddenly shifted to the virtual world and being online is the norm for many. The stakes are high for privacy with this new norm, it’s a dream come true for cyber-criminals to see more people sharing their personal info and use them online on a daily basis.
Cybersecurity Magazine: Does that collecting of data increase security risks, i.e. does the lack of privacy make it easier for criminals to steal identities?
Prof. Banafa: yes. We meet, talk, work and celebrate online, so there is a whole cycle of info available for cyber-criminals which increases the risk of losing them and accelerates the process of profiling victims. The use of videoconferencing platforms skyrocketed by 100 folds and that opened the doors and windows for the hacking and harvesting data of users .
Cybersecurity Magazine: What do you think about the privacy discussions around the corona tracking app?
Prof. Banafa: Tracing is the second stage of the plan of fighting COVID19 (Test, Trace, Treat) and Apple + Google offered to provide API for apps developed by health authorities with strict limitations. For example, no centralized data base, you need to opt-in, no GPS or personal information collected. All what the app will do is “Exposure Notification”, i.e. telling you that you were in vicinity of someone who tested positive for more than 5 minutes in the past 2 days. But other apps used by different countries collect personal data and that’s the problem. Those can be used for tracking citizens, not protecting them. So privacy is at risk with such apps.
Cybersecurity Magazine: The GDPR is EU law, but companies dealing with EU citizens have to comply as well – how did you perceive the start of GDPR in 2018?
Prof. Banafa: It’s a good move and I wish we have more like in other countries , the customers at the center of the law not a second thought . Google , Facebook tested that law and the price tag was high . California is trying to follow the steps of GDPR with CCPA : California Consumer Privacy Act (Jan 2020) , only time will tell how that will help customers privacy. “It’s our data , ask us before using it” .
Cybersecurity Magazine: Is it time to introduce similar laws in US states, like California has been doing?
We need a federal law of privacy in the US, and an enforced one. This is difficult but possible, and California started the movement .