In the article, Danny Palmer explains what the General Data Protection Regulations (GDPR) is, and how it affects everyone from organizations to individuals. Palmer shows how the GDPR attempts to care for the citizens of the European Union as well as the citizens of the United Kingdom. The important aspects are how the GDPR affects individuals when their data is collected or at risk, and how an organization must comply with the GDPR and how it treats its users. Under the GDPR organizations are expected to heavily protect its users and treat them more as human rather than data like most other corporations likely would. Using examples from Zimmer and Buchanan, I will attempt to establish a relationship of mutual interdependence and flourishing between the GDPR, organizations, and individuals. Also, from an Ethics of Care standpoint I will attempt to show how the GDPR may follow this standpoint, or it fails to. I will also attempt to show why the United States would benefit from adopting something similar to the European Union’s GDPR.

            In 2.2.a, Zimmer (2010) shows what happens with data that is already published, mainly the ethics behind such usage. In 2.2.a, it was shown how a research group claimed to have removed all identifying data from a data set. This, however, was not the case and many people were able to re-identify the data and even were able to pinpoint important information such as the location and school. From an Ethics of Care standpoint, most would argue that the researchers failed in ‘taking care’ of the data they were entrusted to. When they failed to de-identify the data their response was equivalent to a mere ‘oops’ for someone who is not able to claim responsibility for their own actions. Under the GDPR, these researchers may be subject to the GDPR if they plan on using this data in the European Union. After reading a bit into the GDPR I believe they would fall under the ‘data processors’ criteria. The GDPR attempts to show care for organizations and individuals in that responsibility must be prevalent in their relationship. If organizations gain the trust of its users, it can use their data to profit and expand their organization and services and offer even more to their users. The GDPR sees benefit in that people and organizations would see it as a beneficial law and support it to mitigate risks of it being amended or removed. Palmer also mentions that everyone would mutually flourish by saving €2.3 billion annually throughout Europe. United States based organizations, such as Google and Facebook, have seen many heinous data breaches and scandals over the years which has deteriorated trust in their userbases. The United States would benefit from adopting policies that would ensure that user data is kept and used safely, and individuals can learn to have more faith in data controllers and processors.

            With Zimmer, we also see that and question whether the researchers put in a ‘good faith’ effort to remove identifying data. Obviously, we see that they failed but was their effort in good faith? What is good faith? Good faith, in this context, would mean that these researchers did everything in their power to remove said data. So, we must ask ourselves, did they? Simply put, No. To go more into detail, we learn that they did not put in a good faith effort as they were not competent in this area of expertise. They were so far from good faith that they did not even bother to hire people who were experts in this field. As mentioned earlier, their response was a mere ‘oops’ or ‘sorry.’ Under the GDPR this would not be the case. Organizations (and arguably data controllers/processors) are required to follow strict guidelines when handling data. In the article, Palmer explains how organizations have an obligation to ‘respect the rights of [the] data owners.’ The article mentions that if these organizations fail to comply with GDPR regulations they would face penalties. Again, there’s that mutual flourishing. Like earlier we can expect that if there are penalties, companies will be hard pressed to secure data which would please individuals- meanwhile organizations gain the trust of their users allowing them to expand. The GDPR would benefit the same way as mentioned previously. There is the sense of interdependence as well. The individuals rely on organizations to offer services, while the organizations rely on individuals to make a profit off their services. The GDPR helps that interdependence flourish. Many people from younger generations have an immense mistrust in corporations, especially in the United States where they are not heavily regulated and are able to get away with a lot of unethical acts. Penalties would be more severe, rather than just the routine slap on the wrist big corporations always seem to get when something like data breaches or data misuse happens. Penalties would prevent these occurrences, and people could start to build more trust in corporations or other organization rather than hold them callously in low regards.

            In 2.3. we see Buchanan mention how Twitter implements an Iterative Vertex Clustering and Classification model (IVCC). Its main use was to identify members of ISIS/ISIL. The article by Buchanan mentions how many ethicists are distraught at the mass data collection that happened as the result of the IVCC. Should we be concerned about mass data collection that happened because of this? The ethicists are distraught despite this data collection having the possibility of contributing to national security. It begs the question of whether we should give up our privacy in exchange for national security. If I were to be honest, I would trade freedom for privacy to a certain extent. I believe that the current Patriot Act may be too invasive in this digital age. Palmer mentions how the European Commission out of the necessity to prepare the EU for the digital age. I agree with the sentiment of creating or amending existing laws to cater to the needs of the future. We are constantly developing innovative technology, and our laws also need to catch up to ensure the rights of everyone who uses them. This shows how the GDPR attempts to show ‘care’ by striving to benefit organizations and individuals by constantly updating existing laws to fit the needs of today. Updating these laws allows everyone to flourish today, as well as in the constantly changing world. The United States could learn a lot from this. The Constitution has been the supreme law of the United States for over 200 years, and the last time the Constitution was amended was in 1992. This was before the rapid development of the internet almost a year later. The Constitution is not a living document and does not change with the time and many progressives believe it should be to keep up with the changing times. The Constitution should have clauses like the GDPR to make federal laws that the states cannot subvert when it comes to user data.

            Also, in 2.3., Buchanan mentions how people may implicitly agree to having their data used for marketing purposes. However, similarly to the previous section, that same person many do not want their data used for intelligence gathering. This a concern many of us share today. We give data to companies for their marketing. In return we may receive advertisements for products that are tailored to our own interests. This could be seen as a form of interdependence. The article by Palmer does not mention user data being able to be accessed by law enforcement for intelligence gathering, unlike the Patriot Act from its western brother. Researching a few documents, I have only found language of ‘people providing information to law enforcement,’ and not the other way around and that leads me to believe that law enforcement may need to request data whenever needed. The article by Palmer does not make any mention of use by law enforcement in the terms of the GDPR either. In recent years, there has been a growing mistrust in law enforcement. It would seem the GDPR tries to assuage fears of user data being used by law enforcement by not mentioning it. This helps to build trust between individuals and organizations as said individuals could have peace of mind knowing their data would not be used for law enforcement efforts unless they explicitly release their own data for law enforcement purposes. The GDPR has been attempting to build a sense of trust within the EU. The action of not allowing law enforcement access strengthens interdependence because of the aforementioned building of trust throughout the analysis. Trust is a key component of any society, and they would likely not exist without it. As mentioned, the United States has the Patriot Act which allows law enforcement, namely the Federal Bureau of Investigation (FBI), to access data, wiretap, search, etc. without a warrant, in other words, without permission from the courts. The FBI does not need consent from the individual to access their data. This is not to say the Patriot Act is unnecessary or obsolete, but it could use some revisions to reflect the GDPR’s compliance standards.

            In closing, the GDPR shows that the European Union cares for their constituents and vastly helps with user data protections. There are many ways in which organizations and individuals show mutual interdependence and even flourishing because of the GDPR. Zimmer and Buchanan provide perfect examples as to why something like the GDPR should be adopted (or at least something similar) within the United States. User data is constantly at risk and there is nothing wrong with trying to protect it. There may be many flaws or misunderstanding due to not knowing the entire scale of the GDPR, and its hundreds of pages, however, I still firmly believe that the GDPR benefits everyone in the European Union and that the United States would also benefit from adopting it or similar legislature as its current laws are lacking when it comes to the digital age. The advent of something similar happening in the United States could produce results that see people putting more faith in corporations and the government.