Is GAFA subject to EU GDPR?

Absolutely. GDPR provides the legal framework for protecting the personal data of European citizens. GAFA meets the criteria of companies subject to GDPR policies.

Firstly, GAFA targets European citizens which automatically imposes GDPR compliance. Secondly, they are all operating from territories within the European Union: Apple, Facebook and Google in Ireland, and Amazon in Luxembourg. Qualified authorities in these countries closely follow GAFA activities, to make sure they are acting in compliance with EU GDPR. GAFAs power lies in their hegemonic position, and their ability to process our data at their leisure. An example of their power is illustrated in a report by an English government commission stating that by the age of 18 year old, an average of 70,000 data is held by GAFA on an individual.

And where does voice come into the picture? Voice data is increasingly being used in the fintech industry, with the use of voiceprints accepted as authentification factors. Even more blatant is the use of personal voice assistants such as Apple’s Siri, Amazon’s Alexa or the Google Assistant (more than 1 billion already installed according to Google). There are event intelligent systems able to analyse customers moods according to the their tones, stress and the rhythms of their voices. Given the fact that applications are now able to change our words and phrases (see Adobe’s presentation of VoCo in 2016), recorded voice samples are especially sensitive and their potential for disruption shouldn’t be under estimated.

More than ever before, we are entitled to demand that personal data, especially one’s voice, be protected. GDPR brings these discussions to the table, opens conversations and debates focusing on the importance of protecting personal data. With major actors in data collection, such as GAFA, setting the pace and being forced to comply with EU regulations, as seen with Google’s recent fine of €50m in early 2019, it motivates society to learn more about what is truly happening with their data and to demand it be better protected.

Disclaimer: All data and information provided in this blog post are for informational purposes only. Mediartis makes no representation as to the accuracy, completeness, timeliness or validity of the information contained in this document. We recommend that you consult a lawyer for any legal advice regarding the respect of data protection.


Share this article


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.