PlaceSpeak, Privacy, and the GDPR
By now, most are familiar with the Cambridge Analytica revelations, where a third-party company was able to access the personal information of over 87 million Facebook users and target political advertising during the 2016 US presidential election. Additional findings showed that Facebook allowed Mail.ru, a Russian company, to continue collecting user data past May 2015 – past the original cut-off date which Facebook had cited for third party apps to access user data. With these revelations, it is natural that privacy concerns remain at the forefront of users’ minds.
PlaceSpeak requires users to be authenticated prior to participating in citizen engagement processes. Authentication ensures that users are who they claim to be online, ensuring that the feedback collected during the public input process is relevant and of high-quality, while also deterring online trolls, bots, and other forms of undermining online democratic participation. However, people are understandably concerned about how their data is being used and handled.
Unlike most major platforms, PlaceSpeak was architected with Privacy by Design (PbD) principles in mind. Instead of responding to a privacy breach, PbD works proactively to ensure that such circumstances do not happen in the first place. In addition, privacy is always the default for PlaceSpeak users. On social media platforms such as Facebook or Twitter, users have to opt in if they don’t want their information to be shared or sold. The process of adjusting one’s privacy settings is also typically challenging, even for tech-savvy users. With PlaceSpeak, user information is kept private and never sold, transferred or shared with third-party individuals or organizations by default – users do not have to jump through hoops to ensure that their data is protected.
Furthermore, PlaceSpeak complies fully with the European Union’s General Data Protection Regulations (GDPR), which became enforceable in 2018. Users always have control over their personal data including:
- Withdrawal of consent
- Restriction of processing
As part of a British Columbia Institute of Technology (BCIT) practicum, one student created this video to illustrate PlaceSpeak’s unique approach to authentication and privacy.