October 25, 2018
The state of data privacy is evolving globally, with the major regulatory policy revamp called the General Data Privacy Regulation (GDPR) now implemented in Europe. This is the strongest data privacy protection law to date, and is seen by many as the Gold Standard in terms of the individual privacy rights it provides. The way in which EU consumer and citizen data is collected, analyzed, stored and transmitted is now far more strictly governed, regardless of the physical location from which the business using that data operates.
While GDPR is the most recent update, data privacy laws are not new. There are currently more than 100 countries that have their own version of these rules, but it is safe to say that not all have been created equally, and they all pale in comparison to the rights now put forward by the GDPR. Further, most privacy protection laws tend to fail in their oversight and enforcement aspects, due in most cases to a lack of strong institutional systems or resources, or limited political will to implement them.
GDPR on the other hand is off to a strong start, already targeting some large, recognizable firms with non-compliance fines (e.g., Google, Facebook). It has also caused many businesses to adopt its elevated privacy standards globally to avoid the complexities of maintaining independent regional policies in international markets. This trend will continue as the policies and regulations evolve toward a more harmonized standard for much of the globe.
For most businesses, enhanced data privacy protection will not represent increasing burdens and compliance challenges. Positive results will include better customer relationships and a more robust and competitive digital environment. In particular, there should be greater opportunities for smaller companies.
For example, companies will have to make their data collection practices more lean and targeted, which will improve the quality of data collected. Gone will be many of the current, inefficient collection functions that act more like a vacuum and gather in any and all customer information without focusing on the elements of direct value. Strong data privacy policies such as the GDPR force companies to have data ‘use-cases’ that are transparent and defensible to regulators and themselves, and these force companies to be premeditated and intentional in their data collection activities, capturing only what is necessary for their business purposes.
An extended benefit could be felt in the area of Artificial Intelligence (AI) applications, as it has been proven that such apps do not perform well when leveraging unfiltered or unstructured data (e.g., the first ChatBots, some early-Microsoft AI apps).
Another opportunity is the potential for what is being called a Universal Digital Profile (UDP), where a single, standardized, portable (read: transferable) set of personal data would be created for and controlled by each individual, and then used across all digital engagements regardless of platform. Each user would be able to dictate which online service gets access to what information and for what purpose, without the fear of platform-specific rules, conditions, or other hurdles.
New market opportunities could include personal data clouds and personal identity aggregators or data monetization platforms. The competitive advantage some organizations have enjoyed from amassing large data sets and keeping them in locked profile systems would effectively be removed. Companies such as Google and Facebook are examples, where their scale, resources, market and technology leadership have translated into competitive advantages. Enabling key but controlled consumer and other data to be attained more easily by the broader market would present greater competitive opportunities and greater customer choice in terms of products and services.
Positive results will include better customer relationships and a more robust and competitive digital environment. In particular, there should be greater opportunities for smaller companies.
A collaborative initiative called the Data Transfer Project (DTP) is now underway, using open source code to build a common framework to connect any two online service providers and enable a direct, user-initiated, exchange of personal data. Such a system would be akin to mobile phone number portability. Similar to how that telecom advancement came about, industry leaders (in this case, Google, Amazon and Facebook) have been cited as working on the project. A standardized DTP system stands to promote greater competition and support the development of a more robust digital economy overall.
Importantly, more strict privacy regulations offer the chance to re-establish the trust lost with much of the public through recent incidents of faulty or misguided data capture and usage practices. According to an InformationAge report, 74% of the senior business decision-makers surveyed across multiple industry sectors and countries believe organizations that properly apply data protection will attract new customers. Breaches of personal data are a serious concern and the public is demanding greater accountability and protection. Companies able to position themselves as competent in these areas will have a stronger value position. User experience, customer engagement and customer relations are all important to growth, but so too is the protection of client data. A corporate reputation for strong protection stands to support greater customer growth.
Data privacy is still evolving and the GDPR is a standard that future policy will be built from. Time will teach what works, what does not, and what is still to be addressed. As with all new policies, there will be adoption and acceptance pains. However, the sooner a strong, effective global standard can be achieved, the sooner the focus can shift to the market opportunities and innovations that result. Arguably, the most valuable commodity in this digital age is data. As such, it needs to be safeguarded and used responsibly. alacrityglobal.com