A war is brewing.
On the one side: data-grubbing giants set on gathering (and monetizing) your personal information. On the other: a growing army of informed users, a surprising number of concerned tech executives, and… the long arm of the law.
While it’s too early to announce a winner, increasing global privacy regulations and its supporters may finally be ready to square up to the data barons. Will 2019 be the year everything changes? Things are looking good.
Kicking back at the data-grubbers
The amount of data produced every single day is, frankly, mind-boggling. Around 2.5 quintillion bytes of data is produced every 24 hours — and that pace is only going to increase with the rise of connected Internet of Things devices. This data is immensely valuable to some companies.
A growing number of prominent tech CEOs have started to speak out about the data-grubbing giants.
Every time you click a link on Google, pick a show on Netflix, or ask a question of your Amazon Echo, you not only help train their systems to get smarter; you also reveal more detail about yourself. This can be used to generate wealth in a variety of ways — not least through advertising, the single most popular business model for today’s tech giants.
For a long time, the data economy seemed fairly benign. It was less obtrusive than, say, telemarketing, but nonetheless personalized the internet experience to be of maximum benefit to its users. The tradeoff between users and companies also seemed fair. Instead of shelling out for pricey software packages, users got access to “free” services, while companies rewarded with a well of information worth far more than a simple one-off payment.
Things are changing quickly, however. In the wake of privacy-related data breaches, and highly publicized incidents like Facebook’s Cambridge Analytica scandal, the dark side of allowing mass data collection with near-impunity is apparent to a growing number of people.
Call it civic-mindedness or a calculated swipe at rivals, but a growing number of prominent tech CEOs have started to speak out about the data-grubbing giants. At the end of January, Microsoft’s CEO Satya Nadella said, in an interview at Davos, that he is “hopeful that in the United States we will have something that is along the same lines [as GDPR].” Elaborating on this point, he continued that “I will hope that the world over, we all converge on a common standard … I hope we all come together, the United States and Europe first, and China. All the three regions will have to come together and set a global standard.”
Apple’s Tim Cook has been talking about something similar for years. As far back as 2014, he told an interviewer: “I think everyone has to ask, ‘How do companies make their money?’ Follow the money. And if they’re making money mainly by collecting gobs of personal data, I think you have a right to be worried and you should really understand what’s happening with that data.” Cook has echoed Nadella’s words; telling a crowd in Brussels late last year that he is in favor of “a comprehensive federal privacy law in the U.S.”
Government regulation steps up
Between user concern and comments from the powerful likes of Nadella and Cook, it appears that governments are finally paying attention. Data collection laws are being tightened up in a way that promises to finally put some legislative teeth behind these criticisms.
The most notable of these is GDPR. Implemented last year, the European Union’s General Data Protection Regulation is an updating and unification of data laws across its member countries, which had remained largely unchanged in the modern internet age. Under GDPR, clear consent is needed for data-gathering, whether this be IP addresses, health and genetic data, biometric information, political opinions, and more. Furthermore, companies must allow users to withdraw this consent at any time and to have whatever data is held about them deleted under the “right to be forgotten.”
Companies which fail to comply with GDPR regulations canbe subject to fines of up to 20 million euros ($25 million) or four percent of their annual worldwide turnover, depending on which number is higher.
The topic of privacy laws is getting bigger, animated by high profile failures to protect data and a growing awareness.
Attitudes toward privacy are different in the United States and Europe, as anyone who has travelled regularly between the two will be fully aware of. “In Europe, the tendency is to value privacy first, followed closely by free speech,” Barry Cook, Chief Data Protection Officer for VFS Global, a company which employs tech for governments and diplomatic missions worldwide, told Digital Trends. “In the U.S., the tendency is to value free speech first, followed closely by privacy. It’s a subtle difference, but an important one, and the risk of impeding on free speech is perhaps why it’s taken so long for these kinds of regulations to reach the States.”
Matthew Vernhout, Director of Privacy at 250ok, an email intelligence platform, agreed. “The EU has a much longer history to pull experience from when it comes to the misuse of personal data that has led to significant harm to large portions of their population,” he said. “They’re understandably much more sensitive to the collection, profiling, and use of personal data. In contrast, the U.S. free market model of data collection and data aggregation has yet to experience something that has caused as much harm to as many people.”
The U.S. gets on board
But times are a-changing. The topic of privacy laws is only increasing in volume in the United States, animated by high profile failures to protect data and a growing awareness of some of the ethical concerns surrounding this topic. Regulatory oversight of data gatherers is underway. In January 2020, the State of California’s California Consumer Privacy Act (CCPA) will go into effect. This law, coupled with a still-under-consideration bill called AB-2546, promises crack down on companies’ ability to gather data without oversight. Think of it as a push toward stronger privacy protections and greater data transparency that’s in line with Europe’s GDPR.
“Speaking letter of the law, there are certainly a number differences between [GDPR and CCPA],” Matt Kunkel, CEO of LogicGate, a company which develops software to help companies reduce risk and improve compliance, told Digital Trends. “[These include] rights granted, definitions of personal information, response timelines, and financial penalties for noncompliance [as] notable examples. At this level, the CCPA is more limited compared to the GDPR. While the CCPA is primarily concerned with consumer privacy rights and disclosures made to consumers, the GDPR extends to procedures for data breach notifications to individuals and regulators, data security implementation, cross-border data transfers, and much more.”
Still a long way to go
Right now, we are still in the opening stages of the battle. Tech giants such as Google parent Alphabet, which spent a company record $21.2 million on lobbying the United States government in 2018, may not be happy with laws that make it harder to gather data. There may also be a pushback from smaller businesses, which are still subject to the rules, on the basis that it impedes with their ability to function. Compliance to these rules can be much tougher for a smaller company to deal with than a larger one.
The change is already underway, however. American companies which do business in Europe must abide by GDPR laws when it comes to dealing with customers inside the European Economic Area. As a short-term solution, some companies are blocking their websites from these territories or creating multiple sites to deal with the EU’s more stringent approach to privacy. These are not serious long-term answers, though. As more and more countries adopt similar legislation, a tipping point will be reached for many U.S. businesses. Ultimately, a globally agreed upon privacy framework is the best way to avoid a fragmented future internet.
Here in 2019, there’s no reversing the data collection revolution. And nor would we want to. But much has had to change about the internet since its early wild west days. In the same way that greater security demands can slow down the rollout of certain technologies, so too will GDPR and CCPA laws cause short-term inconveniences to some businesses. In cases where the gathering of data is unethical, these laws could even prove to be majorly disruptive.
But with consumer concerns coupled with the support of a growing number of tech giants and lawmakers, 2019 is as good a time as any for the change to start. Let the revolution begin! It’s not a moment too soon.
