Many have claimed that data is the new oil. While organisations are leveraging the infinite possibilities of data analytics, users happily consent to the giving away of their private information – including sensitive and other personal data – in exchange for basic internet tools and services (such as email and chat) as well as targeted-ads-selling platforms (such as numerous search engines and social networks).
However, with the new EU general data protection regulation (GDPR) in application, as well as the recent excessive personal data sharing revelations and related behavioral analytics and influencing, privacy and related human values and rights are coming into the bright spotlight. Does the GDPR and other human rights frameworks present a hindrance for businesses though?
Turning Backs on Data Absorbers
For the past period Facebook’s data scandal has been making headlines after it emerged that the social network allegedly shared information about 87 million of its users with Cambridge Analytica, a political consultancy firm, which used the data to influence presidential elections in the U.S., amongst others. A few days later, Facebook’s chief said that all its 2.2 billion users should assume that their data has been compromised by third-party apps.
The revelations have raised a wave of criticism of Facebook’s and other Data Titans’ personal data protection practices and prompted users and organisations to close their social media accounts, while governments have intensified their calls for tougher regulation and harder taxation of these data absorbers.
Solving the Riddle
While the current increased attention to on-line privacy is noteworthy, the solution to the challenge posed does not lie as much in turning our backs on social media. It does also not in only tougher regulation.
Undoubtedly, in the context of future technological developments, users, organisations and governments will face similar challenges related to the protection of users’ privacy. Therefore, in order to remain relevant and successful in this digital age, we need to get privacy, data protection and other human values rights relevant in the Digital Age, organised-well and enforced the first time around.
Next to calls for proper enforcement of the Rule of Law, both users, customers as well as vendors and other organisations processing personal data of others (either data controller or data processor) need a better understanding of issues pertaining to security of privacy. It is essential that users become aware of the importance of their privacy and recognise its value in the on-line environment, just as they do in the physical world.
In becoming more vigilant they be supported with, should look for and give preference to fully-transparent and privacy-enhancing products, systems and services. In response, vendors need to embrace their new role as: The Custodians of Users’ Personal Data.
This also means that they should build products, systems and services with privacy & security by design and by default, as opposed to bolting those features onto existing products, systems and services. The era of build fast fixed later is over.
Privacy as a Unique Selling Point
Platforms, services providers and other vendors should communicate transparent user-centric practices and related business models to their customers. If customers accept the approach, such privacy and security features will inevitably become important enablers for building mutual trust.
Ultimately, vendors’ focus on customers’ privacy can and should serve as a unique trust point. It will provide appropriate accountable organisations with a competitive advantage opportunity, rather than posing a hindrance. The same goes for being transparent and accountable regarding other human values.
Hence, in order to remain relevant, organisations should embrace privacy, data protection and other human values, and think of them as an integral part of the business model.
Side note: Arthur’s Legal is currently running free webinar sessions on Privacy in IoT. These webinars are open to public and provide an ideal starting point for understanding and addressing privacy- and security-related issues in context of this Digital Age. Further details and sign-up form are available at http://www.arthurslegal.com/en/IoT.