The Privacy Paradox
Mary Meeker's 2018 Internet Trends Report came out last week: it's an annual presentation by Kleiner Perkins Caufield & Byers covering the key trends and updates in the digital world. I look out for it every year - it's a brilliant blend of validation, comprehensive statistics and keenly observed insights.
"Scrutiny is rising on all sides—users, businesses, regulators” (Mary Meeker)
The purpose of this blog is not to review the whole report, but to focus on Meeker's points on privacy.
Meeker talked about 'The Privacy Paradox', which is the balance that digital businesses must now strike: on the one hand enriching the customer experience with data, on the other maintaining trust as a brand and protecting privacy. We all know that data can improve usability and the utility of a digital product, but it's a tight-rope: if technology is architected to persuade and manipulate that can feel like a betrayal of the principles of user-centred design which should put the customer in control. The other theme underlying this paradox is cost: by becoming the product, we pay for usage with our data which in turns fuels great digital products. Again, if this balance gets out of whack, that product will no longer serve us and without protection, our privacy and security could be compromised.
If personal data has been the rocket fuel driving digital technology innovation in Silicon Valley, what happens when the tap is shut off or tightened, in the EU with the GDPR, and globally? Can the surveillance capitalism business model be re-aligned and corrected but still drive growth?
These are huge global challenges and dichotomies which I believe demand a strategic and multi-perspective on privacy. It's not a case of simply understanding the detail and legalese of data protection regulations, to apply the law in a business demands a proficient understanding of the digital landscape and technology, regulations like GDPR were designed to harness. Lawmakers need this understanding, as do business owners, politicians and compliance professionals. It's not enough to delegate that expertise or farm out in a global, digital economy: we all need to get the basics of digital, data and cyber in 2018.
"We’re an idealistic & optimistic company. For the first decade, we really focused on all the good that connecting people brings. But it’s clear now that we [Facebook] didn’t do enough. We didn’t focus enough on preventing abuse & thinking through how people could use these tools to do harm as well." (Mark Zuckerberg)
So is does data protection and privacy design always come at a price? Well, in the short term, yes - compliance programmes, IT upgrades, re-designs and the impact of panicked ill-advised GDPR re-consenting campaigns on marketing assets all costs, but longer-term there is opportunity for the disruption brought by compliance to drive growth. No matter where you are on your compliance journey today, my advice is to step back and take a balanced, holistic view - whether that be with GDPR and or with other regulation. Ask yourself these questions:
- Does a good data governance strategy give me the opportunity to streamline and optimise my businesses information?
- Can my compliance plan help me improve my technology choices, and move to IT which is more robust, strategic and modern?
- Where do I have information, processes, suppliers or tech which is obsolete or holding me back as a business? Can this be looked at in the round with compliance, and optimised?
- How can marketing, digital, IT, security and legal come together when it comes to the choices we make about the digital tools and tech we invest in as a business? How can compliance help rather than hinder that progress?
- Can I create a business case for compliance which delivers savings longer term?
GDPR compliance can be a brilliant prism for digital transformation or business optimisation. With the right approach it will help you balance growth and security, innovation and trust, speed with sense, and ultimately get your house in order when it comes to information governance, tech, processes, people and partners. But here's what won't work: having single-view subject matter experts, each with a narrow view pulling in different directions. Sponsor privacy from the top, take a holistic view which takes in IT, security, regulation/legal, digital, marketing and operations and focus on and find the long-term positive benefits.
Regulation doesn't need to hamper change, growth and innovation: the key is how you apply it.