Happy Data Privacy Day!
People’s Personal Data Needs and Desires Are (Surprise!) Personal
I finally did it – moved from a tiny condo to a huge house. And now I have smart home use cases that I resisted mightily before, being what researcher Alan Westin called a “privacy fundamentalist”, a strong believer in privacy and personal data protection.
It’s a big place, so running around turning off lights every night can now take serious time and mileage. Why not add Alexa-enabled lighting scenes? And we’re now in a neighborhood that anyone can drive into, along with doors and windows pre-wired for smart security. Why not use a smart door lock and camera? My personal data preferences have just changed big-time.
However, I’m also on the cusp of leaving Facebook entirely for, well, obvious reasons. (Anyone else?)
Here’s the thing: I’m not just a “privacy fundamentalist”; I’m also a “privacy pragmatic” in Westin’s terminology. When it comes to some situations and personal data, I see the pro/con tradeoffs in sharp relief. And when it comes to still others, I’m simply “privacy unconcerned”, what you might call a TMI person. Pretty much all of us are a mix, and the lines can move around over time.
Consumers Have Been Changing Their Privacy Behavior
Here’s some hard evidence that, in the modern era, consumers are willing to take action about privacy situations they don’t like.
Across the EU, the GDPR is enabling people to record complaints in greater numbers about personal data handling problems by data controllers. France’s data protection agency CNIL received 64% more individual complaints in the first few months since May 25th this year (the GDPR enforcement date) than the same period last year. In the UK, the Information Commissioner’s Office received more than two and a half times as many complaints.
Or look at the 50% growth rate of privacy-protective – and profitable – search engine DuckDuckGo. Less than a year after reaching twenty million daily searches, it recently announced it hit thirty million searches. The company recently took in ten million dollars in venture funding. And I see threads like this one on Twitter about how to live in a more privacy-protective way all the time lately (great advice there, by the way). People are growing ever more privacy-aware and once again taking control where they can.
US Regulation May Be Coming, But Innovation Is Always Your Responsibility
Serving customers the way they want to be served must include convenience, value, and earning their trust around personal data. The fact that people feel differently about different data at different times is one of the factors that makes it so hard for businesses to solve privacy challenges and manage consent. That’s on top of what businesses are made to do by the text of regulations alone, such as the GDPR, California’s new Consumer Privacy Act, and Colorado’s recently toughened-up Consumer Data Protection Act. But it opens up opportunities.
Yes, the drumbeat for US federal privacy legislation in 2019 is getting pretty loud. The latest in a string of recent data protection bills is Sen. Marco Rubio’s, called the American Data Dissemination Act. And Apple’s Tim Cook has kept up the pressure with his latest op-ed calling for comprehensive privacy reform that puts consumers in control. But as Cook acknowledges, legislation is only part of the equation; innovation is unquestionably another.
The most exciting work I’m involved in these days around personal data right now is happening in the area of delegation of access. It’s partly driven by regulation but partly also driven by practical needs, for example to help healthcare patients direct data sharing to family members, care providers, and others. The Internet of Things has an impact because of the rise of fitness wearables and the data they generate. Without an innovative mindset, it’s impossible to make progress in solving these challenges.
Think of it this way: In the same way that digital transformation isn’t solely a technical exercise but mainly a business innovation pivot, rethinking privacy and consent should not solely be a compliance exercise. Businesses have new opportunities to present data sharing deals to the individuals who interact with their brand. Even as the regulatory landscape changes, the consumer landscape is also changing. So the question becomes: How to strengthen those deals?