Voltaire reportedly put it this way: “Une grande responsabilité est la suite inséparable d’un grand pouvoir”, but most of us know the version made famous by the narrator in Spiderman:
“With great strength comes great responsibility.”
(As a proud European) I believe that governments have a responsibility to create and enforce rules on data privacy — simply put: data is a powerful weapon, and weapons should be controlled.
The incentives of private enterprises are not aligned with society as a whole. Fear of social media mobs is a useful check on the worst data privacy abuses, but it cannot not replace the work of elected, accountable officials (no matter how flawed). They are the only people who have the legitimacy to arbitrate the complex tradeoffs.
It’s “simply” about public safety — people need to be protected for the same reasons we don’t let people buy cars that blow up in crashes and we force them to wear motorcycle helmets and seat-belts.
The European General Data Protection Regulation (GDPR) is going into force this year, with strong controls over how consumers’ data is stored, accessed, and shared.
It is forcing organizations around the world (it applies to any data about the activities of anybody in Europe) to put in place the kinds of clear processes that I believe they should have had in the first place.
Does this impose big new costs on organizations and potentially reduce innovation? Absolutely. But doing the right thing is always more expensive — just as those car manufacturers would rather not have had to spend so much money on making their products safer. And the GDPR includes data portability rules that will increase competition and innovation.
The reactions of companies have surprised me. Privacy and trust is clearly going to become more important in the future. Faced with the inevitable, the most sensible reaction is to use data privacy as a competitive differentiator, rather than grumble about the cost of implementing it — Volvo, for example, took the notion of seatbelts and safety and actively promoted it as a part of their brand image.
Companies should seek to go beyond the minimums set by the applicable laws, and instead start behaving today as if the data were owned by the people who generated it. Don’t do it because you’re forced to — do it because it’s good business.
This means transparency, making it easy for people to see what data you hold about them, and what you’re doing with it. It means asking for permission before using their data in new ways. And It means letting people control who else has access to that data.
Is your organization trustworthy?
Is that part of your marketing?
Should it be?