Eve Maler, VP of Innovation & Emerging Technology for digital identity specialist ForgeRock, shares her views on the current state of data privacy and highlights the trends that are defining the debate in 2019.
Data Privacy Day takes place on January 28 every year. Organised and championed by Stay Safe Online, the date was chosen to commemorate the day in 1981 when EU convention 108 was signed, becoming in the process the first ever legally binding international treaty dealing with privacy and data protection. A date to remember indeed.
This annual event plays a vital role in highlighting the importance of data privacy and protection internationally. Coming so close to the start of the new year, I find that it also serves as an ideal moment in time to take stock and, much like the US President (usually) does with the State of the Union, share an update on, in my case, the state of the data privacy landscape.
What a year that was…
Let’s begin by looking backwards. After all, for those of us who specialise in digital identity and privacy issues, 2018 was a pretty momentous year. Not only did the long-awaited General Data Protection Regulation (GDPR) come into effect in Europe on May 25, bringing with it fundamental changes to the controls that consumers have over their own data, but events also conspired to catapult privacy and consent issues on to the front pages, and into the public’s consciousness, in an unprecedented way.
The Cambridge Analytica scandal broke in April and made headlines across the world. The repercussions are still playing out within and beyond the tech industry, but the public outrage over Facebook’s historic data practices will likely prove to be a turning point in consumers’ awareness of how their personal data is captured and used. The man and woman in the street have now know that they have paid for many of the ‘free’ digital services they use in personal data, often in opaque and unethical ways.
The extent to which this mishandling of personal data has become the norm across industries is a huge cause for concern – and the consequences will continue to be felt for years to come.
However, as we head into 2019, it is important not to lose sight of the positive shifts taking place in the world of Data Privacy. In fact, here are three big reasons why businesses and individuals should be feeling optimistic this Data Privacy Day.
#1 Consumers are waking up to data privacy
In Europe, there is growing evidence that GDPR – with the help of high-profile public scandals such as Cambridge Analytica – has already caused significant changes in consumer attitudes around privacy. Since the new regulation came into effect eight months ago, official bodies across Europe have reported record numbers of complaints about how personal data is being handled – a clear sign that consumers are starting to pay more attention to these issues and take advantage of the rights awarded to them by GDPR.
Interestingly, it is the Great British public that is leading the charge: the UK’s Information Commissioner’s Office saw a 260% increase in the number of complaints in the three-month period immediately following GDPR coming into effect.
France has also seen a big shift with a 64% increase in complaints reported by the regulator over the same period. France is also leading the way when it comes to responding to these complaints, with data protection watchdog CNIL issuing the first major fine to a tech giant earlier this month. The regulator issues a fine of €50 million (US$57m) after finding that Google’s onboarding and set-up process for new Android devices was in breach of GDPR.
With Amazon, Apple, Netflix and Spotify (and Google again) also accused of failing to comply with GDPR in a separate case, we are likely to see more data rights issues, and significant fines, making the headlines in the year ahead.
#2 GDPR has had an impact beyond Europe
There are also signs that GDPR is starting to have a real impact far beyond the EU. In the US, there has also been a noticeable ‘GDPR shift’, with many businesses rewriting their privacy notices and – in some cases – improving their approach to data transparency and controls.
The question is, why is this happening? The answer could lie in a phenomenon I heard about years ago concerning the Miranda warning (aka the ‘you have the right to remain silent…’ speech). Apparently, American cop shows and movies are so embedded in pop culture globally that audiences in other countries started to believe they have these rights too – even though they only apply in the US.
It certainly seems possible that GDPR has become embedded in the global privacy debate to such an extent that consumers and businesses now see it as the new normal, regardless of geography.
Beyond these voluntary measures, there are also encouraging signs that GDPR has triggered a rising tide of data regulations across the US and in other markets as governments look to implement similar measures. In the US, regulations are being strengthened at the state level – particularly in California, Colorado, Virginia, Washington and Illinois – and we are also seeing more discussions at a federal level. Argentina, Brazil, India and Australia are also moving to introduce their own data protection regulations.
While the specifics of these regulations will vary from market to market, the fact that many of them will be closely based on the EU’s framework reflects a growing consensus about the importance of privacy as a human right.
#3 Good privacy practices = good business
The third reason to be cheerful is that, increasingly, good privacy practices are not just the responsible thing to do – they are also good business practice.
For proof of this, you only need to look at the growth of DuckDuckGo, the alternative search engine that has built its offering around the promise that users can ‘seamlessly take control of your personal information online, without any tradeoffs’. This company that defines itself around privacy and transparency is now profitable and recently reported US$10m in new funding and an impressive growth rate of 50%.
As consumers pay more attention to how their data is being handled, they will be become ever more willing to not only exercise the rights enshrined in law, but also to take their business (and attention) elsewhere if they feel that brands are letting them down.
In 2019, we will see more consumers speaking up on this issue, and ever more businesses will come to realise that giving customers what they want is no longer just about convenience and value – it’s also about earning customers’ trust around personal data.