Data privacy is no longer a legal requirement, it’s vital for greasing the wheels of the economy, as the Facebook/Cambridge Analytica debacle shows.
Following the latest revelations concerning the use of data acquired from Facebook by Cambridge Analytica, shares in Facebook have fallen sharply, knocking around $30 billion off the value of the company.
It illustrates a truth of the modern economy, data protection is not just a regulatory requirement – it’s vital for corporate profitability and valuations too. As we enter the data age, with the Internet of Things, AI and social media creating an extraordinary volume of data, overcoming public doubts, when that public was brought up on an Orwellian fear over privacy, is one of the most important economic challenges of the modern era.
Phrases such as ‘Big Brother’ and ‘Room 101’, have become so entrenched into the public psyche that privacy concerns have become synonymous with fears over creating a 1984 society.
An important part of GDPR (General Data Protection Regulation) coming into force on May 25th, is transparency, accountability and control.
Even if data is collected in an appropriate way, the controller of that data is responsible and accountable for how it is processed by third parties. As Abigail Dubiniecki, a lawyer who among other things specialises in data protection, a lecturer at the Henley Business School on Privacy, Data Security, Trading Data, Law and Compliance, and a regular speaker at the GDPR Summit series of conferences, told us: “Although Facebook may want to split hairs and say this wasn’t a breach, it absolutely was a breach, but it wasn’t a breach when someone had to do some complex hacking, it was Facebook not taking care, as they should, with other people’s data.”
Central to GDPR is the concept of Privacy by Design, the principle that data privacy must be built into a product or service at its very foundation, not an after-thought. Ms Dubiniecki explained: “If Facebook had really baked in privacy by design they would have had all those controls in place. GDPR has tried to fill every possible loophole, you can’t kick your liability down a chain and say ‘it wasn’t me it was a supplier’ or, ‘we had contractual language in there and they breached the contract, not our problem’. No, you have to have measures in place to ensure all the way down the line that this actually happening. With Cambridge Analytica, Facebook might say ‘they breached our terms’, but that is not acceptable, privacy by design means end to end lifecycle protection, which means you don’t just pass the problem onto someone else and wash your hands of it; had they taken that approach and filled in the gaps, they wouldn’t have been taken by surprise because they would have had measures in place.”
In other words, GDPR enforces upon companies the kind of practices that would in any case help engender trust with customers, and as the slide in Facebook shares shows, such trust is enormously valuable.
One of Apple’s unique selling points – market cap just shy of $900 billion – is the way it respects customer’s privacy – it’s privacy statement says that: “At Apple we believe that privacy is a fundamental human right.” It’s one of the reasons the iPhone is so popular.
GDPR can impose fines of up to four per cent of a company’s turnover for failure to take appropriate steps in ensuring data privacy, but the potential loss to share prices and profits than can result from loss of customer trust dwarfs these possible fines. And if data is the currency for the digital economy, that currency is worthless without the trust from the public that their privacy is respected. GDPR is vital for supporting this, it’s no exaggeration to say it can fix a trillion dollar problem, or provide a trillion dollar boon.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/