With Mark Zuckerberg testifying in front of congress this
week, there is a lot of talk about adding additional regulation on the high-tech
industry. It would be great if we could solve the problems with regulations but
I see three major problems.
1.
We have a
Data Driven Economy and economic drivers that will never let us go back to a
place where we can truly and fully protect privacy. We all see the targeted
messaging online and even in low-tech US mail that we receive every day.
Companies depend on this type of targeted marketing and it is crucial for the
bottom line. Even the largest businesses can no longer afford large scale, high
impact marketing campaigns that can be seen by a majority of the population. When
there were less channels and less alternative entertainment options, TV used to
be an effective place to advertise. What percentage of people would see an add
that is run on the major TV networks – my guess is way less than 5% unless you
do this during an event like the Superbowl. Many small to medium businesses would
never have a chance without a little glimpse into your privacy to create targeted
marketing. If we were to protect all information, it would have a disastrous
effect on our economy.
2.
How do we
define the Gray Areas? So, if it is not economically feasible to bring back
full privacy and personal information absolutely required to support our data
driven economy, where do we draw the lines of privacy and data use? The black
and white issues are simple. No one wants compromise on protection of high risk
information like social security information or credit cards but what about the
gray areas. There will be several opinions on this. There will be people that
want complete and constant anonymity and there will be others that enjoy
getting targeted information about things that interest them or have no
objection to getting geographic based push couponing. It is not feasible or
even possible to regulate this. Companies that want the consumer’s business
must provide simple, easy to understand options or privacy settings.
3.
People
who don’t understand technology can’t make laws to efficiently or adequately regulate
it. (Speaking from a US point of
view.) For the most part, US legislative branches (or state legislative
branches) have no idea the power, capabilities and complexities of today’s
technology. I remember an early comment by President Trump “You can’t review
650,000 emails in eight days,..You can’t do it”. Obviously, he has no clue
about technology, and he is certainly not alone. Some will assume my comment
reflect some ageism here. To a degree age is a factor. The average American is
20 years younger than their representative in Congress. Average age of
representatives are 57 and senators are 61. However, it is not just age. Most
people, in the world, regardless of age, have no idea what can be done now with
technologies like AI, Analytics, IoT and Blockchain. If we allow governments to
craft regulatory legislation, the real authors of this legislation will be the lobbyists
who throw the most money at our legislators.
The European Union is offering regulations
to try to protect privacy. GDPR – General Data Protection Regulation is a new
law that goes into effect next month that mandates that all companies dealing
with EU residents must guarantee privacy. Highlights include:
a.
Permissions - Companies must gain explicit
permission to use personal data (not hidden in small print user agreements) and
must disclose how personal information is being used.
b.
Right to be forgotten - Companies must delete
personal information that is not being used and anyone can request complete
deletion and a company must comply.
c.
Data breach notifications must be communicated
within 72 hours.
Although this sounds like data privacy
Nirvana, the creators of the law have no idea what a Herculean task this really
represents for large companies that have been around and have been collecting
data for decades. The intent is great. The implementation is complex and costly. Even companies that think they are in compliance
will likely never be unless, they dismantle every legacy system and burn the
company to the ground and start over.
The most effective protection will come from knowledgeable
consumers who reward businesses that provide them with the level of security,
privacy protection and transparency that they want. Of course, there will be a minimum standard
(regulated or not) but companies that want my business need to do much more.