GDPR and privacy are smokin’ hot for innovation right now

It would probably be a bit much to suggest that a piece of European legislation can be ‘sexy’, but it would be fair to say that the new EU GDPR is a ‘hot’ topic right now. It was the focus of the last post here on Internet Of Me in which we looked at how regulation can be a business opportunity. We return to it here as the GDPR dominated discussions at Privacy: The Competitive Advantage, an event held last week at Microsoft’s new London HQ.

As the name suggests, privacy was the focus among an impressive line-up of speakers examining where organisations face opportunities and challenges in the personal data economy landscape. Here, Internet Of Me offers a round-up of the day’s key thoughts and ideas.

John Taysom, an investor and academic with roles at UCL, Harvard and Cambridge, opened by challenging the popular idea that data should be thought of as ‘the new oil’.

“Data is not the new oil — oil is finite. Data is abundant and infinite, so it’s more like solar energy. The oil analogy doesn’t help.”

Data is, he said, a new form of capital and one that represents a “huge commercial opportunity”. Rather than use it to define what makes each of us individually different, though, businesses need to see the value in identifying the smallest possible groups sharing similarities while respecting privacy constraints.

Taysom cited research by Forrester that predicted privacy would be a major competitive differentiator for organisations, which stated “privacy is a game changer; it will be to organisations in 2016 what websites were to companies in 2000”.

Taysom said the greater power and control over personal data that the GDPR gives to individuals means “even Facebook is going to have to radically rethink the way it does things with personal data”. Privacy, he said, is now a board-level issue, with the GDPR allowing businesses 24 months to re-position — and facing the “big stick” of fines up to 4% of global turnover.

Amit Pau, Managing Director at investment firm Ariadne Capital, picked up on the oil analogy but expanded on those consequences for businesses if they get data wrong.

“If brands don’t handle data properly it won’t be the oil, it will be the asbestos for organisations,” he said, describing the GDPR as “light touch” with the 4% turnover fine “shockingly low”.

Pau said that far from being unwitting fodder for data harvesters, Generation Y was fully aware of how personal data was being used and had given tacit approval for exploitation.

“Millennials know they are the product — whether that’s Facebook or WhatsApp etcetera — and they say ‘I’m not paying for it if I’m the product so companies have the right to monetise me’. They have made the decision that that’s OK.”

However, he advanced the idea that the consumer is now the legal owner of their data which, with the creation of the right framework and rules, will lead to wealth creation with the individual benefitting.

Destruction for the Gang of Four?

Such an arrangement spells disaster, Pau insisted, for the Gang of Four — Google, Apple, Facebook, Amazon — whose position of “controlling and destroying every industry is not a healthy position”.

“If the consumer is the legal owner of their data and there are personal entrepreneurs in the personal data economy that’s when the Gang of Four model is destroyed”, he said.

Millennials were also the driving force for change for Katryna Dow, CEO of data sharing service Meeco:

“We need to shift the conversation from privacy to power. Intent will be a very important aspect. We need to talk to young people about power and how they are part of the value chain.”

Alexander Hanff, CEO of Think Privacy, fired a broadside at the ad tech industry and urged publishers to “grow some” and wrest back control of the situation.

“There has been a displacement of power. Publishers are at the top of the food chain. Why are they allowing the ad tech industry to push them around and control the relationship with their customers?

“There’s no guarantee of revenue from advertising. It’s a chance to make revenue. There is no contract with the consumer. Ad block, no track, switching off cookies are all a removal of consent.”

Let innovation solve the problems

Representing the regulators were Shaundra Watson, Attorney Adviser to the US Federal Trade Commission’s Chairwoman Edith Ramirez, and Steve Wood, Head of Policy Delivery at the Information Commissioner’s Office. Both were keen to emphasise how regulation should not stand in the way of innovation and progress.

Watson highlighted how the Internet of Things — especially wearables and connected domestic devices — will create a trail of incredibly detailed sensitive information about consumers.

“Privacy is a shared responsibility between individuals, government and industry. It is not a case of regulation versus innovation. Innovation is how we will protect privacy.”

The ICO’s Wood said: “There’s the view that too much regulation is bad for innovation. Our job as regulators is to listen to organisations and have a dialogue. GDPR brings organisations the opportunity to sell themselves with privacy as a differentiator.”

Data privacy as a human right

What particularly struck a chord for Internet Of Me was his comments on the GDPR: “Data privacy is a fundamental human right that is enshrined and protected. GDPR enhances rights the individual has got and makes them more effective in terms of enforcement.”

The idea of an individual’s control over data being a fundamental human right goes right to the heart of the Internet Of Me, and so it is interesting that a regulator should articulate a view on privacy in such terms.

Wood highlighted areas of the GDPR ripe for innovation as being: ways of verifying identity while maintaining privacy; seals and certifications for organisations to demonstrate compliance and build confidence among consumers; ways of delivering data portability; transparency of privacy and consent information delivered as layered notices rather than overwhelming screeds of policy information; and privacy by design as something to address at the start of the data process.

The transparency that runs through the GDPR was the focus for Ian Ferguson, VP Marketing and Strategic Alliance at ARM who manufacture the chips used in the majority of the world’s smartphones as well as in many IoT devices.

“Customers will demand simple explanations of how their data is used and protected,” he said. “Data has value but only when shared. Industry needs to earn the right to derive value from data by demonstrating integrity — trust — by sowing the benefits of usage to the public. You have to start with the idea that a person has rights over the data that’s collected. You have to be transparent about what you’re doing with that data.”

So the consensus was, perhaps unsurprisingly, that privacy and the provisions for it under the GDPR represents an opportunity for businesses, both in the way they operate and for future innovation. Getting privacy right is vital in order to build the foundations of trust and security that will underpin the personal data economy.

Ruth Boardman, Partner at law firm Bird & Bird which sponsored the event, neatly summed up how this piece of EU legislation has the potential to unleash innovation for the businesses that truly embrace it:

“We can see where the GDPR is going from red tape to rocket fuel.”

Now’s the time for businesses to fill their tanks and prepare for lift off.