How is the role of privacy changing in a tech-driven world? Do users trust the ubiquitous compliance tools, like cookie banners or privacy policies, and do companies implement them in a way that fosters transparency? How can privacy become a board-level priority?
These are the types of questions Ben Rapp (Founder, Securys) and I like to ponder over a cup of coffee together…
Who are Securys? A specialist data privacy consultancy with a difference. They believe that delivering privacy in a global context means going beyond GDPR box-ticking. That's why they bring legal, cyber and corporate capabilities to help enterprises address all of their stakeholders.
Didomi and Securys are partners of the Yes We Trust Summit, a worldwide, 100% digital privacy event taking place on October 7th. Ben and I, alongside Vivienne Artz OBE (Chief Privacy Officer & Managing Director at LSEG) will be speaking together on the day about how trust drives business and the role of compliance in a tech-driven world.
Here’s a special teaser for you! Carry on reading for Ben's initial insights on these pressing issues, and sign up for free to the Yes We Trust Summit on October 7th, where we will be expanding on these ideas and many more.
Summary:
- How do you think the role of privacy is changing in a tech-driven world?
- Can we label privacy as the intersection of tech and ethics?
- What is the relationship between privacy and trust?
- Has privacy turned into a box-ticking exercise?
- What role does data regulation play in this?
- Where do you think the industry will be in 5 years time?
- Why did Securys choose to sponsor YWT?
How do you think the role of privacy is changing in a tech-driven world?
The way we perceive privacy is currently in flux. Why? Because it’s becoming increasingly difficult to live in the modern world without giving up your personal data, and having that data subjected to processing.
Covid has been a major driver of this increase in data collection. Covid restrictions require you to pay by card, to scan in and out of restaurants, to travel with a plethora of digital health documentation. Covid restrictions make it impossible to live an “anonymous life”.
Historically in the West we have felt uncomfortable with this level of surveillance. We worry that our mobile phones are constantly collecting movement data, and might be listening to every word we say.
The fact that it has become increasingly challenging to “live anonymously” means that privacy is inextricably linked to what it means to live in the modern world.
Privacy is ever more important in principle, precisely because it is ever more frequently affected in practice.
Can we label privacy as the intersection of tech and ethics?
Privacy is an unusual philosophical concept, it’s not as easily explained as we might at first think. It is ontological, not teleological. It calls on our intrinsic value, our sense of agency, what we choose to share about ourselves. It goes much deeper than an underlying fear of the consequences of privacy done badly, and it is more than just a tech issue.
Effectively, I suppose privacy is the intersection between the desire of data controllers to exercise control, and the desire of data subjects to have freedom from that control.
Fundamentally, privacy is an ethical question about the way people are treated. Nonetheless, tech is an enabler of control, and a creator of power asymmetries. Privacy becomes intimately linked to tech, as tech increasingly dictates how we live in the modern world.
What is the relationship between privacy and trust?
I think the relationship between privacy and trust is a two-way street that is often forgotten.
Half of privacy is about trusting other people with information about you. And the other half involves considering privacy as a signal; choosing not to collect information or conduct surveillance is a way to show you trust people. I think it is this second part that many people overlook, particularly employers and financial services institutions.
So, for me, a lot of the work Securys does is helping employers build trust with their employees in both directions. We help them create that two-way street, not
just ensuring they are good stewards of their employee, customer and other
stakeholder data but also reducing unnecessary data collection to demonstrate that they trust their employees.
Has privacy turned into a box-ticking exercise?
Fundamentally, I think there is a big difference between privacy as we see it philosophically and privacy as it is practiced.
That’s why, at Securys, we have two slogans, “Privacy Made Positive™” and “Privacy Made Practical®”.
We’re trying to break out of the idea of privacy as box-ticking. Because, actually, surveys commissioned by us, such as Privacy Made Positive™, show that if privacy is done right, it can be a revenue generator.
While exploiting people’s data won't necessarily make you richer, treating them appropriately and behaving ethically will drive success both reputationally and in terms of your bottom-line return. Also, in a more pragmatic sense, capturing and processing large amounts of data costs money and creates an obstacle course of compliance hurdles that costs further money to navigate. Finally, that obstacle course then gets in the way of the customer actually completing the purchase, losing you money.
A big part of privacy should be the streamlining of processes, so that the process is efficient. How to achieve this? Only ask people to fill out the information you really need, in a way that is easy to understand.
What role does data regulation play in this?
I feel like there’s a disconnect between aligning all this thinking with the way privacy regulation works at the moment: I worry that data regulation as we currently know it does not prioritize the practical element to privacy.
I feel as though, often, those making the data processing decisions are not the hardest hit if something goes wrong: they need to prioritize putting themselves in the shoes of the data subject, minimizing potential harm.
We cannot forget the power asymmetry that poor privacy imposes on poor people. Ultimately, the less money you have, the more exposed you are to data abuse. You tend to be more reliant on free, ad-funded services, and don’t have the same resources to deal with the consequences of breach.
Where do you think the industry will be in 5 years time?
I hold both optimistic and pessimistic views.
Thinking optimistically, we’ll succeed in turning privacy from a box-ticking obstacle course into a board-level priority. We’ll recognize the current power asymmetries, and the negative impact this has on people’s lives.
I’d like to predict something of a backlash against large tech companies and their stranglehold on people’s lives. I’d also like to predict a change in compliance tools: How are we still at the stage when people are signing privacy policies (legal agreements!) that are over 25,000 words long, presented in a one inch square box or 5 levels deep into a website?
I’d like this industry to be stronger, more respected and more involved in a pragmatic way, working to achieve privacy protection goals in a way that promotes the rights of the data subject, and promotes business.
However, if I’m feeling pessimistic about the state of the world, then the big tech companies will win, and privacy will remain a largely futile box-ticking exercise.
Yes, we might set regulations on cookie banners, we might think we’ve acted well because we’ve written a privacy notice that nobody reads, but we’ll be ignoring the key issues. We’ll be brushing aside topics such as AI, large data sets, automated decision making and government surveillance.
Why did Securys choose to sponsor YWT?
Securys chose to sponsor Yes We Trust because we wanted the chance to talk about privacy as a trust issue, not a compliance problem. We want people to understand the bidirectional nature of this trust.
The ultimate arbiter of the success or failure of a privacy program should be the data subject, not the regulator. It is the data subject’s trust that you need to win, and the data subject you need to prioritize.
However, this is not only an ethical question. It’s also a business question. We have evidence that privacy done well is a revenue driver, an untapped pool of revenue opportunity. We’d like to use the Yes We Trust Summit as a platform for proving that, in the internet age, trust is the single most important driver of success in business.
Unfortunately, that’s all Ben and I had time to discuss, but we’ll be back for Round Two on October 7th, at the Yes We Trust Summit.
Didomi and Securys’ values align in viewing trust as the single most important driver of success in business. We understand that building growth underpinned by trust involves complexity, it involves transparency. But, ultimately, investing in trust is the best investment a company can make.
This is why we are both proud supporters of Yes We Trust, and why we are both committed to the mission of building trust with transparency.
Will we see you on October 7th?