OPINION28 January 2019

Tightrope walking in the Alps

Data analytics Europe GDPR North America Opinion Privacy Technology UK

On World Data Protection Day, Finn Raben argues recent conversations in Davos have highlighted the need for an independent third voice to strike the balance between the two sides of the data regulation debate.

For the past 18 months, the way companies and governments manage and enforce data regulation has been on everyone’s lips. The complications of data regulation are vast, with companies, governments and individuals all staking claims as to how and what regulation and policy they desire and expect. Above all, there is a clear and ongoing tension between the big global technology companies, often existing in a data free-for-all (with over two billion people’s personal data compromised in 2018 ) and the heavily controlled and centralised data policies of certain global regimes such as China and Turkey.

This tension was at the fore in discussions among the world’s great and good gathered at the World Economic Forum in the Swiss Ski resort Davos last week. As the snow fell and the gluhwein was sipped, data was on everyone’s lips. Is it possible to have a world where technology companies can thrive, and we can still put citizens first? MEP Marietje Schaake, quoted in the Financial Times, summed it up brilliantly: “Those who live under dictatorships say, ‘please don’t give me a ministry of truth’ and I agree with that fully. But is it acceptable that Mark Zuckerberg is the minister of truth?” A scary prospect indeed.

There’s a fine balance to be taken between decentralised government data policies, like those in the US, and Chinese-style centralised government data policy. A decentralised system is unstructured with no clear parameters of what ‘can’ and what ‘cannot’ be done. The application of law is largely defined by who shouts loudest, pays the most or what instance seems most serious. There is little incentive for business to behave ethically, other than the reaction to potential PR disasters. If an organisation in this environment does not take advantage of the situation, you can bet your bottom dollar someone else will. Of course, businesses are free to unilaterally self-regulate to whichever standard they desire, but the level to which they do this is variable.

On the other hand, a centralised system is usually designed to support an authoritarian regime and puts all the cards in the hands of the apparatchiks. Big data is a fantastic way to gather enough information on your citizens to govern when you don’t allow public debate or electoral feedback. Using networked technology as a governance tool provides all the information you need without having to deal with the fiddly (!) problem of freedom. Of course, there is an inherent bias in this system in that the good of the state overrides the needs of business or society.

Big Tech is always looking for a competitive edge, often at any expense, but there is a lot of evidence to support the notion that technology start-ups in Amsterdam and Berlin (under GDPR) thrive just as well as those in Singapore or Atlanta (without GDPR). However, this doesn’t mean we automatically need more state regulation. Instead, companies need to take greater responsibility just as much as governments and lawmakers. Businesses tend to be more advanced in their thinking, and can present themselves as partners to legislators, as well as guardians to the public.

The stance taken by Apple chief executive Tim Cook is a case in point. He has called for new digital privacy laws in the United States, warning that the collection of huge amounts of personal data by companies is harming society. “Platforms and algorithms that promised to improve our lives can actually magnify our worst human tendencies,” said Cook. “Rogue actors and even governments have taken advantage of user trust to deepen divisions, incite violence, and even undermine our shared sense of what is true and what is false. This crisis is real. It is not imagined, or exaggerated, or crazy.”

Apple’s commitment to privacy makes its rivals’ lack of commitment (let alone acknowledgement) all the more concerning….and not just for privacy. One of Friday’s headline stories on the BBC reports on Facebook’s decision to ignore evidence that minors (<13 years old) were spending large amounts on in-app payments, without parental consent. One would hope and imagine that an open and honest company will usually fare much better than one that is perceived as opaque and dishonest?

As with every situation, there is no one-size-fits-all policy, but the conversations in Davos yet again demonstrate how much international businesses and governments need an honest broker to balance the arguments and educate both sides, without having ‘skin in the game’. An honest broker can help to balance the legislative imperative with the commercial and societal need for freedom. Working for the good of the whole sector (companies AND employees AND the public), global data and insight communities like Esomar and MRS offer a safe harbour for practical discussions about preserving the long-term viability of the industry to all sides.

Finn Raben is director general at Esomar