Navigating Data Privacy Law in a Global Society – TechCrunch
China, the world’s most populous country, passed its first major data privacy law in August. Going forward, any global business or aspiring startup doing any kind of business or offering online services will likely be affected as they engage with Chinese residents covered by the Personal Information Protection Act (PIPL).
While this seems like pretty big news, the legislation itself is similar to the EU’s General Data Protection Regulation (GDPR), which was introduced in 2016. Shockingly, though, is that companies have had two years to prepare for GDPR, while PIPL goes into effect on November 1, 2021.
This leaves businesses scrambling to determine compliance. In addition, it underlines the importance and urgency of data privacy on a global scale. China is the 17th country to establish a GDPR-like privacy law. What global superpower is not on this list?
The United States has yet to pass a large-scale, consumer-focused national data privacy law, despite several studies indicating that Americans want more control over their personal data online. This omission has important implications for the tech industry in particular.
With so much going on, it’s clear that we’ve reached a critical point in data privacy maturing. How we do this will potentially affect billions of consumers around the world as well as the development of businesses ranging from the smallest startups to the largest global companies. This moment demands careful consideration.
As such, let’s try to solve the current conundrum of data privacy, starting first by examining the evolution of data privacy law in the United States and what it means on a larger scale. , before finding out how data minimization attempts address these issues. After weighing these integral pieces of the data privacy puzzle, I’ll conclude by making a call for global data privacy standards that put people firmly in control of their data.
Data privacy in the United States
But our federal government has failed to pass a sweeping bill that protects consumers’ digital privacy rights, leaving it to the states to do it themselves (e.g. California CCPA, Virginia VCDPA and ColoPA of Colorado). This has left many Americans with no privacy rights and businesses don’t know what to do.
Some people argue that this is how it should be, warning that a stranded Congress could never pass meaningful consumer privacy legislation. Even if they do, it will be too watered down for the matter, which would then negatively affect carefully crafted state laws.
At the same time, it is possible to have 50 national data privacy laws – all similar, but probably each different in its own way, creating a nightmarish scenario for companies trying to do the right thing. Now amplify that on a global scale.
Data minimization isn’t the only answer
One approach used to help combat data privacy involves the principle of data minimization, which allows businesses to collect and retain personal information only for a specific purpose.
Basically, this is a call for businesses to just collect less data. Think of marketing teams reducing their input or establishing retention schedules to purge existing data.
This is great for some, but for others it may be unrealistic. Even the most consumer-friendly businesses are unlikely to encourage marketers to go out and collect less personal information about potential customers, and they could almost always find a rationale for entering data.
But, the practice, even in its purest form, could be detrimental to startups that rely on personal information and preferences to develop products and grow their businesses. Minimizing data in this sense could have the unintended consequence of stifling innovation.
And frankly, it may not even be necessary if consumers have a say in how their data is acquired and used. In some cases, consumers are willing to share personal information because they prefer a more personalized and tailored experience. For example, brands like Stitch Fix or Sephora ask for a lot of personal preference up front to provide a better shopping experience – and for many that’s OK.
A call for global data privacy standards
In my opinion, all of these complexities, fine lines and moving parts are surfacing and causing problems for businesses and consumers alike, as there is no such thing as a global standard to put people on the same page. Until one exists, everything else is just a band-aid.
Now is the time for us to develop a set of core principles that countries can agree on so that consumers around the world are protected and businesses know what is expected of them in any given situation. geographical area.
Otherwise, it won’t be long before we take a look at a plethora of international data privacy laws, some stricter than others and all a little different, making it virtually impossible for businesses to achieve 100% compliance. %. It’s time to put the brakes on things.
Data privacy standards would establish a foundation of fairness that transcends geographic boundaries and works for businesses at all times. This would make it exponentially easier for companies to engage in international business.
Expect existing spheres of influence to drive this change. Because there are massive, negative, and costly implications at stake for any business that hopes to even globalize, the entities will work together to create common solutions. The momentum is there. Given China’s footprint alone, it won’t be long before other countries follow suit.
Despite the data privacy gaps at home, even US-based business organizations are taking the first steps towards global standards. Consumer Reports, for example, formed a task force to develop potential solutions. This could help accelerate global interests in data privacy to protect both businesses and consumers.
At the heart of data privacy standards
Data privacy standards are needed now, and the main thing to remember as they develop is that we need to give people control over how businesses handle their information.
Consumers deserve to know who has access to their information and why, especially as services and applications become more connected to facilitate transactions. They should also have the right to delete personal data upon request as well as prevent companies from selling their information without authorization. These are fundamental and universal rights; these are the points on which the governing and supporting bodies should agree.
While marketers may bitch, it shouldn’t just be assumed that all consumers are against sharing their information. In fact, many appreciate the personalization of experiences or the ease of transactions that are made possible by allowing businesses to collect and retain their personal information, as shown in the examples above.
Consumer choice ultimately creates a healthier ecosystem overall and opens up new avenues for businesses to build trust and transparency. It will also prevent companies from perpetually scrambling to develop and manage a multitude of different mandates.
I foresee a future where startups are built primarily on privacy. It even risks becoming a real differentiator. But the biggest part of the change will be giving consumers indisputable control over their data, no matter where they are, or the systems that hold their personal information. Data privacy standards will protect these rights in ways that other approaches cannot reasonably replicate or scale up; they will eliminate confusion so that businesses can operate efficiently.
Once we’re all on the same page through standardizing data privacy, real progress can be made.