Privacy debates in tech are not new. In fact, most industry players have been making promises and commitments to be “customer first” for years. But the truth is that the industry has done very little to protect customer privacy when revenue weighs in the balance. Now, with the long awaited rollout of Apple’s iOS 14.5, and similar moves expected from Android before the end of the year, Apple and Google are forcing the industry’s hand and unleashing the long-brewing Privacy Storm.
But these giants aren’t the only force behind the storm. With a Democratic Senate and a still-new president, there will likely be an uptick in movement toward federal privacy legislation. Consumers are also becoming more vocal about privacy, with 87 percent declaring that data privacy should be considered a human right.
This may all seem daunting for technology leaders. But now is not the time to brace behind sandbags and simply post a privacy policy section to your website without plans for further action. Now is the time to set your organization on a course to safety.
A privacy-first future is good for businesses and consumers. Leaders within technology companies must view this moment as an opportunity to align our sector with our values. Privacy protective practices are no longer merely the “cost of compliance,” but a way to differentiate a business within the market.
Here are three concrete steps technology companies should take today to set out on the right course for the long term:
1. Understand that privacy is not at odds with success
The technology sector is fast becoming a highly-regulated industry, and compliance can no longer be considered a “back-office” function. Instead, tech company CEOs must view strong privacy practices as integral to protecting and recognizing their future business opportunities.
From a purely economic perspective, a strong privacy and compliance program promotes customer and investor retention while lowering customer and investor acquisition costs. These relationships become stickier because they’re built on trust, so a virtuous cycle for the business emerges.
Companies kindle this virtuous cycle via culture, and a strong culture around privacy is not engendered by the legal function alone – building a privacy-centric culture demands privacy-centric leadership. It requires buy-in from the entire executive team and key internal influencers. It calls for a willingness to consider tradeoffs and a commitment to communicating internally about the role ethics play in strategic decision making. Above all else, it compels corporate leaders to remember that while they are responsible for the financial health of their businesses, they are consumers and citizens too.
2. Align your business with partners and vendors with similar views on privacy
When most companies circulate RFPs and negotiate compliance contract terms, they seldom pick up the phone and talk with their prospective vendor, data partner, or developer partner about privacy and data ethics.
Whether you’re a small, venture-backed startup or an established enterprise, you should be having “The Privacy Talk” with any company you’re attaching your company’s name to. Ask questions like: What are they seeing in the market? Where do they think the privacy landscape is headed? How are they future-proofing their business and, by extension, their ability to offer you a product, uninterrupted? Consider this extra context part of the SaaS subscription or data licensing fee.
Like it or not, and no matter whether your partner or vendor is storing your consumers’ data, running analytics, or whether you have their SDK integrated in your app, your reputations are linked. If their privacy practices are shoddy, so are yours by extension. If they find themselves at the center of scandal, odds are you’ll get pulled in as well. What’s more, your consumers’ or clients’ privacy will be jeopardized.
3. Reinforce your privacy stance with policies and processes
This doesn’t mean hire a lobbyist. Consumers, customers, and congressional representatives are all deeply concerned about the lack of tech regulation, and rightly so.
The absence of a federal mandate does not mean that businesses ought to abdicate any responsibility. Businesses must take ownership now and build out internal policy frameworks that regulate how data is used in their products. These policies should be enforced through review procedures, and internal councils and escalation processes should be put in place to navigate the grey areas and questions around privacy and data ethics.
At Foursquare, we’ve designed policies that regulate how location data can be used in our products, to protect consumers from sensitive insights and reidentification. Policy and process help to promote consistency in decision making and compel the business to uphold principles it has committed to–even when it is tempted by profit opportunity or otherwise. A commitment to policy and process today is not just the right thing to do – it will also serve to prepare your organization for the day that Congress acts, because that day is coming.
The technology sector is not at a crossroads – the only path forward is toward a privacy-first future. The choice in front of technology leaders is not whether to resist or support regulation, but rather whether they will take the necessary, strategic steps to thrive in an era where trust, transparency, and ethical standards must become the foundation of our ecosystem.
