Data privacy and security was center stage at this year's Collision conference, with huge numbers of talkers touching on the need for privacy by design, better regulations, and improved education.
To open the conference, Alex Stamos (former Chief Information Security Officer at Yahoo and Facebook) delivered a thought-provoking Q&A. During the session, Stamos brought attention to the problematic relationship between businesses and consumers:
We kind of hope that privacy is what consumers will make decisions using and therefore that will create a marketplace for companies to really respect their privacy but that's turned out to not be true.
We see no mass movement of consumers choosing different products or different services, in fact over and over there are examples of people who are willing to violate their own privacy en masse if there is a small economic benefit to them.
During a talk titled 'Making data human: How to build a data-driven strategy' the co-founder and CTO at Impresee, Camila Alvarez Inostroza, also drew attention to the value of data. Inostroza explained that Impresee's clients are fond of data because they can use it and see value in it. According to Inostroza, although startups may not consider data a product, "it is a product".
This is an interesting point, and while Inostroza was talking about data in a more general sense, her comments still help to shed light on why consumer data holds the commercial value to be exchanged in return for free services.
Brittany Kaiser, the whistleblower who opened the door to the Cambridge Analytica scandal, explained that while she is in favor of regulation to improve the relationship between consumers and corporations, she believes it is consumers that can have the quickest impact.
It is so important for us to concentrate on education and awareness of how tech works and how people as individuals can make better decisions in their day-to-day lives.
We have to come out, we have to stand up either as whistleblowers or people that are making an ethical and moral decision. (...) We all have an opportunity right now to educate and raise awareness to change laws and regulations and to develop ethical forms of technology that protect and empower people as opposed to taking advantage of them.
That said, Kaiser is also positive about the Biden administration's push to put tech-knowledgeable people into pivotal positions, a move that we can only hope will help to pave the way for federal privacy laws.
Talking about open-source technology and how it can benefit both cybersecurity and consumer privacy, Ondrej Vicek Chief Executive Officer for Avast said:
The interesting dynamic I think lately is that besides the obvious attacks like cyberattacks, the bad guys attacking the good guys, there's also this other side of the coin with cybersecurity which is more related to data privacy and things like that where transparency becomes even more important.
Today both consumers and corporations are much more sensitive about the usage of their data and the overall data protection standards, and here I think again the transparency subject keeps coming up where basically systems that are transparent that are open and available for public scrutiny are assumed to be more reliable from that perspective or more trustworthy because of less privacy concerns compared to some of the proprietary systems.
Unfortunately, even the best data privacy regulations don't currently provide businesses with enough guidance on how to leverage trust-amplifying technologies to develop products that are compliant with regulations like GDPR. Stamos noted that:
One of the key things that I would like to see in Europe is I would like to see a more aggressive interpretation of GDPR in the guidelines effectively for the creation of safe harbors in which if you design your product to work in this manner, and to do these certain things, then we believe that is compatible with GDPR. (...) Then that will start to have the effect of engineers and product managers starting to learn how to build their products in a privacy-preserving way.
One thing remains clear, businesses have a thirst for data, and countless consumers seem intent on giving theirs away to gain access to services without paying.
In such a world, it's essential for regulators to set strict boundaries on the harvesting and use of data, while also providing clear specifications on how privacy-enhancing design choices can be leveraged to develop services and products that comply with regulations from the ground up.
In the US, as Stamos highlighted, this must involve the passing of federal-level override laws that provide strong data protections throughout the fifty states. Until this happens and governments worldwide find adequate solutions, data privacy seems set to stay on everyone's mind.