China, the world’s most populous country, passed its first major data privacy legislation in August. Going forward, any global business or aspiring startup doing any kind of commerce or offering online services will likely be affected as they engage with Chinese residents covered by the Personal Information Protection Act (PIPL).
While this seems like pretty big news, the legislation itself is similar to the EU’s General Data Protection Regulation (GDPR), which was introduced in 2016. Shockingly, though, is that companies have had two years to prepare for GDPR, while PIPL goes into effect on November 1, 2021.
This leaves businesses scrambling to determine compliance. In addition, it underlines the importance and urgency of data privacy on a global scale. China is the 17th country to establish a GDPR-like privacy law. What global superpower is not on this list?
The United States has yet to pass a broad, consumer-centric national data privacy law, despite several studies indicating that Americans want more control over their personal data online. This omission has important implications for the tech industry in particular.
With so much going on, it’s clear that we’ve reached a critical point in data privacy maturing. The way we do things will potentially affect billions of consumers around the world as well as the development of businesses ranging from the smallest startups to the largest global companies. This moment demands careful consideration.
As such, let’s try to solve the current conundrum of data privacy, starting first by examining how data privacy law is evolving in the United States and what it means on a larger scale, before to delve into how data minimization attempts approach these issues. After weighing these integral pieces of the data privacy puzzle, I’ll conclude by making a call for global data privacy standards that put people firmly in control of their data.
Data privacy in the United States
But our federal government has not passed a sweeping bill that protects consumers’ rights to digital privacy, leaving it to the states to do it themselves (for example, the California CCPA, the VCDPA of California). Virginia and ColoPA of Colorado). This has left many Americans with no privacy rights, and businesses don’t know what to do.
Some people argue that this is how it should be, warning that a stranded Congress could never pass meaningful consumer privacy legislation. Even if they do, it will be too watered down in the matter, which would then negatively affect carefully crafted state laws.
At the same time, it is possible to have 50 national data privacy laws – all similar, but probably each different in its own way, creating a nightmarish scenario for companies trying to do the right thing. Now amplify that on a global scale.
Data minimization isn’t the only answer
One approach used to help combat data privacy involves the principle of data minimization, which allows businesses to collect and retain personal information only for a specific purpose.
Basically, it’s a call for businesses to just collect less data. Think of marketing teams reducing their input or establishing retention schedules to purge existing data.
This is great for some, but for others it can be unrealistic. Even the most consumer-friendly businesses are unlikely to encourage marketers to go out and collect less personal information about potential customers, and they could almost always find a rationale for entering data.
But, the practice, even in its purest form, could be detrimental to startups that rely on personal information and preferences to develop products and grow their businesses. Minimizing data in this sense could have the unintended consequence of stifling innovation.
And frankly, it may not even be necessary if consumers have a say in how their data is acquired and used. In some cases, consumers are willing to share personal information because they prefer a more personalized and tailored experience. For example, brands like Stitch Fix or Sephora ask for a lot of personal preferences up front to provide a better shopping experience – and for many, that’s OK.
A call for global data privacy standards
In my opinion, all of these complexities, fine lines and moving parts are surfacing and causing problems for businesses and consumers alike, as there is no such thing as a global standard to put people on the same page. Until one exists, everything else is just a band-aid.
Now is the time for us to develop a set of core principles that countries can agree on so that consumers around the world are protected and businesses know what is expected of them in any given situation. geographical area.
Otherwise, it won’t be long before we take a look at a set of international data privacy laws, some stricter than others and all a little different, making it virtually impossible for businesses to achieve 100% compliance. %. It’s time to put the brakes on things.
Data privacy standards would establish a foundation of fairness that transcends geographic boundaries and works for businesses at all times. This would make it exponentially easier for companies to engage in business internationally.
Expect existing spheres of influence to drive this change. Because there are massive, negative, and costly implications at play for any business that hopes to even globalize, the entities will work together to create common solutions. The momentum is there. Given China’s footprint alone, it won’t be long before other countries follow suit.
Despite the data privacy gaps with us, even US-based business organizations are taking the first steps towards global standards. Consumer Reports, for example, formed a task force to develop potential solutions. This could help accelerate global interests in data privacy to protect both businesses and consumers.
At the heart of data privacy standards
Data privacy standards are needed now, and the main thing to remember as they develop is that we need to give people control over how businesses treat their information.
Consumers deserve to know who has access to their information and why, especially as services and applications become increasingly connected to facilitate transactions. They should also have the right to delete personal data upon request as well as prevent companies from selling their information without authorization. These are fundamental and universal rights; these are the things the governing and supporting bodies should agree on.
While marketers may bitch, it shouldn’t just be assumed that all consumers are against sharing their information. In fact, many appreciate the personalization of experiences or the ease of transactions that are made possible by allowing businesses to collect and retain their personal information, as shown in the examples above.
Consumer choice ultimately creates a healthier ecosystem overall and opens up new avenues for businesses to build trust and transparency. It will also prevent companies from perpetually scrambling to develop and manage a multitude of different mandates.
I foresee a future where startups are built primarily on privacy. It even risks becoming a real differentiator. But the biggest element of change will be to give consumers indisputable control over their data, no matter where they are, or the systems that hold their personal information. Data privacy standards will protect these rights in ways that other approaches cannot reasonably replicate or scale up; they will eliminate confusion so that businesses can operate efficiently.
Once we’re all on the same page through standardizing data privacy, real progress can be made.