Last week saw the celebration of Data Privacy Day or Data Protection Day as it was also been known when it was first set-up in 2006 by the EU.
Now ‘celebrated’ globally, we asked MEF Members for their views and observations on the significance of the day in 2020, the privacy lessons learned, shifting attitudes, progress made and why the message of Data Privacy Day is more important than ever.
Andrew Bud CBE, Founder & CEO iProov
I’ve always believed that good data privacy regulations, properly enforced, are a great antidote to consumer fear and distrust. Fear and distrust are the biggest enemies of innovation and industry growth, hence responsible data privacy practices are a business asset.
We’ve come a long way since Data Privacy Day was created. GDPR was initially questioned for being over-prescriptive and bureaucratic but it has been extremely effective in making companies think about how they process data. It’s now seen as the gold standard globally, especially in the US where there’s an ongoing discussion between a state- or federal-driven approach to data privacy. At iProov we often get asked by customers around the world for our Data Processing Agreement, because it’s seen as a benchmark.
The MEF has played a leading role in helping businesses to understand data privacy; during my tenure as chair, we created the first data policy generator, helping organisations to create a consumer-friendly privacy policy, and we’ve run surveys of consumer sentiment for many years.
There’s still work to be done. One of the things I prioritised at iProov was a data privacy promise that starts with four easily readable bullet points above the fold. It’s more important to ensure that consumers understand what we do, rather than armour-plate our legal position. We are convinced that the identity and personal data ecosystem, in which iProov is a key player, will depend on global consumer trust in data privacy to thrive sustainably in future.
Frank Joshi, Director, Mvine Limited
Every day is a ‘day of’ something. National Croissant Day came in the same week as Data Privacy Day. Each one is important in their own way. Whereas croissants may appeal to some people, data privacy applies to us all.
Arguably, every day should be data privacy day. Not just for infosec people who keep us safe but for each and every one of us.
The mobile sector can play a huge part in helping us respect data privacy. This can come in technical and non-technical ways. For example, handset manufacturers can make their devices inherently more security. MNOs can be more stringent on collection and re use of personally identifiable information from the moment of onboarding. Aggregators handling SMS or RCS messaging can work harder on Verified Sender whether it is a brand or an individual. And Brands can insist that the Aggregators and Operators collaborate and double their efforts to make bi-lateral Verified Sender truly mainstream. It’s technically possible, like a lot of things, it just requires the will to make it happen.
And when it’s done, we can celebrate it. Everyday.
Nathalia Santos, Technology, Media & IP Lawyer, Pellon de Lima Advogados
The 2020 Data Privacy Day in Brazil precedes the entry into force of the new General Data Protection Law (LGPD), scheduled for August, if the bills that propose the postponement to 2022 are not approved by Congress. Brazil is a flagship internet market and, just like the enactment of the Internet Civil Rights Framework, the next steps in LGPD enforcement will be closely monitored around the world. According to a study by IBM and Instituto Ponemon, Brazil has one of the best rates within the average cost of data breaches, at US$ 1.24 million for companies; the United States, for example, follows in first with average costs of US$ 7.91 million, followed by the Middle East, with a cost of US$ 5.31 million.
Even so, sanctions are the biggest topic to be criticized, with attempts to suspend its application on this early stage, which increases the challenge of effective law enforcement.
Therefore, as it happened before in Europe, within 7 months remaining for fully adaptation to LGPD, there are still uncertainties to permeate the privacy scenario in Brazil, risking its society to lag behind on the awareness of its digital rights.
Hervé Le Jouan, Founder & CEO, Privowny
Data Privacy: From guilty secret to buzz word. The digital ecosystem we live in today was built on the grave of data privacy. It is only because people’s data were treated as a free commodity with no rightful owners that Big Tech managed to put in place the business model we know.
Ten years ago, it was impossible to raise money to build a company aimed at protecting people’s data. We know, we tried. But it seems that the corpse was still moving, and privacy was not completely dead after all…Big Data was everywhere and people started to wonder. Scandals (Cambridge Analytica) and data breaches (Yahoo, Equifax, etc.) broke in the news and legislators woke up.
The GDPR put the spotlight on the guilty secret the industry had been trying to hide all this time. However, now may be the most dangerous time for data privacy. When the same guilty parties who tried to bury it start claiming to champion it (Facebook, Google, Apple, etc.), you know a smokescreen is coming, and it will be harder than ever to know whom to trust.
That’s where companies like Privonwy can help. Educate. Empower. Own your privacy.
Lee Suker, Data Protection Officer, XConnect,
In May this year, it will be two years since GDPR came into force, and CCPA this January. At the very least, it would appear that there is global shift in attitudes of regulators, although I speculate that the behaviour of the average enterprise and ordinary citizens is lagging behind. On this front, attitudes are at best polarised, at worst ambivalent.
I’m a believer in privacy, done correctly it will remove friction from digital marketing, embolden our democracy and create a more competitive technology landscape. However, the path to these goals remains unclear to me.
Firstly, compliance can be superficial, to do it properly is not easy, and often out of reach of small companies.
Secondly, many incumbents actively resist legislation or do the minimum to comply. Thirdly, the legislation needs to bite to make a difference. Engaged in a privacy officer role, I see story after story about companies failing to take adequate measures or worse simply ignoring the principles of data protection all together. To succeed, I believe that companies must put privacy at the heart of their services but it is all too easy to find examples where this is clearly not the case. We all need to get better and we can, but as citizens we also need to show collectively that we care!
To contribute to this article contact us or leave a comment below
MEF’s Future of Mobile Summit @ MWC Barcelona 2020
MEF’s annual leadership Summit at MWC Barcelona discusses the key enablers to build a trusted and innovative mobile ecosystem.
With 2020 set to be a game changing year for how businesses engage with their customers, MEF’s Summit features expert insights, growth strategies and use cases. Learn from market leaders who are disrupting entire industries and from experts making sure a sustainable communications ecosystem is built on trust.