Reflections on the Evolution of Data Privacy
By Eleni Manetakis, Corporate Counsel, Privacy, Security & Risk at HubSpot
On January 28, the U.S., Canada, UK, and many countries around the world celebrate Data Privacy Day, an international effort to highlight the impact technology is having on our privacy rights and create awareness about the importance of protecting personal information and enabling customer trust. First held in Europe in 2007 and then adopted by the US in 2008, Data Privacy Day has continued to grow — so much so that this year, it is celebrated all week.
Privacy law has a complex history. From formal eavesdropping laws in England in the 1300s, to protections offered under US Constitutional law and the United Nations Declaration of Human Rights in 1948, it has long been accepted that everyone has the right to privacy.
It wasn’t until the 1970s that data privacy laws, as we now know them, began to take shape due to concerns about computing advancements and processing of personal information. The Organization for Economic Cooperation and Development Guidelines (OECD) were established in 1980 as the first set of international privacy principles — allowing for the free flow of personal data across borders — and have since been influential in guiding the development of privacy laws around the world. Despite so much attention given to privacy over the years, today over 79% of Americans are concerned about their data privacy. What this really boils down to is an issue of trust. Building trust is a key component of creating remarkable customer experiences, and it’s more important than ever to acknowledge the role privacy plays in driving trust and transparency.
At HubSpot, Data Privacy Day is an opportunity to reflect on the privacy landscape and our commitment to our customers, so we wanted to take a look at what has shaped the evolution of data privacy and what the future holds.
Innovations in Technology Driving Regulatory Change
The pace of innovation in technology is continuing to increase and while companies are constantly shifting how they interact with their customers to keep up, so too are regulators.
Over the past 15 years, we have seen the expansion of communication tools such as wireless internet, smartphones, tablets, and wearables as well as social media sites like Facebook, YouTube, and Instagram. These technologies have not only changed the way we interact with each other and the world, but how companies reach customers. As access to data has skyrocketed, so has the impact on privacy, and regulatory authorities around the world are reacting to the challenges that the digital age presents.
In fact, Gartner predicts that by 2023, 75% of the world will be covered under some kind of privacy law. Currently, that figure is at 65% — or 128 countries — creating a patchwork of different privacy regulations that companies must continuously navigate when doing business across borders. This is especially true in the United States, where despite boasting the largest global economy, there is currently no uniform national data privacy law, but several industry-specific and state-level legislations that make compliance challenging.
Europe raised the bar with the introduction of The General Data Protection Regulation (GDPR) in 2018, which built on the key tenets of the Data Protection Directive of 1995 with more specific data protection requirements, a global scope with extraterritorial reach, and stiffer enforcement and non-compliance penalties. Or, in non-legal jargon, the GDPR enhances the protection of EU citizens’ personal data, while holding businesses accountable for storing and processing that data in transparent and secure ways. As one of the world’s most comprehensive privacy regulations, the GDPR set the tone for other jurisdictions to implement robust privacy and data protection rules.
The way we see it, data protection laws are built to provide better experiences for customers by offering transparency about how data is collected and used. So while compliance with GDPR and other regulations may seem like a burden, if they make your customers’ lives better, it’ll grow your business as a result. At HubSpot, our entire organization works hard to ensure our practices are geared toward protecting our customers’ data, and also to help our customers understand and build compliant processes of their own. As the regulatory landscape continues to change — from the introduction of the California Consumer Protection Act (CCPA) to changes in the requirements for international transfers from the US to the EU — preparing for compliance will allow businesses to mitigate risk and embrace secure, transparent customer experiences.
Increased Focus on Trust and Transparency
Over the past several years, there has been a gradual decline in trust in the technology industry due to countless news cycles filled with data breaches and cybersecurity incidents, and heightened consumer awareness of how personal data is used.
Nowadays, ensuring privacy policies are up to date and accessible is table stakes. Customers need greater assurances that their personal data is safe. Companies should look beyond simply being transparent about how customer data is used and proactively build privacy-enhancing features into their products, make it easier to enable features that better protect customer data, and ensure that the user experience incorporates transparency in data use. In an economy built on data, the companies that make transparency a competitive advantage will win on customer trust and loyalty.
At HubSpot, we believe customer trust is paramount, and we’re sticklers about doing the right thing when it comes to protecting our customers’ data and empowering them to deliver great product experiences. Developing end-to-end products and systems, and achieving industry leading certifications like SOC2 are just two ways that we build customer trust in our privacy and security controls.
The Future Of Data Privacy — What Lies Ahead?
As new technologies with the potential to enhance customer experiences emerge — whether through Artificial Intelligence (AI), the Internet of Things (IoT), or the metaverse — data privacy will continue to evolve.
But with new technologies come new responsibilities, highlighting the need to adopt strong foundations in privacy, and for businesses to be transparent, ethical, and compliant with customer data. Regardless of where innovation may take us, and how regulators respond, prioritizing data privacy and security will remain critical in gaining trust and growing a business that customers love.