Privacy can be an expensive business.
On July 10th, the Information Commissioner’s Office (ICO) — the data watchdog for the United Nations — handed out major fines to both Marriott and British Airways. The fines, totaling almost $300 million, are some of the first under the General Data Protection Regulation, or GDPR, which was put in place to better safeguard the privacy and data of European citizens.
No one working in the location data industry needs me to tell them about GDPR. Since it was implemented in 2018, GDPR has impacted every facet of the location data space. Facing the threat of heavy fines, companies have scrambled to make sure all of their data collection is up to snuff. In turn, an entire new industry has arisen based around assisting with GDPR compliance.
Now that the GDPR has been around for over a year, and with the CCPA (a similar regulation from California) just around the corner, I’ve decided to set some facts straight about data privacy, and why it should matter to developers, to publishers, and to you. With no further ado, here are the five biggest lies about data privacy and regulation.
#1 GDPR only applies to companies from Europe.
Like most of the “lies” here, this one has a significant grain of truth to it. Yes, GDPR was designed specifically to give EU citizens more control over their personal data. But this doesn’t mean that companies operating outside the EU are exempt. Any company that collects data from EU citizens, regardless of where that company is headquartered, must be GDPR compliant, or else risk the same hefty fines — either $20 million or 4% of global annual revenue, whichever is higher — as European companies. The bottom line is, if your company is collecting user data, you almost definitely need to be GDPR compliant.
#2 The conversation about data privacy and regulation is over now.
While GDPR has made significant strides in regulating a formerly “Wild West” industry, there are still a lot of details to iron out. Besides the ongoing debate about the effectiveness of GDPR — did it go too far? Or not far enough? — there is also the approach of CCPA, ePrivacy, and other similar pieces of legislation. In addition, the mechanics of how GDPR will be enforced, the logistics of compliance for companies of all shapes and size, the importance of privacy as a fundamental right…. A lot of ink has been spilled on these topics, and a lot more is sure to come.
#3 Regulation is bad for the data industry.
This is probably the most nefarious lie out there, but it’s not difficult to see why it’s so popular. For companies that make most of their revenue off of collecting and selling user data, there is an obvious incentive to loosen regulations. But that attitude is ultimately not just bad for consumer privacy, but for the entire Location Data industry.
While sidestepping regulation may increase revenue in the short turn, it will lead to punitive action and public mistrust. It is only by embracing full transparency that our industry can develop data-driven solutions that benefit everyone. At X-Mode, all of our data is collected in a privacy-conscious manner. We also help all of our partner apps become compliant. We recognize regulation as a stepping stone to greater innovation, not as an obstacle to progress.
#4 GDPR and other attempts at regulation will never work.
Not everyone in the industry is opposed to GDPR. Some are just cynical. With the regulation’s enormous scope and dramatic fines, many predict that GDPR is a largely toothless policy that will have little actual effect. I disagree. Since GDPR went into effect last May, nearly 60,000 data breaches were self-reported by companies across Europe. Compare that to just 1,700 breaches reported in 2018, and you can already see that GDPR has inspired companies to improve their transparency. Yes, the legislation is far from perfect. But it’s a step in the right direction, and the fines aimed at Marriott and British Air show that it is far from toothless.
#5 I don’t need to really care about data privacy.
This is the biggest lie of them all. Whether you are an app developer, a data buyer, or even just a user, data privacy and regulation will impact on your life in the years to come. As we enter the Fourth Industrial Revolution, location data and intelligence are poised to invade every aspect of life, from the morning commute to a trip to the mall. This future can either be built on the back of transparent, privacy-compliant data that works for everyone, or it can be controlled by bad actors. Which sounds better to you?
At X-Mode, we know which future we prefer. That’s why we prioritize privacy and transparency in all of our data collection and help all of our partners to achieve full GDPR compliance. For a company like X-Mode, where data serves people instead of the other way around, regulation isn’t a dirty word. It’s a golden opportunity.
By: Joseph Green
