Data privacy is now the new normal

Like anti-smoking laws, it is already part of the landscape

Former Sun Microsystems co-founder, Scott McNealy, once infamously said: “You have zero privacy anyway — get over it”.

And when the European GDPR (General Data Protection Regulation) came out as draft legislation in 2012, its ambitious scope was often derided in the US as naïve at best, and a covert protectionist ploy at worst.

Fast-forward to 2018, and not only is GDPR alive and kicking, but it has been pushed to the front page in the wake of the Facebook/Cambridge Analytica scandal around leaked personal information. GDPR-like data privacy laws are now sprouting in the most unlikely of places:

• The California Consumer Privacy Act, a radical initiative in a country generally known for its laissez-faire attitude towards data protection, will become law in January 2020. Further inland, Colorado has just beefed-up its Consumer Data Protection Law. At this rate, a federal data-privacy law cannot be that far down the road.
• China quietly introduced a strict data-privacy law a few months ago; the country might have very strong censorship laws, but it also happens to have the world’s most advanced digital economy. As this article points out, what the government can do and what companies can do are two very different things.
• A slew of other countries, from Argentina to Zimbabwe, have enacted data-privacy legislation this year, or are in the process of doing so.

So 2018 has really been the year in which legally enforceable data privacy — with teeth — became the new normal. There is no going back.

The new gold standard

These laws will have far-reaching consequences on how companies do business around the world:

• Because of the huge size of the EU market, and the operational complexity of managing EU residents separately, GDPR will probably end up becoming the gold standard that international companies will apply to all their customers worldwide.
• The role of Data Protection Officer will become the norm in most companies (whether legally required or not) to help ensure compliance with an increasing number of overlapping data-privacy laws.
• “Privacy by design” will become mandatory. Data protection, still an afterthought in many companies, will become an integral part of business processes and product development, throughout the lifecycle.

Was it only 25 years ago that people were still allowed to smoke on planes and in restaurants? Today we don’t even think twice about it; and not even smokers hanker for the old days. Data privacy will go the same way.

To paraphrase Scott Mc Nealy, “There is zero chance of turning back the clock — get over it”.

Michael Gentle is the founder of The Balance of Privacy, based in Geneva. For similar articles by Michael, click here.