By Dyann Heward-Mills
Apple’s new privacy updates set for early spring could influence the whole tech ecosystem. Specifically, Apple is implementing App Tracking Transparency (ATT) that require individual apps to ask explicit permission for data tracking for the purposes of targeted advertising to users on the App Store. These updates firmly set Apple on the side of regulation, holding itself, and most importantly the tech ecosystem to account. However, tech companies are setting standards ahead of regulatory bodies. The challenges this causes may damage regulatory authority and obscure the simple truth that data privacy is a human right.
The bottom line is that big tech should treat data privacy as a human right. By setting app tracking as ‘opt in’ rather than ‘opt out’, Apple is aligning with the GDPR and other regulations aiming to protect data and increase trust. Although its great to see tech companies trailblaze data privacy moves, it also hinders regulatory bodies authorities. Businesses are not objective but subjective about the way privacy is handled. Facebook’s CEO, Mark Zuckerberg, accused Apple of launching these new updates for the purposes of competitive interests rather than customer protection. This may be accurate as Apple’s new protections cause major problems for Facebook, Google and other big tech who rely on vast data gathering for advertisers.
Businesses have to rapidly change policies to fit with Apples new policies. The implications of big tech fronting data privacy compliance could be a resentment amongst business owners suspicious of Apple’s intentions. Regulators offer a unique independent stance from business practices, making data privacy regulations a human right objectively and without reproach.
One issue with big tech taking the reins on regulation is they are holding companies to very tight deadlines. Apple, for example, has given mere months for apps to comply or risk not being listed on the App Store. This means businesses must act reactively to the privacy decision rather than building data protection into their business model.
Apple is not providing any clear timeline roadmap for these changes. The deadline still remains at ‘early spring’ and which gives no clarity on how quickly companies can best prepare for these new updates.
A regulator would offer a clear timeline roadmap on how to develop for new privacy laws, protecting the business interests for the long term. There is no competitive advantage to handing out fines. It is far more prudent to encourage data privacy into a business model from the beginning than causing a knee jerk reaction based on a singular company’s plan of action.
In a digital world, it is rare for a company to not process any data. Every consumer has a right to privacy. Viewing privacy this way is where the industry needs to change. Only then can all business implement privacy and protect consumers against violations with their data and security.
Apple has the right idea with their new policies but there needs to be a worldwide shift in mindset. Privacy should not be a political football to beat down the competition, but an opportunity for businesses to run to the highest ethical standards, attracting customers through transparency and trust.
A watertight privacy policy does not come overnight. Even the few months Apple has given may not be enough time to get it right. Organisations should think about their long term privacy plans. Enlisting the help of an independent Data Protection Office (DPO) is a great way to begin the journey to viewing privacy by design. At HewardMills, we work with businesses to audit privacy policies as well as work as an outside DPO, to take companies right through the privacy journey.
Apple has made privacy high on its agenda. In 2020, 44% of CEOs view data privacy as a top three priority item. In Cisco’s 2020 Data Privacy Benchmark Study, is shared for every dollar spent on privacy, the average organization is getting $2.70 in associated benefits. Cisco asked respondents to quantify their annual privacy investment and business benefits, and they used this to calculate their privacy ROI. Most organizations are seeing very positive returns, and over 40% are realizing at least double their investment.
Watchdogs, such as the Information Commissioners Office, are working with lawyers to enforce data privacy laws, such as the CCPA and the GDPR, handing out bigger fines than ever before.
Organisations that get privacy right improve trust with their customers, operational efficiency, and both top-line and bottom-line results.
Dyann Heward-Mills, ethics expert of the European Commission and CEO of data protection office, HewardMills is a globally certified authority in information privacy and a Master of Laws. She is an expert in all matters of information law, including employee investigations, data subject requests and data breach management. Highly regarded in the data protection industry, Dyann is especially known for her specialist knowledge and capability in the complex area of binding corporate rules (BCRs). A published Barrister, Dyann also makes regular appearances on panels and as a guest lecturer. Prior to building her own data protection consultancy, Dyann was a partner at Baker McKenzie, where she led the data protection and cyber security practice group in London, UK. Dyann also served in a global capacity in senior privacy counsel and data protection roles for GE Capital, and Linklaters.
source: Corporate Counsel
Reprinted with permission from the 04-12-2021 edition of Law.com © 2021. ALM Media Properties, LLC. All rights reserved. https://www.law.com/corpcounsel/2021/04/12/the-challenges-of-big-tech-holding-the-reins-on-privacy/