Could a privacy bill kill the data economy?

Whether the USA every adopts its own version of Europe’s GDPR remains to be seen, but post-Snowden, post-Cambridge-Analytica, and post-election-interference-scandal, there’s a definite awareness that privacy is now an important thing for brands to emphasize – which explains Apple’s recent grand-standing.

CEO Tim Cook threw punches at much of the technology industry, complaining about the amount of data collection, tracking, profiling, and targeted advertising, as well as the influence of social media on people. Using the term ‘the data-industrial complex,’ his argument goes as far as saying this practice threatens privacy and democracy.

Of course, Cook’s speech was good PR for Apple, a company that makes a pretty sizeable deal out of its track-record for protecting its customers’ privacy, as was the case when it refused to work with the FBI to crack into seized iPhones. Steps to harden iOS 12 suggest that this motivation is as imperative as ever, and unlike its chief rivals and associates, its chief business model is selling products and then a few supplementary services to widen those margins. Apple isn’t monetizing its user’s web browsing habits, for instance, in order to sell more iPhones – as far as we know.

However, it will definitely be trying to understand consumer behavior, and with a trove of user data to hand, it can leverage the user-base to design or improve new products. To this end, Apple is watching what its users are doing, but it is not then turning around and selling those findings to third-parties.

Such practices seem to bother Cook, and the part of his speech that garnered most interest was when he called for a US law to protect user privacy. Of course, the most cynical reading of these actions is that it would damage Google’s business model, and by extension the Android ecosystem. However, if the US government would be prevented by law from bothering Apple with so many filings, Apple’s lawyers would see a rather alleviated workload.

Cook’s suggestion is pretty similar to GDPR, calling for data minimization, disclosure, protection, and access to the data that ‘belongs’ to a person. But Apple isn’t alone in calling for such measures. Both Facebook and Google have supported similar ideas, admittedly while sitting in front of government hearings, as has Microsoft CEO Satya Nadella.

Cook stood out because of his emotive delivery, but all these companies are operating on the basis that regulation is coming – and so getting out in front of things, and perhaps greasing some palms with substantial corporate lobbying, should put them on a firmer footing.

Being involved in the legislation drafting process could help these giants prevent wording or clauses that could overreach their mark, which could inflict unnecessary damage on them. Apple’s devices are sensor filled, and its new Face ID unlocking system is a great example of something that could be caught in the crossfire from a ban on ‘unsolicited facial scans,’ for example – which is going to happen every time someone tries to use the system in a crowded place.

But that involvement is not a benefit available to most in the IoT. The giants that get hauled in front of Congress stand a chance of altering the discourse or amending the wording of a bill, but an IoT firm is not going to be afforded this privilege. It doesn’t have the access.

So then, you should be concerned about the impact that these floated ideas could have on your business. This might not be a problem in the B2B world, but for any operation that interacts directly with consumers, such bills could throw innumerable spanners in the works. Smart Cities are the area that are perhaps most subject to problems, as comprehensive systems need to track people as they move through a city – while privacy regulations might prevent them from doing so.

Smart home devices are another problematic concern. It seems a bit much to ask every home visitor to agree to a EULA before entering a dwelling, such that the manufacturers and service providers are not invading the privacy of whoever visits the home. That doesn’t seem particularly workable, nor would it be a good user experience.

Perhaps a greater concern is whether your particular business model depends on monetizing user data in some fashion. Those practices seem most likely to come under fire, be it reselling demographic information to marketing firms, or partnering to promote products in cross-pollination opportunities.

This emerging privacy-focused landscape will be good business for lawyers and legal consultants, at the very least. We’re still waiting for the first major victim of GDPR punishments, but if the US follows suit and decides to enact its own variant of GPDR, there are going to be an awful lot of panicked emails being sent to ensure compliance.

Advertising and marketing has been the driving force behind the industry-wide practice of hoarding as much data about consumers as possible. Those who use ad-blockers or privacy extensions will be well aware of the amount of crud embedded into web pages, watching as the number of blocked scripts climbs higher and higher.

Hand in hand with this practice, in proper ouroboros fashion, is the belief that the data collected is valuable. You will have heard data likened to oil, a good that can be sold to someone or used in some other business function, but you will have also heard of the problem of data silos. Imagine if the vast troves of precious data are suddenly declared to be contraband – the fallout in the startup and marketing markets would be spectacular, as so many trade on the value of their data collection and profiles.

But in tangent to this is the news that Palantir, the firm backed by Peter Thiel that specializes in data collection, trawling, and processing, has considered an IPO that would value it at $41bn. The company has come under a lot of criticism for its involvement with the USA’s three-letter agencies, and if you still put much stock in Bloomberg, there’s an in-depth profile of the company here.

Amazon is also drawing criticism from outsiders and its own staff, as the company cozies up with the US Pentagon, providing AWS servers and software used to build a massive cloud computing system for use by the Pentagon – as part of the Joint Enterprise Defense Infrastructure (JEDI, seriously …) cloud project. That single-vendor contract is valued at around $10bn, and there are fears that it is going to encroach on the privacy and liberty of US citizens.

It’s interesting to note the tension between technology providers servicing governments, while at the same time claiming to prioritize the privacy of their consumer users. In decades past, a DoD contractor would not also have a line of smart home devices, so perhaps this is just a problem unique to our time.