The 3 P's of Good Data
A seismic shift to Privacy
The GDPR’s passage into legislation last year signalled the beginning of a brave new paradigm in Data Protection, its arrival heralding a new era of Privacy.
It was a shift of European regulatory intention that set out that the surveillance capitalist data hungry model, which meant so many data fuelled businesses were collecting information without permission or legal basis and sharing that information with third, fourth, even fifth parties opaquely and for their own commercial benefit, was to be brought to heel.
Well that was the theory, at least.
These regulatory changes (the biggest shake up to Data Protection in two decades) then collided with the media spotlight rather spectacularly when the Cambridge Analytica scandal broke; with Mark Zuckerberg as the poster boy for Privacy campaigners ire.
It was a much needed moment of reckoning for consumers to understand the implications of loss of control and protection of their personal data; the threat and impact of breaches and cyber incidents are very real for individuals as well as businesses.
And though it sometimes feels like the internet itself is existentially broken and beyond control, and that data as impossible to define, track or value; strides are being made. We are trying to redefine what the internet and social media, means for our (virtual and real) selves, and where control of our data sits within that complex ecosystem. It's a space where we're learning, growing, innovating - I believe we'll only understand the full context with the hindsight that history will bring.
When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else. (David Brin)
So where are we now? A global regulatory question
After GDPR set the tone, we have watched the global regulations roll out, falling like dominoes with state by state regulations being in the US, such as the California Consumer Privacy Act (CCPA) (which is likely to give way to federal law), and world wide, new Data Protection regulations coming in from Brazil to India. (Trace’s global residency visualiser in our app tracks Data Protection regulations by territory so users can stay on top of changes).
It's a fascinating shift - GDPR was just the start of more stringent and overdue regulations, not a finish line. And although the GDPR is not perfect: it's too complex, too academic and there are aspects already out of date - it was nevertheless an essential marker and model for multi-national governments, the principles at the core are of great importance.
The GDPR (and CCPA) have set out changes which impact the way digital businesses operate: from corporate dictated data processing, toward a world where citizens have greater ownership over their data. Inevitably, reality is still catching up with the high legal ideal; but we’re on the path.
I believe we're now at an important juncture, a moment to reflect that compliance is not (just) about email marketing - so many got lost in minutiae of the tactics of cleaning databases when we think back to early 2018 - and missed the real story.
When we dial it up to the big picture, Data Protection compliance was, is, about important and inherently global subjects which can be summed up as three P's:
The human right to Privacy
Protecting the data that matters to people (from harm or abuse)
Proprietary of information: ownership from companies to citizens
Good data governance and compliance is about how and why businesses must be accountable as trusted custodians of our information in our global, digital economy with the right tech, people and governance. Getting that right signals you're a serious, resilient and trusted modern organisation to your customers, your people, your investors: whether your organisation is big or small.
There's so much more work to do, but let's not forget why we need to comply.
This article is written by Trace’s Founder Sorcha Lorimer, and was first published on Linkedin.