By David Sapin, PwC Risk and Regulatory Consulting Leader, PwC US and George Stylianides, PwC Global Risk Consulting Leader, PwC UK
The convergence of advanced digital technologies, the increasing speed of the internet, and the seemingly infinite processing power of cloud computing have unleashed a wave of innovation and change unimaginable only a few years ago. But other counter-currents—public concern over the adequacy of privacy protections and data security, rising regulatory barriers, and growing nationalist sentiment—threaten to slow that wave, if not bring it to a halt. In this, the second instalment of PwC’s blog series on the top business risks of 2019, we look at what threatens to stem the tide of innovation and what business—and government—can do to restore trust in technology and ensure that innovation both thrives and benefits society.
Not long ago, the possibility that anything could slow the breakneck pace of innovation seemed remote. But in the spring of 2018, the public learned that personal data scraped from social media was used to target various voter blocs with advertising and bogus news reports to influence the outcome of the 2016 U.S. presidential election. That news followed reports of data breaches at businesses ranging from credit-reporting agencies to major retailers to financial services companies, fuelling consumer concern about risks to privacy posed by digital technologies.
The revelations sparked increased discussions in Washington and other capitals toward increasing regulation of the tech sector, in particular the gathering and use of consumer data—the raw material for innovation the digital economy. Although some regulation, most notably the EU’s General Data Protection Regulation (GDPR) was already scheduled for implementation before the reports of electoral interference; the news and the subsequent public outcry accelerated momentum toward further limits on the amount and type of consumer data that is collected and how it is used. It turns out that the executives who responded to PwC’s 2019 Global CEO Survey had good reason to cite “over-regulation” as the leading threat to the growth of their organisations and the global economy.
The prospect of more stringent regulation is only one of several forces that is threatening to slow the pace of innovation. Eurasia Group’s report, ‘Top Risks 2019’, cites two other prominent trends: security concerns that are ‘leading states to reduce their exposure to foreign suppliers in areas critical to national security’ and economic concerns that are ‘leading countries to put up barriers to protect their emerging tech champions against established market leaders from abroad’.
But companies are not helpless against the forces threatening innovation. Rather than wait for other stakeholders to act, business needs to get out ahead of the push for greater regulation and partner with the public sector to address legitimate concerns about privacy, data collection and use, and the social and economic impacts of technological advances. The more business engages with regulators—and the more successful they are in harmonising data protection regulations across jurisdictions—the more effectively they can guard against the risks of digital technologies without stifling innovation. As part of that engagement, forward-thinking companies are already incorporating data security and privacy protection into everything from corporate strategy to product design. At some software-as-a-service companies, for example, data security engineers are part of every product design team, actively looking for weaknesses in the design, then addressing the flaws; they continue to test the software’s security throughout its lifecycle, often engaging outsiders to probe for vulnerabilities. And some companies have begun to cite their data security safeguards to differentiate themselves from the competition—witness Apple’s advertisements at the 2019 Consumer Electronics Show announcing that “what happens on your iPhone stays on your iPhone.”
Business, government and the public all benefit from harnessing advanced technologies and harmonising data protection regulations to address pressing business and societal problems while guarding against the risks posed by technology’s dark side. Together, they can ensure that data security and privacy protection don’t hamper innovation, but actually advance it.