New era of corporate privacy transparency beginning?

24 September 2014


 View Stewart Room’s profile on LinkedIn

Two stories that caught my eye last week concerned, once again, the principal corporate doyens of the current privacy debate, Google and Facebook. Apparently, Google has constituted a series of Councils involving opinion formers, regulators, academics, lawyers and the public, which will travel around Europe to discuss how to develop positions on the 'right to be forgotten' requirement for search engine delinking, which was mandated recently by a landmark decision of the EU Court of Justice (CJEU). Facebook has developed a dinosaur character, to guide it's users through its privacy policy and system.

At first blush, these initiatives might seem to have very little in common, but looking at what they are both seeking to achieve - which is engagement with the public on privacy issues - I wonder whether they are in fact signalling the beginnings of a new trend in data protection compliance.

It's easy to be cynical about these developments and to mistake drivers and outcomes. Sure, it may be fair to say that Google's Councils wouldn't have existed but for the CJEU's decision, or that Facebook might be reacting to the Max Schrems litigation about privacy transparency, itself triggered by Snowden's disclosures, but so what? For as long as I can recall, the privacy community of regulators and opinion formers has been calling for the tech giants to engage in more productive conversations and interactions with the public. So, surely these developments are a cause for optimism? Certainly, they should be welcomed, encouraged and supported, because if they 'embed' as corporate norms, the positive impacts will be immeasurable.

In a recent blog, I floated the idea that we are entering a 'post-regulatory age' for privacy and data protection. I was not arguing that we do not need regulation, or that regulatory reform is unnecessary, or that regulation will disappear altogether, rather that there are encouraging signs that some of the initial goals of regulation are being achieved.  The initial goals included corporate 'buy-in' to the idea that data protection is a good thing.  I can't see any serious businesses now arguing otherwise.

In a post-regulatory age, the need for all encompassing, active regulation reduces, being replaced by forensic and targeted measures on particular points of concern. In a post-regulatory age precious resources are spent more wisely, more gets done and more is achieved, leading to a virtuous circle of cause and effect.

My hunch is that Google's RTBF Councils and Facebook's dinosaur might be further evidence of this post-regulatory age, where the need for public engagement and enhanced transparency become corporate norms of good behaviour. If we see copying of Google and Facebook's examples in the wider economy, that will be an incredibly positive development.  The economic and societal gains would be huge.

 And lastly, a word or two about the older tech stalwart, Microsoft. Microsoft seemed to embrace a 'privacy-positive' stance a year or so back, with it's trumpeting of a less invasive email system, which was followed by an approach to the EU for formal approval of its contractual framework for personal data sharing. Perhaps the new era of transparency started earlier? If Google and Facebook's innovations are steps in a longer process, my hunch that something profound is changing in corporate behaviours might develop into certainty in my own mind. If that's where I arrive in my personal thinking, then I will be telling anyone who will listen that they should brace themselves for major business shifts and upheavals. There is a huge amount of good that can be done through enlightened data handling and use, plus great fortunes to be made. But many businesses will have to change themselves completely if they are to thrive and prosper.