What US data privacy legislation really needs to look like
On June 28, 2018 California approved the California Consumer Privacy Act. California has been among a few select states that have passed progressive consumer privacy law in the past few years, mirroring the European GDPR which went into effect earlier this year. Currently, all 50 states have privacy-based regulations, and every one of those states have different requirements on government notification in the event of a data breach.
With the addition of GDPR requirements levied on international corporations based out of North America, there remains a considerable amount of chaos within the current structure of data privacy law. Google, Microsoft, Facebook, and IBM are all lobbying for a federal privacy law in an effort to override the new California state privacy bill. In order to fully and comprehensively address the issue of consumer privacy and hold all businesses to the same data privacy standard, legislation needs to be passed on a national level and businesses must champion privacy protection on behalf of their customers.
Commerce Crosses Borders
The world is more interconnected than ever, and the amount of data produced daily is growing at an exponential rate. While many of the current laws in place made to protect individuals at a state level are well intentioned, they are simply not looking at the bigger picture. Businesses are consistently moving to e-commerce, with some completely forgoing brick-and-mortar locations altogether. As commerce continues to digitize, it will become harder to enforce state-specific privacy laws, of which some are already obsolete.
Consumers interact with brands around the country, and even around the world on a daily basis, and a number of companies are implementing models in which they provide services in exchange for user data, with Facebook being one of the greatest examples. The majority of companies today necessitate the collection, use, and disclosure of consumer data. Factor in the continued and rapid pace of technological evolution, it becomes clear that a national standard for data privacy is needed to match the accelerated use of consumer data.
International and National Standards
The European Union adopted the General Data Protection Regulation (GDPR) in 2016, with it coming into full effect in 2018. Many in the United States, and throughout the world, saw this as the beginning of a world-wide push for consumer privacy rights—and they were correct.
But with convoluted, and sometimes contradictory laws that vary from state to state, businesses that are utilizing data to complete on customer experience are facing a logistical nightmare. Say a company has its headquarters in one state, its data processing centers in a different state, customers throughout many different states—or even in Europe, they now have to accommodate a myriad of different regulatory laws based on their own geography, as well as each individual consumers’ geography.
Consumer Demand for Protection
While the ultimate regulatory framework will be determined by the government to protect consumers, businesses should commit themselves to protecting consumer data, as well as providing transparency and trustworthiness. 83 percent of consumers are willing to share their data for a personalized experience, but only if the business is transparent on how the data will be used.
Consumer demand for transparency is in fact the first step of a personalized relationship built on trust; the more transparent brands are about the data they are collecting, and how they are using it, the more data customers will ultimately be willing to share with that brand. This necessitates the use of a unified customer profile that combines information regarding behaviors, interests, preferences, purchases, and needs for each customer that is available throughout the company and is updated in real time—what we refer to as a “Golden Record”.
This “Golden Record” changes how brands manage the course of an entire lifecycle with each data subject and enables each subject to opt-in and opt-out—to an incredibly granular and personalized level. Businesses need to take it upon themselves to leverage technology that provides a full and complete picture of each customer—not only so that the business can keep on top of chaotic regulation until a national standard is enacted, but ultimately to show that they respect the customer’s wishes and will actively participate in a two-way value exchange.