When GDPR came into force, companies scrambled at the last minute to figure out their obligations and comply. When the CCPA was up for debate, interests clashed and uncertainty lingered, until a compromise was reached. Now, companies have to implement careful procedures and processes in order to abide by the law and protect the privacy rights of consumers. It isn’t going to be easy.
Click on the Acxiom banner above to find all our Data Privacy Week articles, and articles on the topic from earlier this year.
Tech companies with insular corporate cultures now have to conduct themselves with a greater level of transparency. Social media giants are attracting scrutiny from regulators, the media, and the public. The Child Online Protection Act (COPA) was passed back in 1998 but these new measures go further, addressing recent controversies such as voter manipulation and high-profile data breaches. This point in time might later be seen as the dawn of data compliance.
New laws could give rise to more dedicated data compliance positions at companies. In order to contend with current and looming legislation, businesses need specific and up-to-date knowledge, as well as legal counsel when appropriate. The public conversation will continue. The core problems won’t go away. Even on the heels of a massive data usage scandal, Facebook suffered a large-scale hack. If they can’t keep up, given those stakes, it seems safe to speculate that this could be a repeating pattern for the industry.
Arnold Spencer, General Counsel of Coinsource, told me that tech companies must adapt to frequent changes in the regulatory landscape.
“As new regulations are proposed, passed, and enforced, there is an absolute need to onboard experts in compliance and regulatory matters, in order to ensure companies remain within the realm of the law,” said Spencer.
Laura Beaudin, a partner in Bain & Company’s San Francisco office, told me that companies faced uncertainty right before GDPR.
“I think frankly it was difficult, to be able to find critical mass in those kinds of specialists,” she said.
Companies felt that there wasn’t clear precedent. They weren’t sure how regulators would draw the lines around information privacy issues. However, Beaudin sees an opportunity amid the controversy.
“We’ve looked at how consumers feel about their data being out there,” she said. “There’s less sensitivity if a brand can demonstrate that the reason that they’re looking for that information, or the reason that they’re sitting on that information, and acting on that information is to be able to provide [consumers] with a better experience.”
When data is used effectively, brands actually enhance their customer relationships. Smart data usage results in personalized and helpful digital experiences.
“But you have to be pretty savvy and understand the data that is out there,” said Beaudin. “And at this point, even with privacy laws, there is no shortage of data for marketers to be leveraging.”
When a change in behavior is immediately needed, companies are able to lean on partners in their digital ecosystem. Many questions are still being asked, and some companies seem to be exhibiting a wait-and-see mentality.
Anderson Duff is a partner at Revision Legal, with expertise related to IP, trademarks, privacy, and even domain name disputes. He told me that a lot of clients realized around the same time that they needed to become GDPR-compliant, and they had no clue what that really meant. He noted that companies are still trying to figure out what compliance looks like in this rapidly-changing media landscape. Things might become clearer if regulators decide to make an example out of a large bad actor.
Duff said that there is definitely an expanded need for data compliance expertise. “When it rains, it snows,” he remarked.
I asked Duff if state legislation could further complicate matters for tech companies by forcing them to jump through a lot of different hoops.
“Well, that’s a great question, but it’s not a new one,” he responded, noting that common law trademark rights are established in geographic regions. He said that trademark law is, at its heart, a consumer protection law.
“So, you want to protect the consumers in the geographic region where those consumers have gotten used to seeing a certain trademark and associating it with a single-source provider,” he said. “Now if that single-source provider has an e-commerce business that they run out of their home, and they ship goods all over the country, it significantly complicates things. And I mean that’s just one example.”
He added, “Thankfully, that means that there’s a lot of work for attorneys because we are constantly having to reconcile the different states’ laws. And figure out complex answers to complex questions.”
However, there seems to be less diversity in different statutes and laws than there used to be, especially in IP, which provides a degree of consistency.
“There’s at least some baseline intellectual property protection that is afforded in many countries now because those provisions are included in bilateral and multilateral trade agreements,” said Duff.