2040’s Ideas and Innovations Newsletter, Issue 62: The Doors are Locking on User Data
We have frequently written about how the digital privacy and data environment outside of the US is being transformed as a result of international government efforts to enact policies and regulations that seek to protect its citizens and their privacy. The EU community is leading the way on these initiatives, and we caution all organizations to be aware and forewarned about the changes as they already affect global operations and will ultimately impact their US operations.
The US has not yet put into place individual online privacy protections. In the absence of a federal policy or framework, individual states are expected to enact protections for their citizens. But here’s the complication: digital extends beyond borders, national and international. Organizations face significant management and compliance challenges anywhere they provide information, services, or products to a geographically diverse set of stakeholders.
Data has become a fundamental pillar of our digital economy. It is a powerful tool both realistically and aspirationally to reach the right customers, create awareness or gain conversion via advertising. Data also refine how to assess and understand engagement, measure sales, and develop relevant marketing and product efforts.
The challenge is when an organization’s digital inputs are from the majorly passive channels awaiting traffic among the exponentially growing number of other passive channels across the expanse of the web. App stores are disintermediating organizations and making it harder and harder for them to get in front of potential stakeholders. In turn, organizations are compromised by direct or indirect data collection and leveraging the right data which makes it possible to drive potential stakeholders to the organization’s passive islands.
The data environment in the US may finally be changing given recent actions in Congress. Before we dive into that topic and surface its impact on organizations, let’s review some of the recent activities in the European Union.
EU’s Digital Services and Digital Markets Acts
The EU continues to maintain its global leadership in the privacy protections arena and has approved its Digital Services Act and Digital Markets Act. It has also gained agreement from major social platform companies on establishing a code of conduct that seeks to put controls and actions in place when misinformation is posted on its platforms. Companies are now able to take action to remove posts deemed misinformation (false or misleading information as defined by the EU), suspend, or remove accounts and posts/content that is considered “illegal” in terms of the definitions set forth by the EU. Citizens will also be provided with guidance and tools to identify information that is deemed false or misleading. The code of conduct also provides a framework for platform companies to stop serving ads on content that is misinformation to prevent those who spread misinformation to make money via advertising.
The two Acts are an evolution of the EU’s protections that began with the Government Data Protection Regulations (GDPR). At the time, the growth of false and misleading information resulted in companies taking their own initiatives to manage what was posted on their platforms. That approach was complicated, given the lack of overarching policies or regulations, to ensure the rights to freedom of speech and expression were not compromised. It was further complicated by how and who would determine what content may be false or misleading.
When policies were put in place in the internet’s infancy, they sought to protect companies from any liability for content published on their platforms. The prevailing viewpoint was that the companies simply served as platforms with related infrastructure. The desire among companies to create a facilitated business-friendly environment for the technology sector failed to recognize the unintended consequences that would result.