Over the past month we’ve been deluged with ever-worsening news about Facebook’s data leak, which culminated in this week’s Capitol Hill grilling of Mark Zuckerberg. Once you get past the daily headlines it’s important to understand how this moment could fundamentally change the way we use the internet moving forward. It’s a complex topic, so I’ll do my best to break it down for you.
First, consider what the Harvard Business Review refers to as the internet’s grand bargain. During the first 20 years of the internet era we’ve come to expect “free and open access” to all things digital. This means most forms of internet content are free, available in an unlimited and uncensored environment, and accessible at net neutral delivery speeds. In return for this access we’ve been exposed to ads (just like when we consume traditional media), and have implicitly turned over our data which marketers pay ISPs and digital publishers a premium for. Although we’ve all agreed in some way or another to turn over our personal data, usually by checking the ever-present Terms & Conditions box, I don’t think anyone truly understood the scale at which publishers and associated 3rd parties would leverage our information. That’s what made Facebook’s Cambridge Analytica scandal such a shocker.
So where do we go from here? WSJ gives us a solid although somewhat bleak prediction. Now that we’ve recognized we’re in fact the “product” ISPs and publishers are selling, should we be safeguarded like products in other industries? If that answer is yes, should the use of our data be regulated by the government too? Coincidentally the EU is about to take a huge step in this direction on May 25th, when the GDPR (General Data Protection Regulation) goes into effect. GDPR will require digital data collectors to get “frequent and explicit consent” from its users. So it will no longer be enough to get one umbrella Ts & Cs consent – publishers will have to spell out every way customers’ data will be used and get specific permission for each use case. In a nut shell the EU will require explicit consent from users which is different from the implicit consent we give right now.
So here’s the question – will the US ever adopt a privacy protection measure like GDPR? Based on the FB backlash and the steady stream of data leaks we now see every day it’s very possible that our government will enact some sort of legislation. In my professional opinion I don’t think it will be as dramatic as GDPR, but it’s a safe bet that the chilly winds of regulation are coming to the internet.