Privacy Shield Down. What’s Next?

Four months ago, the European court struck down the EU-US Privacy Shield, a 2016 transatlantic trade pact that governed data flows. On a scale of Quibi to Zoom, how does this affect US businesses, more specifically, market research firms?Protecting user information is a dicey affair. It gets dicier when multiple countries are involved. If you’re in the US insights business or of the kindred spirit anywhere else, ethics is a popular done-to-death topic. And the Big Guys like Google, Microsoft, Amazon, and Facebook do have a disregard for regulation, unchecked collection of personal data, which isn’t very democratic. The backstoryThrowback to the Safe Harbor, between 2001 and 2015, when the adequacy mechanism allowed information to individuals. The data subject could have some say when their data was accessed.Between 2016 and 2020, the Privacy Shield allowed the European data troopers to check the processor's compliance with similar guidelines.Max Schrems, the privacy activist who tabled the case said, “the US will have to seriously change their surveillance laws if US companies want to continue to play a role in the EU market.” The givens?

• The privacy shield is no longer valid.
• SCCs (Standard Contractual Clauses) are still valid but, there’s a catch. All binding corporate rules go through a complex mechanism of approvals by the supervisory authorities and intelligence agencies in the ecosystem.

What has this changed for the insights business?

Not much in terms of the transfer of data itself. But there’s a whole new array of clauses. Regulations on notice, choice, accountability for further transfer, integrity, access, limitation of purpose, recourse, enforcement, and liability. Phew. While the rhetoric is strong, the EU’s central government is weak. Individual European states will be left to grapple with enforcement issues.When we talk about trust, it’s the whole package of the ability to explain, trace, rely upon, control, supervise, and slowly but surely audit data flows. If there’s one thing we can learn from this landmark decision, it is data localization. Not necessarily like China or the EU, but more context-specific to the US.

Cruizing through

Every next person in Silicon Valley and beyond is thinking:

 What is one repeating problem that you can automate or eliminate today?

Think innovations across industries: IoT, drones, endless aisles, AI & ML, etc. Brands are getting adept at selling pitches to an experience-hungry audience. Venture capitalists, whale, and shark investors are ambitious for more diverse portfolios. And tech stocks are particularly attractive. If insights professionals get nostalgic for warmer times, there has to be more than window-dressing. Data security has to be more meaningful and enforceable this time.There already are strong protection laws for sensitive data from private misuse. Example: user financials, employment, health records, and personal information about children. Rid data security of the jargon and it is simple enough for businesses in the US to navigate. Industry analyst and author, Larry Downes, puts it simply:

• First, you partner with NGOs that help set the benchmarks and guarantee transparency for data processing, storage, and use. They are efficient, cost-effective, and accessible.

• Then, you enable your consumer with trust before you make your next sales pitch. Balkanization of the internet has empowered users to manage personal preferences and make smarter decisions. Often you’ll find that the ocean of demand has fish enough for you if you collaborate with users on privacy design. 

Legal scholar, Robert Bork argued in his book ‘The Antitrust Paradox’ that the primary purpose of antitrust law is to promote consumer welfare by keeping prices low. In modern commerce, consumers “pay” personal data to Gmail, Facebook, and other brands that show them advertisements and promotions. So, price isn’t an issue if user-trust is the bedrock.

The bottom-line

People support companies that offer useful services and protect privacy. Companies that want the customer happy, strike a balance between the two. Talk is cheap but when you get the basics right, swimming through these new waters shouldn’t be a challenge. Private-sector profits and human rights aren’t trade-offs. Privacy Shield: The ECJ giveth and the ECJ taketh away. So what? Laws also bind the government. To minimize risks, smart insights businesses take it in their stride and self-regulate.

Ready to act on your research goals?