We love the work by Richy and his team, as their privacy compliance platform is one of the tools we see helping brands and users respect user data by simplifying the process of remaining compliant. Enjoy!

Privacy laws are great for consumers, but complying with them can be painful for businesses. It doesn’t have to be.

Digital advertising has come a long way since I started in the industry. But what was once a Wild West has started to evolve into a more heavily regulated system. Trade organizations and standards were created to help sort things out, but they didn’t have legal consequences. Life is different now. The development and passing of the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) were watershed moments in privacy, and consumers are more informed (and in some cases, fed up). 

Privacy protections are a good thing. As a consumer, I’m grateful. Having my data bought and sold without my knowledge and used for advertising doesn't feel good, especially if it’s sensitive data. There are also benefits for businesses. Privacy-first organizations enhance their brand reputation with consumers and their partners in the digital ecosystem. 

Even with these incentives to be ethical, it is a major challenge for companies actually to comply with privacy laws. I’d like to think most companies want to do right by their consumers. However, developing and managing dynamic privacy standards and compliance across your operation and with all of your partners and vendors can be painful. Thankfully, there are new tools and services helping to simplify the process that will help make privacy the norm. 

This new era of privacy requires more advanced methods. It requires a new way of building and integrating privacy-by-design and a full privacy stack. The age of solely relying on contracts is over. In addition to proper data and vendor contracts, you need to conduct due diligence and accountability on all of your partners. You need to build meaningful controls that guarantee customer data is used correctly and in compliance with privacy laws, regardless of where it sits. 

The Tricky Boundaries of Data Consent

At the heart of privacy commitments is consent. What data are you collecting, and what are you going to use it for? What’s the business purpose, and have you informed the consumer of that purpose? Of course, it’s never that simple. When faced with all the opportunities to use consumer data, it can be difficult to draw the line defining where user consent breaks down. 

Consider a person shopping for a pair of shoes through a brand’s app. Upon downloading the app, the user gives their consent for their data to be used, the contractual foundation of trust between them and the company. The app can use all the information the user shares, perhaps their shoe size, style preferences, demographics, and browsing history, to make recommendations to the person, a clear primary use of the data that provides value to the user. However, what happens when the shoe company considers taking that data and using it for other purposes, such as targeted advertising or sharing it with another partner, like a measurement company? All that data was permissioned for one purpose but is now being used for another. 

This is why companies need diligence. It’s not enough for companies to just collect consent. They need to truly understand and control the flow of consumer data, whether it lies within or outside your organization with vendors. Conducting diligence can be time-consuming and tedious, particularly across all your vendors that touch your data. One way to solve this is through standardization of privacy diligence. My company, SafeGuard Privacy, recently launched a new initiative with the IAB to help solve and streamline this entire process to make it more effective and efficient.

The ripple effects of negligence in this area can be far-reaching, not only in terms of legal repercussions but also in damaging the very trust that businesses seek to build with their consumers. Companies can’t afford to collect your “yes” and then forget about you. They need tools that facilitate comprehensive and standardized diligence processes to stay in compliance and foster a culture of transparency and responsibility towards consumer data.

Contracts Are No Longer Enough. You Need Controls.

Like all things, AI complicates the situation by presenting yet another alluring opportunity to expand the use of customer data beyond originally intended permissions. The continued arrival of new, sophisticated AI applications causes every business to ask how they can use their consumer data to unlock additional value. This temptation extends beyond the original acquirer of the data and includes every partner they’ve shared that data with as well. 

Privacy laws like CCPA require that businesses have contracts with their counterparties. But that isn’t enough. This is where controls become essential. The original contract between a user and an app, or that app’s owner and their partners, specifies how that data can be used. But how do you guarantee that data is being used correctly as use cases shift and the data gets passed around within an organization and across partners?

That’s where controls come in. Controls are the mechanisms a company can use to maintain clear and consistent uses for the data they have been entrusted with. This isn't just about technical safeguards. It's about maintaining a dialogue with users and ensuring that their consent is informed and ongoing. When the game changes, which is happening with new AI capabilities and privacy laws, controls ensure that brands can adjust their course without overstepping boundaries. 

Let’s Build the Tools to Make Compliance and Controls Easier

Looking ahead at the future privacy landscape, the only real certainty is that consumer expectations and legal requirements will continue to shift. Ongoing, dynamic shifts mean building ethical technology will remain a complex challenge for organizations. Remaining compliant and protecting data will not get any easier. If we want better privacy systems, we need tools and infrastructure that make it easy to be ethical. That includes the privacy stack, and it’s why I started SafeGuard Privacy. Privacy compliance and data protection are complex, especially when you factor in every partner you work with. But with strong ethics and great tools and technology, we can simplify the process for businesses, protect our consumers, and plan for the future. 

When I consider the industry’s evolution over my decades-long career, I’m encouraged that data privacy is now a higher priority for companies. With increasing standards and better tools, I hope anyone starting their career will be able to say the same thing 30 years from now. 

Tell us your thoughts! What tools and software do you consider most important for organizations looking to build ethical technology?

What We’re Reading On Ethical (and Non-Ethical) Tech This Week:

• Attorney General Bonta Announces Settlement with DoorDash, Investigation Finds Company Violated Multiple Consumer Privacy Laws (California Attorney General)

• Tyler Perry Puts $800M Studio Expansion on Hold After Seeing OpenAI’s Sora: “Jobs Are Going to Be Lost” (Hollywood Reporter)

• Google Chatbot’s A.I. Images Put People of Color in Nazi-Era Uniforms (New York Times)

• Waymo’s robotaxi expansion plans in California put on hold by regulators (The Verge)