Data Privacy by Design: Balancing Data Protection and Technology Innovation
The issues of data protection in the technology sector is causing much concern for technology companies globally. For individuals that work in a privacy role within the technology sector, these are issues they will encounter daily and can affect many different aspects and roles from system design, database management, integrations, and delivery.
At BDO Eaton Square, we understand the challenges that many of our clients are facing within the technology sector and are delighted to share our partner, PrivacyEngine recent blog post on Data Privacy by Design: Balancing Data Protection and Technology Innovation
PrivacyEngine is a market leader in data protection and privacy management software and solutions and have been partners to BDO Eaton Square since July 2020.
If you would like to discuss further the obligations of Data Protection law and how it impacts the technology sector, please reach out to Sean Courtney, Director, BDO Eaton Square at [email protected]
Data Privacy by Design: Balancing Data Protection and Technology Innovation
Author: Colm Kelly, PrivacyEngine
Could Data Protection and Technology be mortal enemies?
If ‘Data Protection’ and ‘Technology’ were opposing mythological characters, it could be argued that one is Achilles and the other Hector, or in a more modern literary context one is Ned Stark and the other pretty much every other power hungry character from Game of Thrones.
There is this inexorable sense that Data Protection strives for the balance between moral compass and legal obligation, seeking to ensure the rights of individuals are always upheld, almost as some noblesse oblige. The Technology sector, on the other hand is driven by the need for innovation and advancement through technical achievement and betterment. It seems it’s almost always obsessed with the sunny side up aspect of everything it does.
Privacy by Design
Now I am a technologist. I’m a big fan of innovation and as a hard core fanatic of Gene Rodenberry’s Star Trek, I have a wistful belief in the bright future technology can bring to all of humanity. I’m also an advocate of strong data privacy protection for individuals, which means finding a balance between innovation and building software that recognises, and effectively manages data privacy and security concerns by design.
Following such a "privacy and security by design" process, can alleviate future privacy and security problems, and help operationalize privacy and security in technology development.
Personal Data Proliferation
The Technology sector today is a million miles away from the same industry I became a part of in the late nineties. Although the seeds of its future journey were already sown in Silicon Valley. Data, and in particular, personal data have become the core of so many software products and apps, where the real product is actually you.
This dawning can be rooted back to the Dot Com era, but was finessed by many of the internet giants we see around us today. So many understood that the true value of their companies was less about the products they made for consumption by the consumer, but instead were the tools they built to measure the consumer and how they interacted with those aforementioned products.
This is why technology finds itself all too often at loggerheads with Data Protection.
Digital Advertising is one sector where the clash is most evident. Of course, the Technology industry is not only Digital Advertising, but it is a prime example of how trends in that sector have collided with the fundamental principles enshrined in Data Protection. And now, we move into the next big paradigm shift. AI and Machine Learning. This technology, not as new as some might believe, is fundamentally driving huge data volumes, most of which is fed by gargantuan amounts of personal data.
Innovation is getting more and more impersonal. You are becoming even more of a product.
In a growing number of jurisdictions, regulators are rising to the challenge. Some in the technology sector are also recognising, like Hector, that this is a battle they can’t win. More and more corporations are hiring Chief Ethical Officers. The same corporations lead the charge on important social issues affecting us all and are equal champions of tackling global warming.
But too many have remained quiet on how they intend to make their innovations align with the fundamental rights of privacy. Few technology companies, specifically in the consumer space, are showing signs that they truly understand, or want to resolve fully the inconsistencies of their position against the obligations of Data Protection law.
No doubt, many of these companies are providing better transparency and control to consumers, allowing them make decisions on how their personal data is used. However, there is a big question as to how abstracted those controls have become, and therefore a further question lingers over how much the individual can be autonomous in their ability to provide consent, in particular when you consider the new explosion in processing that happens under the 24/7 watchful eye of AI and Machine learning.
Moving the goalposts
The goalposts just keep moving, but it is time to end the cat and mouse game between the technology sector and data protection. Developers must recognise that continuing to deflect and obfuscate on privacy issues will mean more than facing the wrath of data protection regulators. Growing awareness and activism among consumers and app users means inaction also threatens their own commercial success.
If you work in a privacy role within the technology sector, I have no doubt that you tackle these issues every day. As a professional, you need to guide your company on a careful path, standing almost as a firewall between the behaviours and desires of your organisation and the evolving legal landscape that seeks to provide more protection for the individual.
This is no easy task and it involves ensuring that the entire organization is thinking about privacy and data security at all stages of development. It will mean changing the way data is collected and processed, and putting more energy into documenting data protection efforts, to demonstrate compliance for regulators and end users.
For an example of how technology innovation can be married with best practice data protection join us in this month’s webinar: ‘What are the Privacy Considerations when designing and deploying a new App; Lessons Learned from building the Covid Tracker App’.
The livestream event will feature Gar Mac Críosta, COVID Tracker app Product Manager at the Health Services Executive, in conversation with John Ghent, CEO of PrivacyEngine. He will talk about how, despite the scope of the app and sensitivity of the data involved, developers are able to balance the conflicting needs of innovation and data protection.
It’s a tale in which Ned Stark doesn’t lose his head.
The views, thoughts, and opinions expressed in the text belong solely to the author and whilst this blog has been carefully prepared, it has been written in general terms and should be seen as broad guidance only.
The above insights cannot be relied upon to cover specific situations and you should not act, or refrain from acting, upon the information contained therein without obtaining specific professional advice. Please contact BDO to discuss these matters in the context of your particular circumstances. BDO, its partners, employees and agents do not accept or assume any liability or duty of care for any loss arising from any action taken or not taken by anyone in reliance on the information in this blog or for any decision based on it.