Google and Facebook May Actually Become Stronger from Upcoming Privacy Regulations

May 3, 2018 - 7 minutes read

You’ve probably noticed quite a few more “Updated Privacy Policy” emails in your inbox than usual. Most likely from your preferred e-commerce, search engine, and social media sites, these emails ask you to review the updated terms and conditions in the privacy policy.

This time, if you don’t bother to read the policy before May 25th, the company assumes you’ve consented to their new policy.

Europe’s New Policy

The European Union’s (EU) new rules, called the General Data Protection Regulation (GDPR, for short), aren’t very complex. The set of regulations revolve around protecting users and the data they generate through website interactions and cookie tracking; if a company collects and processes data, it must ask the user if they consent to these practices. Previously, as long as a website had a “user agreement” linked somewhere visible, it could assume that the user consents.

The GDPR could definitely impede startups from spending their time and resources elsewhere. Although there is only a tiny chance that a small company could be audited, compliance is a daily, multi-year dedication by both developers and executives alike.

The Devil Is in the Details

If you’ve ever tried reading a Privacy Policy, you know that they change frequently, are incredibly long, and usually contain a fair share of “legalese.” You’d have to be extremely dedicated to get through even one of them. And by the end of your marathon read, you usually have more questions than answers.

If you read a few, you’d be hard-pressed to point out the differences in each policy and which companies had which specific clauses. The situation causes user boredom, which means no one ever bothers reading Privacy Policies, unless their job depends on it.

For companies, being transparent and upfront about data collected and its usage is ideal. Instead of wordiness, there should be a chart that displays the purpose of collection, types of data involved, and consent. Besides that, the whole document should be understandable and written at a 5th-grade reading level. It shouldn’t be 83 pages long. It could even behave like an interactive knowledge base.

Also, It turns out there’s a psychological component to the Privacy Policies and user interest beyond boredom. If companies did this, they could not only earn unparalleled user trust, but they could also improve their reputation immensely.

So… Is This Good or Bad for Companies?

Facebook and Google are poised to come out of this stricter privacy regulation stronger than before. How, you ask? Nicolas Colin the co-founder at Family, a start-up accelerator in Paris, explains that “people tend to give that permission to companies they trust.” He says, “Stricter rules strengthen companies because they have that key asset that is trust.”

Although Facebook is sending Mark Zuckerberg to D.C. to testify in front of politicians during this tumultuous time in the company, its revenue still grew an astounding 50%, reaching $11.97 billion. Experts also point to Europe’s past with Google, when Google was ordered that people have the “right to be forgotten” online. Unfortunately, it’s still up to Google to honor these deletion requests, and there is no easy-to-see button for users to send a request. But lawyers and consultants say that regulating the tech giants is not the goal of the new EU regulations.

And even if this data collection regulation is a detriment to Facebook and Google, they still enjoy the power of having some of the largest advertiser reaches in the world. Giovanni Buttarelli is a European data protection supervisor. He helped draft up the GDPR and ceded that the regulations will be up against entire teams of lobbyists and lawyers. But, Buttarelli says, the impact of the GDPR will be determined by regulators.

Pay Attention to the Fine Print

True compliance and the other side of the coin, true regulation, are both difficult to maintain. As the EU’s and international laws surrounding data collection and privacy change, Privacy Policies will get wordier and read with less flow (are we going to seriously believe that a lawyer is going to read over and digest the entire 23-page Privacy Policy, just to make it easier to read?).

Enforcement is going to be prioritized for companies that handle more personal data. But even if smaller companies don’t get audited, Avi Goldfarb says privacy regulation can be anti-competitive because costs amount to more at a smaller startup than a larger corporation. Goldfarb, a marketing professor at the University of Toronto, says, “Regulations help incumbents.”

Ben Scott, a senior adviser for the Open Technology Institute at New America, is concerned about the uncertainty of the situation and the results it will produce. “I’m worried that a lot of people have invested a lot of hope in GDPR, and I’m not sure it’s going to deliver. It will all depend on how it’s going to be enforced.”

Even though GDPR is being passed through the EU, it’s affecting companies in Silicon Valley and New York in both small and large ways. Expressing consent and knowing what you’re consenting can easily become a confusing ethical quandary. What do you think would make it easier to digest Privacy Policies? How many Privacy Policies have you read through fully? Is the EU taking a step in the right direction, or will this backfire?

Tags: , , , , , , , , , , , , , , , , , , , , ,