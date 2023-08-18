BY Ryan Paterson4 minute read

It looks like someone finally set off the alarm on Big Tech’s role in data privacy in the United States. For starters, President Biden kicked off the year with a Wall Street Journal op-ed calling for bipartisan action regarding antitrust, privacy, and child protection measures against tech giants. Since then, we’ve seen leaders from Meta, TikTok, and OpenAI testify before Congress and the Senate to address a litany of abuses in data privacy practices. In TikTok’s case, the world’s fifth-largest app has even been banned from government devices altogether.

What does that mean for everyday tech companies? For one thing, it means projects should be cognizant of the ever-rising user concerns about data privacy and security and actively work to reconcile these valid concerns. The tech industry is no longer the deregulated free-for-all it used to be, and that’s a good reality check for Big Tech and smaller companies alike. That being said, companies do stand to gain a competitive advantage by addressing these issues on an operational level before it becomes obligatory. What is the delay? It’s no secret that the U.S. moves at a glacial pace in passing and updating data privacy laws. And while it’s easy to blame overbearing bureaucracy or corporate lobbying, these factors only compound the multifaceted reasons for delays in meaningful data privacy mandates.

From the business side, companies simply don’t employ enough technical privacy, legal, and compliance staff. And if they can afford to do so, it likely contradicts the business practices that got them to that position in the first place. Although wider economic factors play a role in budgeting, 42% of respondents reported having underfunded privacy budgets in multiple business sectors, according to ISACA. With companies tightening wallets even more than usual, it’s clear to see how they can fall behind in staying compliant with new mandates or maintaining their privacy infrastructures. Even companies that try to innovate consumer protections and enhance privacy can fall victim to disastrous attacks. The latest LastPass breach that left 30 million users exposed to hackers is a case in point, and it’s definitely not a first for them.

While the efficacy of using centralized password managers to protect user privacy is questionable, more than 100 thousand business accounts were affected by the breach, likely subjecting even more users to nefarious data exploitation. This illustrates the sheer magnitude that one breach can have and the collateral damage from its reverberations. User-data exploitation comes part and parcel with Web 2.0 operations for entirely legal business purposes. But the U.S. Department of Justice is cracking down on serial privacy violators, with senior officials repeatedly issuing warnings to consumers to avoid certain data-siphoning apps. While banning data privacy offenders is certainly on the table, it’s unlikely to ensure meaningful consumer safety. In such an unpredictable regulatory environment, how can smaller companies concretely make sure they’re on the right side of the gavel?

advertisement

Staying on the safe side Keeping pace with ever-shifting regulations can put smaller companies in a tough spot when they have limited resources or infrastructure to implement changes. And those costs can quickly balloon when companies operating in multiple countries have to interpret various, and sometimes opposing, regulations depending on the region. In that sense, security and customer-data safeguards must be built from the ground up. Data privacy and security should be a foundational aspect of any app or tech development moving forward, not an added bonus. Twitter, for example, made text-based two-factor authentication under Elon Musk available only to paying Twitter Blue Check Mark users. That’s exactly what companies shouldn’t do. Offering a fundamental security feature only to a select few can create an unsafe experience for the majority of users who won’t pay for Twitter Blue. And making a basic security feature of most websites or platforms into a VIP service isn’t exactly the most enticing perk.

Keeping up with regulation is an entirely different beast to contend with, especially in the U.S. where the laws surrounding data privacy are built on a patchwork. These loose threads and clashing mandates between federal and state-level rulings allow Big Tech to exploit loopholes while smaller companies get hit with inquiries. U.S.-based companies have also faced challenges to their data operations thanks to international regulations such as the EU’s GDPR and newly minted privacy reforms in Australia. But these challenges can help rein in larger offenders and help companies do better while serving as a good guidepost as to where local regulations might be heading. Staying ahead of the curve on data privacy requires a deep inquiry into the underlying issues and infrastructure that have created this environment, to begin with. Web 2.0 was designed to maximize the sale of user data for marketing purposes, and the future of the internet and tech, in general, must veer away from this course before it’s too late.