Data protection and privacy is top of the mind for governments and consumers. But the shift to consumer data privacy regulations like CCPA and GDPR is often viewed as an unwelcome move, a barrier to innovation. Itay Levy, Co-Founder, and CEO, Identiq says regulations often lead to technological improvements that can benefit both customers and industry.
When business leaders hear the word â€˜regulationOpens a new window ,’ they often react as if they’re hearing nails on a chalkboard. It sounds like a hassle, and constriction on their business â€“ due to a simple but widespread misconception: that regulations Opens a new window will stunt the growth of the industry on which they are imposed.
We’re seeing this phenomenon in the e-commerce industry (and really every online B2C sector), as a result of the General Data Protection RegulationOpens a new window (GDPR) and California Consumer Privacy ActOpens a new window (CCPA). Consumers want to be able to control their own data and prevent companies from having access to their online activities with explicit consent, and regulators are responding with legislation to make that happen.
As expected, the industry is worried that this will lead to more time-consuming business processes and hefty non-compliance fines. But in reality, for businesses that take the spirit behind the regulations to heart, the opposite could be true. In actual fact regulations like these often lead to technological improvements that greatly benefit both customers and industry.
Technologists Have Always Responded to Regulation
From the early to mid 20th century, the government tried to prevent automobile accident-related deaths by imposing regulations such as speed limits. They weren’t enough. What made the difference was the modern seat belt â€“ developed by an engineer at Volvo.
This was so effective that in 1966, the US government passed the National Traffic and Motor Vehicle Safety Act, requiring all cars to have seat belts. And of course today, their use is mandatory in the U.S.
Another example is the Clean Air Act. Enacted in 1970 to control pollution and improve the quality of air for public health, the act has resulted in cars becoming 99% greener than they were previously. Once the government realizes that a program leads to better technology, they often pass more legislation â€” like the 2009 â€œCash for Clunkersâ€ program, designed to get environmentally inefficient cars off the road. It’s a never-ending cycle.
How Technologists are Responding to GDPR and CCPA
The same type of technological evolution is happening in the digital world as a result of GDPR and CCPA. Consumers told the government what they want â€“ privacy. As a result, regulators have forced businesses to change their practices.
Now, a number of companies and individuals are trying to invent solutions that will change the face of online privacy. What’s interesting is that these solutions are trying to give consumers what they want and streamline and improve things for businesses.
One such idea is a concept called self-sovereign identity, which provides users with a digital passport or ID that is connected to a set of random, unique identifiers that represent each piece of data (age, sex, etc) stored at a trusted source, such as the Social Security Administration.
Each time you’re asked to verify your identity, you only have to provide the random identifier that corresponds with the ask. For example, if a website is asking if you’re over 21, your identifier would only need to certify that fact, not give your exact age. Self-sovereign does require consumers to be responsible for their own identity and its protection, but it’s privacy, and in most iterations, it’s easy for businesses to use in validation processes.
Going Private With Providerless
Another privacy solution that’s emerging involves â€œproviderlessâ€ data Opens a new window validation. Essentially, this means removing third-party data aggregators like Equifax from the equation altogether and directly connecting merchants for the purpose of identity verification. Blockchain is one example of a providerless technology, as is F.A.I.R.
For example, when someone signs up for a video streaming app, that app could ask other companies, â€œHave you heard of this person?â€ Many providerless solutions factor in privacy, as each identity is connected to random identifiers (much like the self-sovereign identity concept). It is possible for providerless solutions to be fully anonymous and ensure that no personal information is ever shared â€“ fulfilling the spirit of privacy regulations by going beyond what they require.
Providerless is also a security boost from the fraud prevention perspective because it enables companies to consistently leverage fresh, holistic information about users. It allows businesses to trust even their newest users because they’re able to base the approval process on the users’ trustworthiness with other companies.
The added layer of privacy even enables the secure verification of sensitive information such as credit card details without any data being shared between companies, which is a major incentive. Moreover, direct competitors can finally collaborate with one another against fraud, as long as they choose a providerless option which ensures no personal user data ever leaves their own systems.
What’s Next in the Cycle?
The interesting thing about technology being developed in response to regulation is that if an invention is impactful enough, it can in turn affect regulation â€“ as we saw with seatbelts. If we can create tech that’s great at fulfilling the spirit of privacy as well as the letter of the law, and that’s beneficial for both businesses and consumers Opens a new window â€“ then regulators might just recommend it, making your life easier whether you’re a consumer or a business leader.
And if you are an early adopter, you have a competitive advantage while other companies rush to catch up.