Search, social media, cloud computing, and business analytics have largely fulfilled their promises in developing our economies’ global players. To protect our own digital investments, it is of little wonder that we are pouring resources today into addressing GDPR. These efforts of regulatory compliance may none-the-less prove to be misguided, for your corporate data will never be worth more than the confidence your stakeholders have in your data practices. In the digital economy, competitive advantage is tied to understanding the primacy of trust rather than that of data. Let’s explore the nature of the challenge, to what extent GDPR is the answer, and how companies can harness “Trust by Design” in preparing for a post-GDPR world.
To understand this naked truth, we need to take a hard look at what produces an organization’s bottom line. Consumers purchase products, services and ideas on the condition that there is commonly accepted system of economic exchange that insures the definition, value, and order of the transactions themselves. Since neither companies nor consumers can insure compliance, they have traditionally paid various intermediaries to guarantee the solvency of their exchanges: banks verify the accounts to facilitate payments, insurance companies oversee the risk of health and property, and the State itself provides education, infrastructure and social security. This need of trusted intermediaries has accelerated as the digital economy has become reality: Alphabet, Facebook, Amazon and Alibaba have leveraged economies of scale and network effects into de facto monopolies.
The paradox of trust: as corporations gather more and more data, trust itself becomes increasingly rare and valuable.
In the digital economy service is nothing more than an answer to a problem, while data provides answers to questions that haven’t yet been asked. First and foremost of these questions is the paradox of trust: although information on corporations, managers and products has never been more plentiful, trust itself has become both increasingly rare and valuable. This deficit of trust can be explained on one level by the very nature of the global economy: the physical and perceptual distance between those that produce and those that consumer information has never been greater. On a second level, the digitalization of economic and social exchanges has created virtual communication in which marketing predominates. Finally, the decline of both ethics and values in business has served to justify the fake news of post-truth economy — the product has become the message. Little wonder that the nature of truth has shifted from that based on a blind faith in the economy to that of “referred trust” as a basis for economic decision-making.
Europe’s General Data Protection Regulation recognizes both that digital data has become the new currency of world economy and that the private and public organizations that collect and organize the vast record of these “transactions” control their customers. GDPR explicitly recognizes this inherent danger in proposing to regulate the commercial use of the private and sensitive data that describes who we are, what we think and what we do. GDPR introduces a European citizen’s bill of digital rights where European citizens (“data subjects”) have the right to know how this data is being collected, where and for what purpose. Data controllers and data processors are now required to institute processes and internal record keeping requirements to insure compliance with these new regulations. Most importantly, the legislators aim to influence the nature of our data practices — data protection should predicate the design of our databases, applications and information systems.
GDPR protects personal data rather than personal privacy and interests
As laudable as these efforts are, GDPR privileges data protection rather than personal privacy while targeting computer applications that rely on the centralized control of information. As technology evolves, new iterations of software are deploying decentralized administration to achieve greater degrees of transparency and traceability. Distributed ledger technology is one such iteration; blockchain-based transactions can largely eliminate the need for intermediaries to guarantee the validity of personal data at our borders, in our administrations, and in our everyday economic transactions. These shared can transparently report organizations’ financial transactions, as well as individual’s earnings, in real time. Blockchains can check the credentials of candidates for employment, credit, or social services, facilitating more secure, and more confidential, peer to peer transactions. IF GDPR’s goal is to limit the monopoly of corporate intermediaries while protecting personal privacy, it will in turn need to evolve to facilitate the development of these newer generations of technology.
Trust by design is a set of data practices that incorporates the short-term regulatory requirements while exploring the long-term opportunities of new forms of IT.
“Trust by design” proposes a set of data practices that accounts for the short-term requirements of GDPR while exploring the longer-term opportunities of new forms of IT. The overall vision is that of open, interactive data practices that deliver transparency, customer empowerment, portability, and data quality. The guiding principles include data justification – providing consumers with the stated objective for capturing their private data, impact assessment – documenting the processes with which your data is stored internally and on the cloud, data security -assuring that your organization has the expertise to securely use proprietary and open data, selective access – allowing the owners of the data to decide on its degree of exposure, and open practices – instituting ethical and transparent data practices within your organization and business community.
I will be discussing and developing these propositions November 9th in Berlin at Group Futurista’s Post GDPR/FODP summit . Please don’t hesitate to share your thoughts and suggestions head leading up to this event. I look forward to seeing you there.
Lee Schlenker is a Professor of Business Analytics and Community Management, and a Principal in the Business Analytics Institute http://baieurope.com. His LinkedIn profile can be viewed at www.linkedin.com/in/leeschlenker . You can follow the BAI on Twitter at https://twitter.com/DSign4Analytics