UPDATED 12:30 EDT / MAY 14 2019

SECURITY

Companies do a tense tango with new data privacy laws

As big data is transforming industries, data analysis is the new competitive advantage in business. But the flip side is that data misuse could land companies in court or put them out of business. Since Europe’s General Data Protection Regulations went live a year ago, businesses have been scrambling to comply without hurting innovation or thinning revenue streams.

Data privacy and security are no longer just jargon in the fine print that consumers gloss over. In the past year, the issue has jumped to the fore of regular people’s minds, according to Bill Mew (pictured), founder and chief executive officer of The Crisis Team, a digital-era crisis management firm. “Because of a number of the horror stories around data breaches, the No. 1 issue out there is now how their data is handled,” he said.

New government regulations and growing pressure from the public pack a potent punch to companies in the data-refining business. They cannot afford to be lax about data privacy and security anymore. Many are concerned that GDPR’s rules are too staunch. A recent study from the International Association of Privacy Professionals revealed that less than 50% of companies are GDPR compliant. Almost one in five respondents said they felt that full GDPR compliance was impossible. And some tech companies have energetically lobbied against new privacy legislation in California and Washington.

Mew has worked with both privacy campaigners and corporations to strike an agreeable balance between freedom and oversight. “We want meaningful protections, absolutely, because there’s some really sensitive data out there, and the way it is used can affect our lives,” he said. “But at the same time, we don’t want to stifle innovation. We want to maximize the economic and social value. And that’s a really delicate balance.”

Mew spoke with Dave Vellantehost of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, and guest host Susannah Streeter during the recent AWS Summit in London. They discussed the new data security and privacy challenges facing businesses (see the full interview with transcript here). (* Disclosure below.)

This week, theCUBE spotlights Bill Mew and The Crisis Team in its Startup of the Week feature.

Lobbyists pick a bone with privacy bills

Plenty have found a bone to pick with governments increasingly prying into private companies’ data centers. “I’ve looked over the GDPR, and to me, it actually looks like a socialist agenda,” said Lillian Pierson, data science trainer and coach at Data-Mania, who spoke with theCUBE in 2017. “It looks like a full assault on free enterprise.”

In fact, it is also “completely and wholly unenforceable,” said Pierson, who holds a juris doctor degree. What makes it difficult to enforce is that it grants jurisdictional rights to the citizen, making the law extraterritorial. To illustrate: If European Union citizen Jacques eats at Bob’s Grill in Idaho and pays with his Visa, Bob’s Grill is now forced to comply with GDPR in handling the customer’s data.

There have been lobbying efforts in the U.S. to push back against new privacy rules modeled after GDPR. The California Consumer Privacy Act now under consideration proposes some of the world’s toughest regulations on what tech companies do with user data. It would require companies to reveal what data they collect; allow users to delete that data and prevent its sale; and also define how data can be used in advertising. And lawmakers in Sacramento have weighed scores of proposed amendments to refine or rewrite parts of the law. The law is under heated debate already. Lobbyists for tech companies want to roll back its reach, and privacy advocates are seeking to extend it.

Washington State’s proposed data-privacy legislation, the Washington Privacy Act, recently collapsed under the weight of dissenting voices. Again, lobbyists for tech companies and privacy zealots were among those who could not agree on terms.

But advocates have sound reasons to worry about technology prying too deep into our lives, according to Mew. One hot button in terms of privacy and individual rights is artificial intelligence for facial recognition. This is becoming increasingly prevalent and raises some difficult questions. In China, for example, facial recognition is used to score people on various behaviors, like jaywalking. They receive a sort of “citizenship score.”

“Your access to credit, your access to travel opportunities, your access to a whole load of services, is based on your score,” Mew said. “I think there would be a lot of people in, possibly, the democratic Western societies that might see that as a little bit ‘big brother.'”

Striking a balance

Mew occupies a position smack in the center of the controversy. Individuals have sensitive data out there on the internet, and it ought to be adequately protected, he explained. “I’m helping to influence where some of the regulation is going to try and … ensure that meaningful protections don’t hinder innovation or economic and social value,” he added. 

Mew also works at Crisis Team with top cyberlaw professionals and crisis-management experts to combat public hysteria when companies are hacked. Companies suffer a damaging blow to their reputations in the event of such breaches. Some of what winds up online may amount to slander or misinformation, Mew pointed out. Crisis Team steps in to help them formulate a legally defensible position, but to also communicate with the public through social media and other channels.

Notorious data breaches have been prominent in the news of late, including Facebook’s data breaches, indicating that the public can’t depend on companies to police themselves, according to Mew. However, slathering heavy regulations across all companies could have a downside. Complying fully with stricter regulations would cost companies money. This could stack the deck in favor of larger, wealthier companies and hurt smaller ones, Mew pointed out. That is a possible con that needs to be carefully examined when determining proper regulations.

A path to peace between enterprises and advocates?

What the Shangri-La forward-thinking pundits have in mind seems to be a world where we all own our own data. They can separate it and privatize it, allow or disallow permission to it, and even monetize it. But the actual technology that would make this possible remains somewhat out of reach, according to Mew.

The blockchain distributed ledger has been suggested; however, it hits a GDPR-compliance snag. “There’s a slight irony in the fact that blockchain’s immutability is actually at odds with GDPR’s right to be forgotten … so there’s some real difficult issues for us to address,” Mew said. 

Also, if users are given express control over their data, an internationally adopted standard will need to be implemented, according to Mew. At the moment, GDPR has become a standard in Europe — and it does seem to have international legs. Other regions seem to be benchmarking their own laws against it, Mew noted.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the AWS Summit. (* Disclosure: TheCUBE is a paid media partner for the AWS Summit London 2019 event. Neither Amazon Web Services Inc., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU