Panelists included Laura Koulet (VP, Legal Counsel, Tapad), J. Allen Dove, (CTO, SpotX), Ana Milicevic (Co-founder & Principal, Sparrow Digital Holdings), and moderator, Hillary Adler (Senior Editor, DMN), who broke down the complexities of GDPR and educated the audience on what a post-GDPR world will look like.
As the discussion started to take shape, a few keys components of GDPR began to stand out – how did we get here? Who will be affected? And what role do consumers play in all this?
Why was GDPR needed, and will the U.S. follow suit?
GDPR is a wake-up call, and a good first step. “I would say that GDPR is definitely enough for companies to sit up and take notice, and to ensure that they aren’t just operating like it’s business as usual,” said Koulet. “Companies have to take a deep dive into their data processing activities and understand where the data is coming from, how they are collecting it and whether they are doing it within the scope of the law.”
This shouldn’t be a surprise to companies either, according to Milicevic. Lazy designs, and a laissez-faire approach, are to blame for some of the current problems companies are facing with data breaches. “A lot of the platforms need to ask themselves what is the purpose, and use, of the data that is being collected, and what do consumers expect future use of that data to be,” said Milicevic, “because this is exactly where we are starting to see things fall apart at the seams.”
Corporate responses to these breaches have also surprised Milicevic, who added that she was very surprised with Facebook’s comment regarding whether they were going to apply GDPR-related changes everywhere. “They said they would ‘in spirit.’ Spiritual compliance,” joked Milicevic.
The panel was not keen on U.S.-based companies’ approach to the global regulation either. “U.S. companies are less privacy-focused,” said Koulet. Dove added that the U.S. “doesn’t have the stick,” to enforce regulations. The panel did agree that GDPR is a good baseline for other countries, however, the large gap in the understanding of customer data collection by the customer and legislative side makes similar U.S.-based regulations a less realistic option. Yet California was mentioned as a possible beacon of hope.
Place your bets – When, where and on whom does the hammer fall?
“We have an internal bet,” Dove joked. “Which group, or industry, is going to get tagged first? Low hanging fruit, which is, well, raise your hand if you’re in advertising technology. We’re kind of an easy mark.”
“We also have an internal bet,” responded Milicevic, “where the first lawsuit is going to be filed, and when. I’ve got my money on Spain and May 28.”
A call to consumers to stand up
Companies and legislative bodies are not the only responsible parties when it comes to data usage and protection.
“At the end of the day, consumers have to take some responsibility too,” mused Dove. “There is no motivation for legislators or companies (to take additional measures regarding the collection of data in the U.S.), if consumers are not behind this,” he continued. “You want consumers to stand up and demand something? Offer them some money! Offer them a way to make money off of their data.”
Dove hopes that these recent breaches and regulations will serve as a wakeup call to consumers and make them more aware of what happens to their data.
In summary, while our speakers did not have high hopes for any U.S. regulations off the back of GDPR, they agree that the regulations are a great first step. The onus is now on impacted companies to be in compliance. Consumers aren’t off the hook either, it’s time for us all, as consumers, to start caring about who has our data and what they are doing with it.