Home Assembly: Coronavirus, brands and the ethics of moving beyond compliance

It is now obvious that nothing will be quite the same for any of us, once the current health and economic crisis around Covid19 has passed. For those with an interest in personal data, we are likely to see fracturing of the enforcement landscape, delay to the release and implementation of new regulations and a cut in numbers of ‘hands on’ privacy professionals.

Does this mean the end of privacy, the ‘GDPR effect’, to the value of doing the right thing by data? I think not, but it does feel like the ‘end of the beginning’ for companies outside AdTech who traditionally captured and used data as part of, but not the driving force for their business.

Since May 2018, it has been enough for companies to put in place compliance processes for GDPR, update policies and give thoughts to servicing people’s rights in terms of their data. Maybe they have automated some of this, looked at their cookie notices and spoken with partners. Important steps, but there is still a degree of separation of this activity in the average company from the core business, the markets and people it serves.

In a time of doubt, over a billion people are in lockdown worldwide and have their lives disrupted. This shouldn’t mean they also need to sacrifice their privacy for health, access to the outside world or anything else. Smart companies recognise this and are now at pains to show they are deserving of our trust, beyond compliance with regulations.

Just see how quickly Zoom has responded to concerns around security and privacy around what has become the de facto verb for home working communication. Their Chief Executive has gone on the record with a public apology and they are now on an active, daily release cycle to get their house in order.

To be fair, Zoom has been around since 2011 so it’s unsurprising a lot of its default architecture was set to acquire data about users, which could in turn be vacuumed up into the AdTech ecosystem. Data capture and ‘lock-in’ was seen as desirable for startups, and how we all used to build web applications, even at Tapmydata. Zoom can restore trust and get back to building traction, as they have a strong enough business use case to make aggressive data monetisation unnecessary.

Another company with a strong track record wanting to show they respect customers rights as humans, not compliance units is IKEA. This year, their Chief Digital Officer appeared in an un-glossy video, explaining how they embed data ethics into everything they do — a “people-centric” approach

IKEA worries many companies operate as if customers’ personal data was their own property, and stress the need to rethink everything they do through the lens of data ethics. Data ethics has been dismissed by some in privacy circles as ‘watered down’ compliance, but many major brands embrace the concept and are adopting elements of the different ethical frameworks out there into their own DNA.

This isn’t a revolutionary process; IKEA’s approach is to provide a series of preference centres for customers to view, correct and control their details, while still on their company’s digital estate. Whether this will evolve into true control for citizens over their data, and a boom for a new ecosystem around personal data stores, sovereign and portability standards remains to be seen, but it seems clear that trust is a precious, renewable resource and worth striving for, whether on an interpersonal or corporate level.