This past Tuesday, LinkedIn hosted an event that featured panels and discussions about privacy regulation, challenges with privacy, and the growing importance of consumer awareness. In honor of Data Privacy Day, top leaders in privacy offered their take on modern privacy issues, solutions, and regulation.
There’s a lot to unpack here, so we are highlighting the top 5 takeaways from the event to bring you up to speed on the most recent developments in privacy and how businesses are tackling these modern challenges.
Key Takeaway #1: Privacy is a fundamental human right and part of our democracy
A core sentiment echoed throughout the event was that privacy is a fundamental human right and is essential to democracy. Gregory Smolynec (Deputy Commissioner, Policy and Promotion Sector in the Office of the Privacy Commissioner of Canada) explained that the “conversation about privacy is getting louder and louder worldwide. Every citizen is part of it.” DataGrail’s recent consumer survey showed 4 in 5 Americans think there should be a law in place to protect personal data and 83% expect to have control over how businesses use their data. Smolynec emphasized the shared thoughts of the panel, saying “No one owns privacy… It’s a shared value across democracies. We cannot have public democratic life without privacy.”
Julie Brill, Chief Privacy Officer at Microsoft, expanded on Smolynec’s points to emphasize how privacy plays a role in modern democracy. Brill said, “We must recognize privacy isn’t just a human right, it’s a foundational right… A threat to privacy anywhere is a threat to privacy everywhere.” With privacy regulations implemented in Europe and California and more following in other US states and countries (including India and Brazil), Brill’s words on privacy are quickly becoming a reality.
Key Takeaway #2: The current regulatory environment is a “patchwork of laws”
With privacy regulations coming in many different regions with varied requirements, recurring challenges for businesses are handling each regulation, ensuring compliance, and meeting consumer expectations for privacy.
Tom Pendergast, Chief Learning Officer at MediaPRO shared how one company has dealt with the challenges presented by the current patchwork of laws. Microsoft chose to build around the highest global standard and honors the rights granted by the CCPA to all Americans. Pendergast stated, “Better to adhere to the highest principles instead of wading through all the laws.”
Several other speakers expressed thoughts regarding the need for a comprehensive federal regulation in the US to prevent different laws impacting companies that operate nationwide. Stacey Gray (Senior Policy Counsel at The Future of Privacy Forum) related, “We need a comprehensive federal standard.” Gray also shared that while states have responded faster due to being better equipped, federal laws are easier for businesses to comply with and grant consumers across the nation access to privacy rights.
Key Takeaway #3: Interoperability and inter-jurisdictional oversight are top challenges
The third takeaway relates to the challenges presented by the interoperability of products/services and inter-jurisdictional oversight. Greg Smolynec spotlighted these concepts in one of the later panels, sharing that some Canadian businesses are pushing back due to the difficulty of implementing privacy across the company/products while also attempting to comply with current and future regulations. Smolynec expressed that the GDPR has set a standard for businesses, but as new regulations emerge, many businesses are unsure of how to proceed with compliance. One of Smolynec’s recommendations is to shift the focus from being compliance-driven to protecting “privacy by design.”
Key Takeaway #4: Privacy by design
After discussing privacy challenges, many speakers focused on solutions for businesses, mainly the concept of “privacy by design.” Kalinda Raina, Vice President and Head of Privacy at LinkedIn, initially shared that privacy by design “means different things to different people within an organization.” Raina expanded to discuss what privacy means to separate departments.
In terms of engineering, Raina mentioned that they’re often asked to implement privacy in products, anonymize data, and ensure that security and access requirements are met. Product teams must now consider privacy impact before releasing products to the market and find ways to help people control their data. Raina also highlighted that within a large organization, everyone plays a role in privacy, and businesses must approach it as a design perspective first.
Key Takeaway #5: Make privacy part of the company story, both internally and externally
When asked for words of advice for businesses, Raina explained the ways that companies can build a culture of privacy. She recommends combining both bottom-up and top-down approaches. Privacy starts with the leadership understanding and clearly communicating their stance on data privacy. Further, leadership must also train and hire people with a knack for understanding these issues in data privacy.
At the employee level, make it relevant for everyone and build privacy awareness into all functions across the company. Raina shared an example of a LinkedIn company event that focused on data privacy for families and children, using instances like those to cultivate an understanding and awareness for each employee. Culture will determine what works best, but what Raina has found most effective is determining how it relates to employees as consumers and making it relevant to their own lives.