Privacy-by-design can be a source of value and opportunity, not cost

On Data Privacy Day, we may reflect on the different sides to privacy, which empowers some and hampers others. Let’s take an example. The UAE’s Personal Data Protection Law already regulates enterprises’ gathering and use of personal data and also covers concepts of confidentiality. Of course, people are protected because the government regards such laws as good governance. And private citizens welcome those protections. Private enterprises may, however, see only the expense of compliance and the dialling back in business intelligence associated with various restrictions.

However, business leaders should take heart. Their customers want their privacy respected. Do so and you may earn their respect in return. It is a journey worth taking, but to do so means changing corporate culture and processes. To start with, who owns the “privacy” question within the organisation?

The legal department might be the first answer that comes to mind, but operations and security may also have roles to play; and don’t forget that marketing and sales are voracious data gatherers. Because of the technical nature of privacy guarantees in the modern economy, many companies may end up with a dedicated privacy team, as many large tech companies already do.

As enterprises make the journey, their leaders may hear a nagging voice telling them that privacy regulations are like a speed-delimiter on the engine of innovation. But individuals that have grown up with the Internet have perceived overreach and unfettered encroachment upon their treasured safe spaces by companies around the world. That governments now seem eager to address this is cause for celebration among consumers, so for businesses the question becomes how to roll with the latest change and give the public what it wants — reliable, responsible, value-adding products and services augmented by superlative buying experiences.

Shift in the privacy paradigm
Over the last two years, there has been a fundamental shift in mindsets. As businesses increasingly recognise the importance of privacy, they have begun to embrace the paradigm of ‘Privacy by Design’. This is far superior to a retroactive approach as it becomes far less challenging and costly to then adapt to new legislations, and less risky in case of unintended privacy-related missteps.

As privacy becomes an investment rather than a cost, some are proactively putting solutions and teams in place. They are investing in staff training. The more successful enterprises are presenting privacy to their employees not as a series of edicts, but as a culture change that will help them achieve their individual goals. So often, privacy regulations can be translated into value generation, and since most people’s KPIs are tied to value generation, this leads to broad buy-in. Of course, to do this well, the privacy team needs to intimately understand every nut and bolt of product and service delivery. And it must integrate department leads into the privacy function to give everyone ownership.

As part of this integration, concerns about privacy’s time-drains on staff schedules must be addressed and resolved. If privacy becomes a game of cops and robbers with the privacy team playing the role of the police, the train will come to a juddering halt. The change process must be based on business needs and employee needs alike if value and compliance are ever going to coexist. Each department must understand why the privacy head must exist in today’s regulatory landscape. And privacy heads must remember the purpose of the core business and the challenges that various regulations bring to the departments that deliver it. This is why the makeup of the privacy department is so important. By giving all department heads a voice on the steering committee, it becomes easier to discover one another’s pain points and find ways to address them.

The future…
Privacy is going to rear its head in every new technology, as regulators become more adept at spotting potential areas for circumvention of the law. Web3, blockchain and the metaverse are theoretical hiding places for privacy abuses. Privacy belongs in all these spaces because consumers dwell in all these spaces. Privacy can and must “happen” everywhere, at all times.

And that is a good thing. Remember, privacy can become a selling point and a source of value, especially when it is implemented by design and not reactively. Seeing privacy in this light is crucial. Seeing it as customers see it and not as accountants see it is crucial. Indeed, we live in an economy where increasingly the customer and their values take precedence over the CFO and their bottom line. This is because, if you displease a customer in a crowded market, that bottom line will not stay healthy for long.

Privacy standards are still being written and may not be in their final version for some time, if ever. What privacy teams must do is maintain the culture of flexibility that reduces the reactive panic that comes from having to comply with something unexpected. The Internet itself went through such growing pains and organisations adapted. And let us never forget the rapidity and effectiveness with which UAE businesses complied with pandemic lockdowns, in some cases becoming even more profitable while adapting to change.

In 2023, expect privacy technology to undergo significant standardisation. Expect more guidance from the government and regulators. And expect consumers to give approving nods for the efforts made on their behalf.

Paul Wright is the general manager – Western Europe and MENAT at AppsFlyer

Read: Top five privacy trends to protect personal data challenges through 2024