Data Protection Standards Need to Be Global

Click here to view original web page at
Broadly, customers around the world should be in charge of the information companies have about them, and companies need to be liable if they misuse it.

Whether it is Cambridge Analytica gaining access to private information on up to 87 million Facebook users, or the large-scale data breaches at Equifax or Yahoo, alarmingly loose standards for the use and protection of customer data continue to fuel a backlash against large tech companies. More importantly, these events demonstrate the need for a global set of consumer data principles.

The Facebook-Cambridge Analytica saga has triggered much-needed debates over the necessity for greater regulation and the potential breakups of de facto monopolies. But these debates will lead nowhere if the global community doesn't manage to tackle the main challenge of how to treat and govern customer data.

The stakes, as the Cambridge Analytica debacle makes clear, are high. In her remarks at the World Economic Forum’s Annual Meeting in Davos this year, German chancellor Angela Merkel linked the data governance question to the very health of democracy itself. “The question ‘who owns that data?’ will decide whether democracy, the participatory social model, and economic prosperity can be combined,” Merkel said.

The challenge is also not small. Every two days we create as much data as we did from the start of time to 2013. Marketing companies have about 1,500 data points on approximately 96 percent of US citizens. Consumers and businesses alike have become accustomed to this amazing growth and availability of customer data without any societal debate establishing what collection, usage, and sharing practices are appropriate or even ethical.

Moreover, it’s not just Big Tech that's involved. While today the spotlight is on Silicon Valley, and Facebook, Amazon, and Google in particular, the challenge of how to treat customer data affects any company active in the digital sphere, across any industry and any geography.

With all that in mind, the World Economic Forum brought together a group of experts representing technology companies, financial services providers, law firms, trade unions, religious organizations and regulators. We tasked the group to develop a set of global principles for the appropriate use of customer data. Here is what we learned.

First off, a truly global framework is needed to get results. On a national level, more than 100 countries have already passed data protection laws of varying robustness. But data flows show little regard for borders, and digital businesses operate across geographies and jurisdictions, so national standards can ultimately only achieve so much.

Second, there’s a good reason why a global framework is lacking: Sentiments and attitudes towards data collection, usage, and sharing vary significantly among the most data-driven markets of North America, Europe, and Asia. But the Forum’s work in several major jurisdictions has shown that all actors can indeed agree on principles on data control or ownership, data portability, and data security.

So what are the global principles?

Customers should be the ones controlling their data, and companies should need customers’ consent to use it.

Consumers should be able to move their data freely between service providers and allow third parties to manage it. If a customer finds a new platform more compelling than a service she is currently using, the existing service provider should allow her to download her data and not stand in the way of her switching to a competing platform.

Companies should be on the hook when it comes to security or the assignment of liability between companies and customers in case of any breaches.

Companies should comprehensively test and provide justification for artificial intelligence-based models before they hit the market. By design, AI lets machines develop their own logic. But what’s considered good by the computer may not be good for society.

On the surface, these broad principles may seem to limit innovation. Having less data available to businesses means less-accurate profiling capabilities, making companies such as Facebook less desirable to advertisers.

But while some of the principles strengthen the position of consumers at the expense of big data businesses, most principles protect customers while also benefiting providers in the long run.

Allowing customers to move their data from one platform to another enhances competition. This in turn spurs economic growth, and ultimately benefits all—including the large platforms.

Trust lies at the heart of all business models. Every instance of bad conduct erodes customer faith not only in individual companies, but also the broader system. Ultimately, an erosion of confidence leads to unstable systems, the consequences of which we experienced painfully 10 years ago in the global financial crisis.

With a backlash against tech gaining momentum, businesses may find themselves near the brink of crisis sooner than many anticipate. It's time for a worldwide conversation about what data practices are appropriate. A set of global principles will serve as one, important starting point facilitating this conversation.

WIRED Opinion publishes pieces written by outside contributors and represents a wide range of viewpoints. Read more opinions here.


The only way to be truly secure on Facebook is to delete your account. But that's crazy talk! Here's how to lock down your privacy and security and bonus, keep targeted ads at bay.