(Forbes) By Tim Sparapani.
It is time to rethink the concept of consent and to change data privacy law to better align corporate data practices with consumers’ expectations. To gain a better understanding of how this can be done, companies can look at this to see why data privacy is so important to uphold and how it affects customers and businesses. We should increase the flexibility to innovate for companies that directly interact with consumers while restricting the chances that companies with no relationship with consumers have to misuse consumers’ data.
Recently, I’ve read articles speculating about why the Match Group, which runs online dating services including Match.com and Tinder, would purchase the Princeton Review, a leading student test prep service. Princeton Review has been unprofitable according to those articles. Why would an online dating company buy a test prep company? Perhaps the Match Group knows how to turn money-losing test prep companies around or maybe they want to use or sell Princeton Review’s customer data to create new niche dating services. If the latter is true, this unexpected use of sensitive data would confuse, frustrate or anger most customers. When I used Princeton Review to prep for my law school entrance exam neither my girlfriend nor I would have expected that I’d be offered dating services along with new test taking skills. I would never have consented to this unexpected, third-party use of my data.
This got me thinking that it is high time we rethought data privacy laws to benefit consumers in two ways by focusing on consumers’ consent. Ideally, consumers should both be free to choose exciting and unexpected innovations derived from their personal data provided by companies they know and trust, and reduced downside by lessened privacy risks posed by unknown companies accessing their personal data. Legislators should empower consumers both to consent to sharing their data for more opportunities they choose and restrict or denying access to corporations they do not know would access that data.
Policymakers should, therefore, make tandem changes. First, laws should be enacted increasing the opportunities for companies with direct relationships with customers to innovate with their customers’ data when those innovations benefit the customers. Second, policymakers should ensure that if those companies end up merging with or being acquired by another company that the protections they promised their customers for data collected by the company before the purchase accompany their data despite any acquisition.
The timing is right for this new bargain as governments’ data privacy mandates on businesses around the world are increasing, especially with respect to how businesses demonstrate their customer’s consented to collection, storage, use or sharing of that consumer’s data. Changes to laws should follow consumers’ reasonable expectations. Since regulators around the world are focusing on consumers’ consent, they should also trust consumers’ desires to create data relationships with companies they know. Regulators should encourage not prohibit moments of data serendipity. When a company with a direct consumer relationship derives an unexpected, meaningful, new benefit for its customers from their data, regulators should applaud not protest.
