Thursday, October 8, 2015

How Data Protection Laws Affect Startups

Data Privacy Laws vs. Advanced Tech for Startups

Two major developments happened in the field of data privacy and technology in Europe the past couple of weeks. The European Union announced their draft data protection legislation and the Moments app from Facebook was banned from Europe. At least until its built-in facial recognition technology includes an opt-in feature. This has made tech enthusiasts and innovators start wondering about the rules governing tech innovation when it comes to data protection.

It has all happened too fast

The rapid pace of technological innovation has left the regulations lacking in many ways. For example, the data protection rules are uniform across the EU, as well as surprisingly ambiguous and flexible. In theory, uniformity should reduce business costs and strengthen privacy and security. In reality, the business climate, cultural expectations and ideas about privacy vastly differ in European countries. This results in each member state interpreting the rules in a different way. There is no consistency and therefore no concrete way of dealing with advanced technology like Facebook's facial recognition tech or the Whatsapp encryption software. Many of the current laws were drawn up when Windows '95 was the latest and greatest, long before social networking and high-speed Internet took off.

Bad news for startups with global ambitions

The very nature of data protection is in dull contrast to the high-speed and vibrant world of global tech. Face it, it is not likely that the two will ever become true friends. If a tech giant like Facebook can get into trouble, imagine what data protection laws can do to smaller startups. Even if the rules are clearly defined and set in judicial stone, it will likely still fall short when it comes to startups hoping to enter the international market. To make matters worse, what is happening in Europe is not isolated. Most of the world is debating the balancing act between privacy and tech development.

What is a startup to do?

Startups that are unleashing bleeding edge tech should get legal help if possible. If this is not possible, the only way to move forward is to be 100% ethical and to tread very carefully. European regulators appreciate transparency so it is usually wise to disclose how customer data is used. This is also a prime opportunity to demonstrate the benefits of the market offering. By building in clear opt-in and opt-outs, the tech is more likely to be treated positively - obviously especially if there is some kind of facial recognition tech in the product.