April 20, 2018
Written with Paul McKay, Senior Analyst at Forrester
This is just more evidence of a worryingly short-sighted strategy, because:
- Customers increasingly demand that companies respect their privacy rights everywhere. Our global research into consumer privacy attitude and behavior shows clearly that consumers are becoming increasingly knowledgeable about the “data economy” and demand protection for their data privacy. And, it’s not just what they say! Many use technology to protect their privacy online, such as “do not track” plug-ins, read privacy policies, and have declined to complete an online transaction when they have privacy concerns.
- Privacy regulations around the world are progressively pushing toward GDPR standards. As part of Forrester’s Privacy Heat Map, we analyse the data protection rules over 55 countries. Our research highlights the evolution of rules globally to reflect GDPR-like standards. Privacy regulation in Argentina and Japan are just the latest examples of this trend. And, it’s not surprising that the data protection regulator of New Zealand is investigating Facebook over alleged violation of local privacy rules.
- Forward-looking companies are making privacy part of their business strategy. In my work on GDPR compliance strategies, I have seen interesting examples of companies that have decided to embed GDPR standards into their global privacy programs, recognizing that users, everywhere, should retain control over their data. Other companies embraced privacy as a corporate social responsibility (CSR), because they recognize privacy as a core value of their business, rather than a mere compliance requirement. These companies have set them up to leverage privacy to differentiate their position in the marketplace and establish a competitive advantage.
The choice that Facebook has made to recognize stronger privacy rights only to users that reside within the EU is openly in conflict with the commitment that Facebook’s CEO has declared just a few days ago in front of all Facebook users. This in effect makes the 1.5 billion users second-class citizens on the network with regards to their privacy rights. To limit the detrimental effect related to the Cambridge Analytica scandal, Facebook is transforming a data privacy breach (which authorities are investigating) into a breach of ethics and trust. As my colleague Renee Murphy says, every CEO, CISO, risk officer, and chief privacy officer must remember that your customers might forgive you for a security breach, but they will punish you for a breach of trust.