Jan
26
2019
--

Has the fight over privacy changed at all in 2019?

Few issues divide the tech community quite like privacy. Much of Silicon Valley’s wealth has been built on data-driven advertising platforms, and yet, there remain constant concerns about the invasiveness of those platforms.

Such concerns have intensified in just the last few weeks as France’s privacy regulator placed a record fine on Google under Europe’s General Data Protection Regulation (GDPR) rules which the company now plans to appeal. Yet with global platform usage and service sales continuing to tick up, we asked a panel of eight privacy experts: “Has anything fundamentally changed around privacy in tech in 2019? What is the state of privacy and has the outlook changed?” 

This week’s participants include:

TechCrunch is experimenting with new content forms. Consider this a recurring venue for debate, where leading experts – with a diverse range of vantage points and opinions – provide us with thoughts on some of the biggest issues currently in tech, startups and venture. If you have any feedback, please reach out: Arman.Tabatabai@techcrunch.com.


Thoughts & Responses:


Albert Gidari

Albert Gidari is the Consulting Director of Privacy at the Stanford Center for Internet and Society. He was a partner for over 20 years at Perkins Coie LLP, achieving a top-ranking in privacy law by Chambers, before retiring to consult with CIS on its privacy program. He negotiated the first-ever “privacy by design” consent decree with the Federal Trade Commission. A recognized expert on electronic surveillance law, he brought the first public lawsuit before the Foreign Intelligence Surveillance Court, seeking the right of providers to disclose the volume of national security demands received and the number of affected user accounts, ultimately resulting in greater public disclosure of such requests.

There is no doubt that the privacy environment changed in 2018 with the passage of California’s Consumer Privacy Act (CCPA), implementation of the European Union’s General Data Protection Regulation (GDPR), and new privacy laws enacted around the globe.

“While privacy regulation seeks to make tech companies betters stewards of the data they collect and their practices more transparent, in the end, it is a deception to think that users will have more “privacy.””

For one thing, large tech companies have grown huge privacy compliance organizations to meet their new regulatory obligations. For another, the major platforms now are lobbying for passage of a federal privacy law in the U.S. This is not surprising after a year of privacy miscues, breaches and negative privacy news. But does all of this mean a fundamental change is in store for privacy? I think not.

The fundamental model sustaining the Internet is based upon the exchange of user data for free service. As long as advertising dollars drive the growth of the Internet, regulation simply will tinker around the edges, setting sideboards to dictate the terms of the exchange. The tech companies may be more accountable for how they handle data and to whom they disclose it, but the fact is that data will continue to be collected from all manner of people, places and things.

Indeed, if the past year has shown anything it is that two rules are fundamental: (1) everything that can be connected to the Internet will be connected; and (2) everything that can be collected, will be collected, analyzed, used and monetized. It is inexorable.

While privacy regulation seeks to make tech companies betters stewards of the data they collect and their practices more transparent, in the end, it is a deception to think that users will have more “privacy.” No one even knows what “more privacy” means. If it means that users will have more control over the data they share, that is laudable but not achievable in a world where people have no idea how many times or with whom they have shared their information already. Can you name all the places over your lifetime where you provided your SSN and other identifying information? And given that the largest data collector (and likely least secure) is government, what does control really mean?

All this is not to say that privacy regulation is futile. But it is to recognize that nothing proposed today will result in a fundamental shift in privacy policy or provide a panacea of consumer protection. Better privacy hygiene and more accountability on the part of tech companies is a good thing, but it doesn’t solve the privacy paradox that those same users who want more privacy broadly share their information with others who are less trustworthy on social media (ask Jeff Bezos), or that the government hoovers up data at rate that makes tech companies look like pikers (visit a smart city near you).

Many years ago, I used to practice environmental law. I watched companies strive to comply with new laws intended to control pollution by creating compliance infrastructures and teams aimed at preventing, detecting and deterring violations. Today, I see the same thing at the large tech companies – hundreds of employees have been hired to do “privacy” compliance. The language is the same too: cradle to grave privacy documentation of data flows for a product or service; audits and assessments of privacy practices; data mapping; sustainable privacy practices. In short, privacy has become corporatized and industrialized.

True, we have cleaner air and cleaner water as a result of environmental law, but we also have made it lawful and built businesses around acceptable levels of pollution. Companies still lawfully dump arsenic in the water and belch volatile organic compounds in the air. And we still get environmental catastrophes. So don’t expect today’s “Clean Privacy Law” to eliminate data breaches or profiling or abuses.

The privacy world is complicated and few people truly understand the number and variety of companies involved in data collection and processing, and none of them are in Congress. The power to fundamentally change the privacy equation is in the hands of the people who use the technology (or choose not to) and in the hands of those who design it, and maybe that’s where it should be.


Gabriel Weinberg

Gabriel Weinberg is the Founder and CEO of privacy-focused search engine DuckDuckGo.

Coming into 2019, interest in privacy solutions is truly mainstream. There are signs of this everywhere (media, politics, books, etc.) and also in DuckDuckGo’s growth, which has never been faster. With solid majorities now seeking out private alternatives and other ways to be tracked less online, we expect governments to continue to step up their regulatory scrutiny and for privacy companies like DuckDuckGo to continue to help more people take back their privacy.

“Consumers don’t necessarily feel they have anything to hide – but they just don’t want corporations to profit off their personal information, or be manipulated, or unfairly treated through misuse of that information.”

We’re also seeing companies take action beyond mere regulatory compliance, reflecting this new majority will of the people and its tangible effect on the market. Just this month we’ve seen Apple’s Tim Cook call for stronger privacy regulation and the New York Times report strong ad revenue in Europe after stopping the use of ad exchanges and behavioral targeting.

At its core, this groundswell is driven by the negative effects that stem from the surveillance business model. The percentage of people who have noticed ads following them around the Internet, or who have had their data exposed in a breach, or who have had a family member or friend experience some kind of credit card fraud or identity theft issue, reached a boiling point in 2018. On top of that, people learned of the extent to which the big platforms like Google and Facebook that collect the most data are used to propagate misinformation, discrimination, and polarization. Consumers don’t necessarily feel they have anything to hide – but they just don’t want corporations to profit off their personal information, or be manipulated, or unfairly treated through misuse of that information. Fortunately, there are alternatives to the surveillance business model and more companies are setting a new standard of trust online by showcasing alternative models.


Melika Carroll

Melika Carroll is Senior Vice President, Global Government Affairs at Internet Association, which represents over 45 of the world’s leading internet companies, including Google, Facebook, Amazon, Twitter, Uber, Airbnb and others.

We support a modern, national privacy law that provides people meaningful control over the data they provide to companies so they can make the most informed choices about how that data is used, seen, and shared.

“Any national privacy framework should provide the same protections for people’s data across industries, regardless of whether it is gathered offline or online.”

Internet companies believe all Americans should have the ability to access, correct, delete, and download the data they provide to companies.

Americans will benefit most from a federal approach to privacy – as opposed to a patchwork of state laws – that protects their privacy regardless of where they live. If someone in New York is video chatting with their grandmother in Florida, they should both benefit from the same privacy protections.

It’s also important to consider that all companies – both online and offline – use and collect data. Any national privacy framework should provide the same protections for people’s data across industries, regardless of whether it is gathered offline or online.

Two other important pieces of any federal privacy law include user expectations and the context in which data is shared with third parties. Expectations may vary based on a person’s relationship with a company, the service they expect to receive, and the sensitivity of the data they’re sharing. For example, you expect a car rental company to be able to track the location of the rented vehicle that doesn’t get returned. You don’t expect the car rental company to track your real-time location and sell that data to the highest bidder. Additionally, the same piece of data can have different sensitivities depending on the context in which it’s used or shared. For example, your name on a business card may not be as sensitive as your name on the sign in sheet at an addiction support group meeting.

This is a unique time in Washington as there is bipartisan support in both chambers of Congress as well as in the administration for a federal privacy law. Our industry is committed to working with policymakers and other stakeholders to find an American approach to privacy that protects individuals’ privacy and allows companies to innovate and develop products people love.


Johnny Ryan

Dr. Johnny Ryan FRHistS is Chief Policy & Industry Relations Officer at Brave. His previous roles include Head of Ecosystem at PageFair, and Chief Innovation Officer of The Irish Times. He has a PhD from the University of Cambridge, and is a Fellow of the Royal Historical Society.

Tech companies will probably have to adapt to two privacy trends.

“As lawmakers and regulators in Europe and in the United States start to think of “purpose specification” as a tool for anti-trust enforcement, tech giants should beware.”

First, the GDPR is emerging as a de facto international standard.

In the coming years, the application of GDPR-like laws for commercial use of consumers’ personal data in the EU, Britain (post-EU), Japan, India, Brazil, South Korea, Malaysia, Argentina, and China will bring more than half of global GDP under a similar standard.

Whether this emerging standard helps or harms United States firms will be determined by whether the United States enacts and actively enforces robust federal privacy laws. Unless there is a federal GDPR-like law in the United States, there may be a degree of friction and the potential of isolation for United States companies.

However, there is an opportunity in this trend. The United States can assume the global lead by doing two things. First, enact a federal law that borrows from the GDPR, including a comprehensive definition of “personal data”, and robust “purpose specification”. Second, invest in world-leading regulation that pursues test cases, and defines practical standards. Cutting edge enforcement of common principles-based standards is de facto leadership.

Second, privacy and antitrust law are moving closer to each other, and might squeeze big tech companies very tightly indeed.

Big tech companies “cross-use” user data from one part of their business to prop up others. The result is that a company can leverage all the personal information accumulated from its users in one line of business, and for one purpose, to dominate other lines of business too.

This is likely to have anti-competitive effects. Rather than competing on the merits, the company can enjoy the unfair advantage of massive network effects even though it may be starting from scratch in a new line of business. This stifles competition and hurts innovation and consumer choice.

Antitrust authorities in other jurisdictions have addressed this. In 2015, the Belgian National Lottery was fined for re-using personal information acquired through its monopoly for a different, and incompatible, line of business.

As lawmakers and regulators in Europe and in the United States start to think of “purpose specification” as a tool for anti-trust enforcement, tech giants should beware.


John Miller

John Miller is the VP for Global Policy and Law at the Information Technology Industry Council (ITI), a D.C. based advocate group for the high tech sector.  Miller leads ITI’s work on cybersecurity, privacy, surveillance, and other technology and digital policy issues.

Data has long been the lifeblood of innovation. And protecting that data remains a priority for individuals, companies and governments alike. However, as times change and innovation progresses at a rapid rate, it’s clear the laws protecting consumers’ data and privacy must evolve as well.

“Data has long been the lifeblood of innovation. And protecting that data remains a priority for individuals, companies and governments alike.”

As the global regulatory landscape shifts, there is now widespread agreement among business, government, and consumers that we must modernize our privacy laws, and create an approach to protecting consumer privacy that works in today’s data-driven reality, while still delivering the innovations consumers and businesses demand.

More and more, lawmakers and stakeholders acknowledge that an effective privacy regime provides meaningful privacy protections for consumers regardless of where they live. Approaches, like the framework ITI released last fall, must offer an interoperable solution that can serve as a model for governments worldwide, providing an alternative to a patchwork of laws that could create confusion and uncertainty over what protections individuals have.

Companies are also increasingly aware of the critical role they play in protecting privacy. Looking ahead, the tech industry will continue to develop mechanisms to hold us accountable, including recommendations that any privacy law mandate companies identify, monitor, and document uses of known personal data, while ensuring the existence of meaningful enforcement mechanisms.


Nuala O’Connor

Nuala O’Connor is president and CEO of the Center for Democracy & Technology, a global nonprofit committed to the advancement of digital human rights and civil liberties, including privacy, freedom of expression, and human agency. O’Connor has served in a number of presidentially appointed positions, including as the first statutorily mandated chief privacy officer in U.S. federal government when she served at the U.S. Department of Homeland Security. O’Connor has held senior corporate leadership positions on privacy, data, and customer trust at Amazon, General Electric, and DoubleClick. She has practiced at several global law firms including Sidley Austin and Venable. She is an advocate for the use of data and internet-enabled technologies to improve equity and amplify marginalized voices.

For too long, Americans’ digital privacy has varied widely, depending on the technologies and services we use, the companies that provide those services, and our capacity to navigate confusing notices and settings.

“Americans deserve comprehensive protections for personal information – protections that can’t be signed, or check-boxed, away.”

We are burdened with trying to make informed choices that align with our personal privacy preferences on hundreds of devices and thousands of apps, and reading and parsing as many different policies and settings. No individual has the time nor capacity to manage their privacy in this way, nor is it a good use of time in our increasingly busy lives. These notices and choices and checkboxes have become privacy theater, but not privacy reality.

In 2019, the legal landscape for data privacy is changing, and so is the public perception of how companies handle data. As more information comes to light about the effects of companies’ data practices and myriad stewardship missteps, Americans are surprised and shocked about what they’re learning. They’re increasingly paying attention, and questioning why they are still overburdened and unprotected. And with intensifying scrutiny by the media, as well as state and local lawmakers, companies are recognizing the need for a clear and nationally consistent set of rules.

Personal privacy is the cornerstone of the digital future people want. Americans deserve comprehensive protections for personal information – protections that can’t be signed, or check-boxed, away. The Center for Democracy & Technology wants to help craft those legal principles to solidify Americans’ digital privacy rights for the first time.


Chris Baker

Chris Baker is Senior Vice President and General Manager of EMEA at Box.

Last year saw data privacy hit the headlines as businesses and consumers alike were forced to navigate the implementation of GDPR. But it’s far from over.

“…customers will have trust in a business when they are given more control over how their data is used and processed”

2019 will be the year that the rest of the world catches up to the legislative example set by Europe, as similar data regulations come to the forefront. Organizations must ensure they are compliant with regional data privacy regulations, and more GDPR-like policies will start to have an impact. This can present a headache when it comes to data management, especially if you’re operating internationally. However, customers will have trust in a business when they are given more control over how their data is used and processed, and customers can rest assured knowing that no matter where they are in the world, businesses must meet the highest bar possible when it comes to data security.

Starting with the U.S., 2019 will see larger corporations opt-in to GDPR to support global business practices. At the same time, local data regulators will lift large sections of the EU legislative framework and implement these rules in their own countries. 2018 was the year of GDPR in Europe, and 2019 be the year of GDPR globally.


Christopher Wolf

Christopher Wolf is the Founder and Chair of the Future of Privacy Forum think tank, and is senior counsel at Hogan Lovells focusing on internet law, privacy and data protection policy.

With the EU GDPR in effect since last May (setting a standard other nations are emulating),

“Regardless of the outcome of the debate over a new federal privacy law, the issue of the privacy and protection of personal data is unlikely to recede.”

with the adoption of a highly-regulatory and broadly-applicable state privacy law in California last Summer (and similar laws adopted or proposed in other states), and with intense focus on the data collection and sharing practices of large tech companies, the time may have come where Congress will adopt a comprehensive federal privacy law. Complicating the adoption of a federal law will be the issue of preemption of state laws and what to do with the highly-developed sectoral laws like HIPPA and Gramm-Leach-Bliley. Also to be determined is the expansion of FTC regulatory powers. Regardless of the outcome of the debate over a new federal privacy law, the issue of the privacy and protection of personal data is unlikely to recede.

Aug
26
2018
--

Rebuilding employee philanthropy from the bottom up

In tech circles, it would be easy to assume that the world of high-impact charitable giving is a rich man’s game where deals are inked at exclusive black tie galas over fancy hors d’oeuvre. Both Mark Zuckerberg and Marc Benioff have donated to SF hospitals that now bear their names. Gordon Moore has given away $5B – including $600M to Caltech – which was the largest donation to a university at the time. And of course, Bill Gates has already donated $27B to every cause imaginable (and co-founded The Giving Pledge, a consortium of billionaires pledging to donate most of their net worth to charity by the end of their lifetime.)

For Bill, that means he has about $90B left to give.

For the average working American, this world of concierge giving is out of reach, both in check size, and the army of consultants, lawyers and PR strategists that come with it. It seems that in order to do good, you must first do well. Very well.

Bright Funds is looking to change that. Founded in 2012, this SF-based startup is looking to democratize concierge giving to every individual so they “can give with the same effectiveness as Bill and Melinda Gates.” They are doing to philanthropy what Vanguard and Wealthfront have done for asset management for retail investors.

In particular, they are looking to unlock dollars from the underutilized corporate benefit of matching funds for donations, which according to Bright Funds is offered by over 60% of medium to large enterprises, but only used by 13% of employees at these companies. The need for such a service is clear — these programs are cumbersome, transactional, and often offline. Make a donation, submit a receipt, and wait for it to churn through the bureaucratic machine of accounting and finance before matching funds show up weeks later.

Bright Funds is looking to make your company’s matching funds benefit as accessible and important to you as your free lunches or massages. Plus, Bright Funds charges companies per seat, along with a transaction fee to cover the cost of payment processing, sparing employees any expense.

It’s a model that is working. According to Bright Fund’s CEO Ty Walrod, Bright Funds customers see on average a 40% year-over-year increase in funds donated through the platform. More importantly, Bright Funds not only transforms an employee’s relationship to personal philanthropy, but also to the company they work for.

Grassroots Giving

This model of bottoms-up giving is a welcome change from the big foundation model which has recently been rocked by scandal. The Silicon Valley Community Foundation was the go-to foundation for The Who’s Who of Silicon Valley elite. It rode the latest tech boom to become the largest community foundation in eleven short years with generous stock donations from donors like Mark Zuckerberg ($1.8 billion), GoPro’s Nicholas Woodman ($500 million), and WhatsApp co-founder Jan Koum ($566 million). Today, at $13.5 billion, it surpasses the 80+ year old Ford Foundation in endowment size.

However, earlier this year, their star fundraiser Mari Ellen Loijens (credited with raising $8.3B of the $13.5B) was accused of repeatedly bullying and sexually harassing coworkers, allegations that the Foundation had “known about for years” but failed to act upon. In 2017, a similar case occurred when USC’s star fundraiser David Carrera  stepped down on charges of sexual harassment after leading the university’s historic $6 billion fundraising campaign.

While large foundations and endowments do important work, their structure relies too much on whale hunting for big checks, giving an inordinate amount of power to the hands of a small group of talented fund raisers.

This stands in contrast to Bright Funds’ ethos — to lead a grassroots movement in empowering individual employees to make their dollar of giving count.

Rebuilding charitable giving for the platform age

Bright Funds is the latest iteration of a lineup of workplace giving platforms. MicroEdge and Cybergrants paved the way in the 80s and 90s by digitizing the giving experience, but was mainly on-premise, and lacked a focus on user experience. Benevity and YourCause arrived in 2007 to bring workplace giving to the cloud, but they were still not turnkey solutions that could be easily implemented.

Bright Funds started as a consumer platform, and has retained that heritage in its approach to product design, aiming to reduce friction for both employee and company adoption. This is why many of their first customers were midsized tech startups with limited resources and looking for a turnkey solution, including Eventbrite, Box, Github, and Contently . They are now finding their way upmarket into larger, more established enterprises like Cisco, VMWare, Campbell’s Soup Company, and Sunpower.

Bright Funds approach to product has brought a number of innovations to this space.

The first is the concept of a cause-focused “fund.” Similar to a mutual fund or ETF, these funds are portfolios of nonprofits curated by subject-matter experts tailored to a specific cause area (e.g. conservation, education, poverty, etc.). This solves one of the chief concerns of any donor — is my dollar being put to good use towards the causes I care about? Passionate about conservation? Invest with Jim Leape from the Stanford Woods Institute for the Environment, who brings over three decades of conservation experience in choosing the six nonprofits in Bright Fund’s conservation portfolio. This same expertise is available across a number of cause areas.

Additionally, funds can also be created by companies or employees. This has proven to be an important rallying point for emergency relief during natural disasters, where employees at companies can collectively assemble a list of nonprofits to donate to. In 2017, Cisco employees donated $1.8 million (including company matching) through Bright Funds to Hurricanes Harvey, Maria, and Irma as well as the central Mexico earthquakes, the current flooding in India and many more.

The second key feature of their product is the impact timeline, a central news feed to understand where your dollars are going across all your cause areas. This transforms giving from a black box transaction to an ongoing dialogue between you and your charities.

Lastly, Bright Funds wants to take away all the administrative burden that might come with giving and volunteering — everything from tracking your volunteer opportunities and hours, to one-click tax reporting across all your charitable donations. In short, no more shoeboxes of receipts to process through in April.

Doing good & doing well

Although Bright Funds is focused on transforming the individual giving experience, it’s paying customer at the end of the day is the enterprise.

And although it is philanthropic in nature, Bright Funds is not exempt from the procurement gauntlet that every enterprise software startup faces — what’s in it for the customer? What impact does workplace giving and volunteering have on culture and the bottom line?

To this end, there is evidence to show that corporate social responsibility has a an impact on recruiting the next generation of workers. A study by Horizon Media found that 81% of millennials expect their companies to be good corporate citizens. A separate 2015 study found that 62% of millennials said they’d take a pay cut to work for a company that’s socially responsible.

Box, one of Bright Fund’s early customers, has seen this impact on recruiting firsthand (disclosure: Box is one of my former employers). Like most tech companies competing for talent in the Valley, Box used to give out lucrative bonuses for candidate referrals. They recently switched to giving out $500 in Bright Funds gift credit. Instead of seeing employee referrals dip, Box saw referrals “skyrocket,” according to Box.org Executive Director Bryan Breckenridge. This program has now become “one of the most cherished cultural traditions at Box,” he said.

Additionally, like any corporate benefit, there should be metrics tied to employee retention. Benevity released a study of 2 million employees across 118 companies on their platform that showed a 57% reduction in turnover for employees engaged in corporate giving or volunteering efforts. VMware, one of Bright Fund’s customers, has seen an astonishing 82% of their 22,000 employees participate in their Citizen Philanthropy program of giving and volunteering, according to VMware Foundation Director Jessa Chin. Their full-time voluntary turnover rate (8%) is well below the software industry average of 13.2%.

Towards a Brighter Future

Bright Funds still has a lot of work to do. CEO Walrod says that one of his top priorities is to expand the platform beyond US charities, finding ways to evaluate and incorporate international nonprofits.

They have also not given up their dream of becoming a truly consumer platform, perhaps one day competing in the world of donor-advised funds, which today is largely dominated by big names like Fidelity and Schwab who house over $85B of assets. In the short term, Walrod wants to make every Bright Funds account similar to a 401K account. It goes wherever you work, and is a lasting record of the causes you care about, and the time and resources you’ve invested in them.

Whether the impetus is altruism around giving or something more utilitarian like retention, companies are increasingly realizing that their employees represent a charitable force that can be harnessed for the greater good. Bright Funds has more work to do like any startup, but it is empowering the next set of donors who can give with the same effectiveness as Gates, and one day, at the same scale as him as well.

Sep
01
2017
--

Dell Foundation pledges $36 million to Harvey relief effort

 Michael and Susan Dell have doubled down on the tech industry’s commitment to bail out Texas as it recovers from Hurricane Harvey. The couple pledged a whopping $36 million to the effort through their foundation today. The money, which represents the largest single contribution to date for the disaster, comes in the form of an $18 million seed contribution, followed by a dollar… Read More

Dec
20
2016
--

Google.org donates $30 million to help nonprofits buy the tech they need

google_2016_holiday_giving Google.org is donating $30 million to non-profits this holiday so that they can buy any tech and related services that they need including hardware, software, training and IT maintenance or repair services. Earlier this month, reports leaked that Google had donated money earmarked for employees’ Christmas gifts to charity instead this year. It’s true that the company made… Read More

May
20
2016
--

The Europas — It’s time for a different kind of tech conference

awards3 (1) Let’s face it. Some tech conferences have lost their way. While TechCrunch Disrupt remains a firmly curated, media-driven, event, with hundreds of journalists attending, a couple of other conferences have really gone for scale. A minimum of 15,000 people, thousands of companies, echoing halls — and a lot of investors (and journalists) turning their badges around so they don’t… Read More

May
27
2015
--

Speakers At The Europas Conference And Awards Reflect Europe’s Diversity, June 16, London

awards16 (1) The Europas Conference & Awards for European Tech Startups, on June 16 in London, is an annual celebration of Europe’s brightest tech companies. From a small bar in central London in 2009, it’s become a fixture of the European scene, with its highly curated daytime speakers and audience, which combines the key startup players in Europe, as well as the hottest newcomers,… Read More

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com