Powering innovation through responsible data management

The importance and pervasiveness of data-driven technologies in our lives has increased dramatically, as has the need to get a handle on how consumer data is used. It is time for the industry to rise to the moment and lead.

The perceived divergence in corporate and consumer interests has largely defined the global privacy discussion. Long before the recent firestorm of bad apps, bad actors, and data breaches, the European Union (EU) created a framework to govern data use rooted in the “fundamental right to privacy.” The resulting General Data Protection Regulation (GDPR) leaves many questions unanswered, but the EU’s vision is a worthy example. A global privacy framework that once seemed too unwieldy now appears optimal.

But first, we must acknowledge — and reject — the false choice between industry’s investment in privacy on one hand and innovation on the other. We can have both. In fact, we can’t have one without the other.

For the better part of a year, the Data Catalyst Institute has gathered developers of all sizes and types from around the world to better understand how developers can meet rising expectations for data protection. These developers discussed barriers to improving data practices and how to overcome them — including who should be accountable if and when something goes wrong.

Developers of applications that run on larger platforms identified the application layer — where their products live — as the greatest risk of data misuse. They cited a lack of resources, experience, and information as contributors to poor data management choices. They acknowledged that developers share responsibility for applications’ data misuse, but also recognized — as the Federal Trade Commission (FTC) recently found with regard to Facebook — that platforms have a critical responsibility to police applications.

The world’s leading platforms are the only ones that can fix this problem, and they should. The circumstance of each platform is different, but each has the resources, the responsibility, and — with the FTC’s recent order — guidance to do better.

The FTC’s settlement with Facebook included a directive that the company improve oversight and management of its diverse, disparate, and fluid developer community. How Facebook achieves this goal will be closely watched, but they should not go it alone. The relationship between platforms and developers is similar to a traditional supply chain. Like any chain, it is only as strong as its weakest link. Data misuse, mismanagement, and malfeasance at any level is felt at every level. The FTC’s Order is an opportunity for platforms to lead the development of scalable data policies.

To meet the potential of the moment, the industry as a whole should empower an organization that can enforce the collective standards of the industry while bridging the gap between service agreements and government enforcement. Establishing an industry watchdog with the authority to monitor, intervene, and mediate data misuse at the application layer would be a critical step toward self-policing and public-private co-regulation.

It’s time for the data-driven industry to mature, particularly as platforms work to empower users through increased data portability. Establishing guidelines and codifying best practices is a necessary step in the transition from a nascent, innovation-driven explosion of services and products to a trusted, foundational part of modern life.

A code of conduct or certification program, supported by platforms, welcomed by developers, and respected by users would improve data practices globally, particularly among third party developers who often pose an outsized risk of data mismanagement. To reasonably support a code of conduct and empower an industry watchdog, companies must invest in the oversight, education, and management that goes beyond “their” developers.

Technology leaders must commit to the same level of innovation in privacy policy creation as they do to the development of products and services.

Now is the time to forge a responsible path forward that places user privacy at the center of data practices. It won’t be easy for the world’s leading platforms to spend the time, money, and innovation capital necessary to bridge the gap between the world’s regulatory jurisdictions or address the differences from one platform to the other. But it is what is required.

Leaders always bear the weight of expectation and the responsibility to choose the correct path. Today’s digital services and technology industry leaders are no exception.

Peter Cherukuri is the Executive Director of the Data Catalyst Institute, a non-profit organization — funded in part by Facebook, Google, Charles Koch Institute and a number of universities — that works to inform and shape data policy and to improve data practices. Cherukuri previously served in senior executive roles in media companies including POLITICO, Huffington Post and the Economist Group. Follow him on Twitter @petercherukuri