In an age of extensive customer tracking, deeply personalized digital experiences, and endless cookies, data privacy and ethical data practices have become hot button topics. That’s unsurprising, given the fact that “data harvested from personal devices… now provides the foundation for some of the world’s largest companies,” as the Harvard Business Review notes.

Data, in many respects, is the new oil; and companies all around the world, from the largest corporations to small businesses and startups, are exploiting user-generated data to mine insights and shape innovation. Unfortunately, this commercialization of user data has created less than ideal conditions where businesses exploit personal data without regard for the interests or privacy of data subjects.

While individuals, governments and businesses themselves are now waking up to the importance of safe and respectful data practices, the field of data privacy is still a developing one. The EU’s General Data Protection Regulations (GDPR), which is the most prominent legislation governing data privacy, only entered into force in 2018 and most countries around the world are still fleshing out their data privacy laws.

As a result, it’s worth asking if data privacy is developing in the way it should — with primary focus on the rights of data subjects — and what the future holds for the discipline.

what_is_the_future_of_data_privacy_seref_dogan_erbek_2

The age of surveillance capitalism

To put in context where we’re coming from and hopefully create a framework for evaluation of the present and future, I think it’s useful to discuss a little bit what Shoshana Zuboff described as surveillance capitalism.

According to Zuboff, surveillance capitalism is “an economic system built on the secret extraction and manipulation of human data.” It is the monetization of personal data or data generated by and relating to individual users without the consent, notice, or sometimes approval of the users.

The term described an era where companies, using cleverly crafted terms and conditions, pilfered customer data and employed it to various ends without the informed understanding of their users and in ways that those users may not have approved of. Needless to say, this was less than ideal.

A new age of data privacy

A combination of factors have helped change and improve those less than ideal foundations. As authors Hossein Rahnama and Alex Pentland note in their article for the Harvard Business Review, business practices around data privacy are now being shaped by three forces: consumer mistrust, government action, and market competition.

Thanks to the selfless actions of civil society organizations and activists, consumers now have a better understanding of how businesses collect and use their data. They are also exercising rights which have been introduced by governments across the world, from the US to China and the EU, on subjects ranging from online privacy to regulating the use of AI.

Businesses are also modulating their behavior in response to user preferences and government regulations. For example, Apple introduced new features to its iOS which prevent apps from tracking users across platforms. Likewise, companies like Meta and TikTok have been forced to change their practices related to handling the data of teenagers, children and other users.

Consequently, we’re in a better place than we used to be when it concerns data privacy. But how does this bode for the future of safe data practices?

The future of data privacy

I think that, despite the improvements to data privacy practices, there’s still a long way to go in terms of safeguarding the rights of data subjects and encouraging ethical data practices by businesses.

Currently, there is still too sharp a focus on monetizing user data compared to efforts towards ensuring people have control over their data. While regulators are doing their part to compel ethical action from businesses, I fear there’s still too much focus on the largest corporations. Further down the food chain, it’s still an untamed landscape where many businesses don’t even know what data privacy means or how to respect the rights of their users. Perhaps most importantly, many data subjects still struggle to understand their own rights and the measures available to them to enforce those rights.