Startups Adapt to Shifting Privacy Standards
This post is the latest in our “Pursuing Privacy” series. It’s our editorial focus for the month of June, including topics like location data and ad targeting. See the rest of the series here.
Two steps forward, one step back. That’s what it can feel like to be a technology provider in the location marketing space right now, struggling to strike a balance between the demands of brand marketers and growing concerns over consumer privacy and data regulation.
That push and pull is challenging vendors in the location marketing space. At the same time their firms should be seeing exponential growth, data regulations—including the European Union’s General Data Protection Regulation (GDPR) and California’s forthcoming Consumer Privacy Act (CCPA)—are establishing new rules for innovation.
Trade associations and lobbyists representing some of the largest players in the technology space, including Facebook, Amazon, Apple, and Google, are quietly backing legislation designed to amend the CCPA and weaken the latest round of privacy laws. But because of their massive size and deep pockets, those same companies are feeling less of an impact from the regulations compared to smaller players. Fines and penalties from GDPR cut more deeply at startups that don’t have the war chests of Facebook and Google.
Companies that violate GDPR rules by using user data without explicit permission face fines of up to $22.3 million or 4% of global revenues. Although Google has faced fines from French regulators, the vast majority of GDPR warnings have been given out to smaller firms.
At companies like Ubimo, which specializes in location intelligence technology, there’s a deep interest in building privacy into the platform. There’s also an understanding that the goalposts marking what is acceptable and what is not will continue to move until a final version of the CCPA is approved.
“Naturally, we are following the updates and debates around CCPA and working to prepare for compliance once the final version is approved,” says Ubimo CEO Ran Ben-Yair. “As there are still some questions around some of the details, we currently focus on making sure our policies and guidelines are up to date.”
In an effort to protect personal information, Ben-Yair says Ubimo has made the decision to never share raw location data and to only provide insights based on several hundred devices. Clients can see foot traffic trends across venues and locations but only when there are enough device IDs to populate the trend. On the Ubimo platform, clients can’t dissect or trace any individual device ID or connect any private information, such as email addresses or home addresses.
While limiting in some ways, the new privacy standards also have an upside. According to Ben-Yair, changes in the U.S. market, combined with GDPR efforts in Europe, are actually making it easier for some companies to operate in the location data space.
“They enable us to have clear guidelines on how to operate and to find the right partners and data providers that meet those standards,” he says.
Privacy in AI
In the AI space, there is concern that regulation of data use may impact technical advances. As regulations mount in the U.S. and Europe, artificial intelligence startups say they may fall behind rival companies in countries like China.
The creation of overarching federal legislation, which would supersede state-by-state rules on data privacy, is one step that some Silicon Valley insiders see as a solution. The possibility that 50 unique state regulations could one day govern how technology providers handle user data would wreak havoc on the industry. It would be an administrative and liability nightmare.
While tech startups wait for federal regulations to move forward, they’re practicing self-regulation. At Athena Security, an AI security camera startup, co-founder Chris Ciabarra sees it as the industry’s responsibility to understand the privacy concerns of citizens and business owners and to take strides to make sure that all their bases are covered before bringing new solutions to market.
“I think Google said it best when they first started growing: ‘Don’t be evil.’ The core AI brain that powers Athena Security is just scratching the surface of what it’s capable of to mitigate crime and save lives, but the roadmap is also full of evil potholes that we’ll need to size up and take the right course,” Ciabarra says. “With great power comes great responsibility, and since we got into this business to help humanity, we’re excited to be on the right side of the tracks when it comes to the future and potential of AI.”
According to a survey by Winterberry Group and the Interactive Advertising Bureau, government regulation (and the threat of regulation) is the top obstacle threatening upcoming data projects, topping siloed organizational structure and difficulty in proving ROI for data-driven programs.
New Beginnings
Evolving privacy regulations present challenges for some AI and location marketing firms, but they’re also opening the door to new opportunities.
In the wake of GDPR’s passage, new industries have been born. Consent management platforms (CMPs) are being developed to make it easier for digital publishers to collect user consent and ensure compliance with GDPR and other regulations. Just last month, the offline consumer intelligence and measurement company Cuebiq launched its own market-first solution to enable users, partners, and customers to request third-party audits to verify data provenance and user consent.
“In addition to the moral and ethical implications of user privacy driving our efforts, we also recognize that for brands, agencies, and publishers, the privacy compliance of its data partners is becoming a business issue,” says Antonio Tomarchio, Cuebiq’s CEO and founder.
Privacy-focused data marketplaces have also popped up to deal with demands from consumers who want access to their own user data. Killi, for example, is a mobile app that consumers can use to trade certain pieces of their personal information with brands in exchange for compensation.
New regulations are creating a space for startups to enter the market, but they’re also making it harder for some legacy firms to operate. Many companies will need to invest time and resources into shifting into legally compliant privacy positions in the coming years, and some may not survive the transition.
“In this evolving landscape, a number of players in the space will find their business models and approaches under fire and difficult to maintain in their current form,” Tomarchio says.
At Athena Security, Ciabarra says there has always been an emphasis on being socially responsible during the company’s and product’s growth trajectory. That focus on social responsibility means that Ciabarra hasn’t had to change major parts of his company’s platform in light of new regulations. However, he says the public discussion around privacy and user data that’s taking place means his company has to do a better job of educating customers and making sure they understand what’s happening with their information.
“We don’t need to overstep in order to achieve the weapon and crime mitigating services our product delivers,” he says. “We’re looking for guns and crime to trigger an instant alert and action; we don’t need personal info to do that.”
Stephanie Miles is a senior editor at Street Fight.
