“Techlash” may seem like a buzzword, but the concept it represents is much weightier – particularly for online businesses and ecommerce enterprises, and its effects have already begun to reverberate across the internet.
- What Exactly is Techlash?
- Make Your Policies Transparent and Easily Accessible
Walk the Walk: “Privacy by Design”
- Privacy Should be Proactive, Not Reactive
- Privacy Must be The Default Setting
- Privacy Should be Embedded into the Design
- Privacy Integrations must be Fully Functional (positive sum, not zero sum)
- Protect Data for its Entire Life Cycle
- Privacy Must be Visible and Transparent
- Privacy Must be Prioritized
- Keep on Top of the Legal Landscape
- Conclusion: Prepare & Prosper
1. What Exactly is Techlash?
The portmanteau of “technology” and “backlash” was born out of the widely publicized missteps of giant tech companies (Facebook and Google being two of the more egregious offenders). However, its roots run deeper than that.
Techlash is a societal reaction that’s been building for years – one that’s embodied by a growing awareness of how the technology we use daily is being used against us in many ways. News about Amazon’s Alexa listening in on our conversations, Facebook allowing Russia to manipulate the 2016 election, and Netflix’s CEO stating their “biggest competition is sleep” continues to accumulate, and people aren’t amused.
Consumers are simply more and more conscious of how the companies behind their favorite apps and devices are not their friends, and are certainly not looking out for their best interests. As a result, public and governmental scrutiny of technology companies has never been higher. Unfortunately for those of you operating a small business online, catching flak from this situation is inevitable.
If you’d like to survive and grow as we continue forward into the 21st century, it’s key you gain and maintain the trust of your users. Here are three ways to help your business realize these goals, so you can reduce the impact of techlash and build up a reputation as a trustworthy company.
2. Make Your Policies Transparent and Easily Accessible
- Easy to read and understand
- Honest and detailed
- Readily available
If you plainly illustrate to your users how you’re using cookies, what data you’re collecting, and what you’re doing with it, then you’re already ahead of many other online businesses.
- Explain how users can set their cookie preferences
- Inform them that by continued browsing or clicking “accept”, the user now agrees to to the collection of cookies
3. Walk the Walk: “Privacy by Design”
Informing your user-base through transparency is definitely helpful, but if you still sell user data behind their backs or dishonestly utilize their information, you’re going to upset them (see: the most recent Facebook privacy debacle).
If you really want to establish your business as one that cares about safeguarding the data of its users at all costs, you must implement privacy by design (PbD). In other words, rather than reacting to problems as they happen, you should have a system in place that detects and handles these issues before they even occur. There are seven tenets of PbD that you should be aware of as a business owner:
1. Privacy Should be Proactive, Not Reactive
As mentioned earlier, preemptively addressing issues so you can quickly handle them if and when they occur is the core principle of privacy by design. Looking ahead and creating a website//product that integrates privacy into its very foundation is a tall order, but it’s one that is going to protect you and your users in the long run.
Setting up VPNs, putting up firewalls, and keeping third party plugins updated can all assist you on the path to greater data security.
2. Privacy Must be The Default Setting
You should not be collecting user data until you obtain consent (the GDPR has its own definition if you’re curious). The privacy of everyone who lands on your website should be protected at the highest level possible, and only gathered and stored at their behest.
3. Privacy Should be Embedded into the Design
Similar to the point about being proactive, privacy should be considered at all phases of product and website development. You must not sacrifice it for the sake of enhancing another facet of your business (whatever that may be).
For instance, if neglecting user privacy would allow you to speed up your site substantially, don’t do it. It might benefit your business temporarily, but could land you in legal trouble and create bad blood with your user-base.
4. Privacy Integrations must be Fully Functional (positive sum, not zero sum)
There should never be a situation where you tell your users “if you don’t give us your data, your security will be at risk.” Privacy and security go hand in hand – implement them together, and don’t make them mutually exclusive because they don’t need to be.
5. Protect Data for its Entire Life Cycle
From the moment you start to collect user data to the point it’s removed from your system, it must be protected to the utmost of your system’s capabilities. It needs to be responsibly and legally utilized as well.
6. Privacy Must be Visible and Transparent
7. Privacy Must be Prioritized
Before you take actions to collect or record anything a user does or submits on your website, you must inform them. Their right to their own personal information supersedes your right to gather their data.
To sum that all up, if your goal is to truly implement privacy by design, you need to combine privacy-aware website development with transparent business practices. User data should be collected on a need-only basis, and even then you must inform them of what you’re doing.
Make sure to be informative without being intrusive, or you’ll just end up annoying your customers!
However, you could be completely on top of PbD and still lose all of your credibility if you ever allowed user data to be stolen (Equifax) or sold it to others (especially where it was then mishandled, a la Facebook).
DPIAs & Updating Your Plugins
That’s where website development and security plays a role. Being able to securely take user data, process it, and eventually destroy it without letting it slip from your system must be an operational step of your business’s decision making process. To execute this, it’s crucial to get management, developers, and engineers together and launch a data protection impact assessment (DPIA). Getting everyone on the same page is the best way to ensure you cover all your bases.
And as simple as this sounds, making sure your third party services are up-to-date is a huge part of maintaining a secure site. There’s a reason these companies are constantly pushing out new versions of their products – they find vulnerabilities and fix them (ideally, before they are exploited). By not staying on top of your updates, you’re leaving yourself and your users at risk.
Do More with Less Data
It’s a simple equation: the more data you collect, the more dangerous it becomes to store it. Keep this in mind when you start collecting the data of your users.
Plus, there are different types of data you can collect, and certain types are regulated to a greater extent in Europe due to the GDPR (with the CCPA following suit soon in California). For instance, “sensitive data”, which includes details about users’ sex life/health, biometric data, political beliefs, religion and ethnicity, is regulated more severely than “personal data” (name, email, location, bank info, ID numbers, pins and IP addresses). Think carefully before you start haphazardly accumulating user information, because it could get you in trouble later on.
This doesn’t mean giving up on data processing either, but it’s important to be aware of how your website and business does so. A nice balance is implementing a trusted third party tool like Google Analytics, which can help you glean valuable demographic data about your user-base without getting you into legal trouble.
4. Keep on Top of the Legal Landscape
Privacy and data security have never been more at the forefront of online business than it currently stands today. The past several years have seen some big changes in the way businesses approach data collection – not just because of legislation in Europe and in the U.S., but also due to the major slip-ups of highly-visible tech companies (thus, the techlash). To quote the oft misunderstood Bob Dylan: “times, they are a changin’.”
As we move further into the digital age, privacy and data protection will continue to get more and more attention from governments around the world. Europe was the first to act in a huge way with their 2018 General Data Protection Regulation (a follow-up to the 1996 Data Protection Directive), but the U.S. seems to now be on a similar trajectory, with California passing its own formidable privacy protection law on June 28th of this year.
Thanks to the repeal of federal privacy legislation in 2017 that would have allowed the FCC to closely regulate how internet providers use customer information, many states around the U.S. took (and are taking) measures into their own hands – and not just California (although they’re definitely at the forefront). Making sure you’re aware of the newest laws that apply to your particular company is a must, because they’re coming out at a faster rate than in the past.
Conclusion: Prepare & Prosper
While “techlash” has certain sinister undertones, it’s not a word to fear if you’re prepared. Being cognizant of your customers and their concerns over the way their data is processed/stored sounds like common business sense, but now that it’s legally mandated it’s definitely time to buy in.
Techlash, in the end, should end up being an overall positive for companies going forward. It encourages honest business practices, transparency, and puts the power of data back in the hands of consumers (where it belongs). Happy consumers means more sales. If you build privacy into your platform and website, and then pair it with a proactive approach to security and data collection, you’ll be prepared to not only weather the techlash storm but to thrive afterwards as well.