“Techlash” may seem like a buzzword, but the concept it represents is much weightier — particularly for online businesses and ecommerce enterprises, and its effects have already begun to reverberate across the internet.
1. What is Techlash?
Techlash — a portmanteau of “technology” and “backlash,” was born out of the widely publicized missteps of giant tech companies (Facebook and Google being two of the more egregious offenders). However, its roots run deeper than that.
Techlash is a societal reaction that’s been building for years — one that’s embodied by a growing awareness of how the technology we use daily is being used against us in many ways. Stories about Amazon’s Alexa listening in on our conversations, Facebook allowing Russia to manipulate the 2016 election, and Netflix’s CEO stating their biggest competition is sleep continue to accumulate, and people aren’t amused.
Consumers are simply more and more conscious of how the companies behind their favorite apps and devices are not their friends, and are certainly not looking out for their best interests. As a result, public and governmental scrutiny of technology companies has never been higher. Unfortunately for those of you operating a small business online, catching flak from this situation is inevitable.
If you’d like to survive and grow as we continue forward into the 21st century, it’s key you gain and maintain the trust of your users. Here are three ways to help your business realize these goals, so you can reduce the impact of techlash, and build up a reputation as a trustworthy company.
2. Make Your Policies Transparent and Easily Accessible
- Easy to read and understand
- Honest and detailed
- Readily available
A big part of making your policies digestible for the average reader is to use simple language. For instance, spell things out clearly with examples, create terms and conditions using the clearest language possible, and be comprehensive without being overly-wordy.
Finally, to ensure this information is conveyed to all interested users, you must make your policies clearly visible. Placing them in the footer, sign-up forms, and at the point of sale is a good start. However, the best way to connect people with these details is bringing them to users’ attention using a consent banner.
- Explain how users can set their cookie preferences
- Inform them that by continued browsing or clicking “accept,” the user now agrees to the collection of cookies
3. Walk the Walk: “Privacy by Design”
Informing your user base of data practices by being transparent is definitely necessary, but if you still sell user data behind their backs or inappropriately use their information, you’re going to upset them (see: recent Facebook privacy debacle).
If you really want to establish your business as one that cares about safeguarding the data of its users at all costs, you must implement Privacy by Design GDPR (PbD). In other words, rather than reacting to problems as they happen, you should have a system in place that detects and handles these issues before they even occur. There are seven tenets of PbD that you should be aware of as a business owner:
1. Privacy Should be Proactive, Not Reactive
As mentioned earlier, preemptively addressing issues so you can quickly handle them if and when they occur is the core principle of Privacy by Design. Looking ahead and creating a website / product that integrates privacy into its very foundation is a tall order, but it’s one that is going to protect your business and your users in the long run.
2. Privacy Must be The Default Setting
You should not be collecting user data until you obtain consent (if you’re ever confused make sure to review GDPR consent examples ). The privacy of everyone who lands on your website should be protected at the highest level possible, and only gathered and stored at their behest.
3. Privacy Should be Embedded into the Design
Similar to being proactive, privacy should be considered at all phases of product and website development. Don’t sacrifice it for the sake of enhancing another facet of your business (whatever that may be).
For instance, if neglecting user privacy would allow you to speed up your site substantially, don’t do it. It might benefit your business temporarily, but could land you in legal trouble and create bad blood with your user-base.
4. Privacy Integrations Must be Fully Functional (positive sum, not zero sum)
There should never be a situation where you tell your users “if you don’t give us your data, your security will be at risk.” Privacy and security go hand in hand — implement them together, and don’t make them mutually exclusive.
5. Protect Data for its Entire Life Cycle
From the moment you start to collect user data to the point it’s removed from your system, it should be protected to the utmost of your system’s capabilities. It needs to be responsibly and legally used as well.
6. Privacy Must be Visible and Transparent
7. Privacy Must be Prioritized
Before you take actions to collect or record anything a user does or submits on your website, you should inform them. Their right to their own personal information supersedes your right to gather their data.
To sum that all up, if your goal is to truly implement Privacy by Design, you need to combine privacy-aware website development with transparent business practices. User data should be collected on a need-only basis, and even then, you must inform them of what you’re doing.
However, you could be completely on top of PbD and still lose all of your credibility if you allow user data to be stolen (Equifax) or sell it to others (especially where it was then mishandled, a la Facebook).
DPIAs & Updating Your Plugins
That’s where website development and security plays a role. Being able to securely take user data, process it, and eventually delete it without letting it slip from your system must be an operational step of your business’s decision making process. To execute this, it’s crucial to get management, developers, and engineers together and launch a data protection impact assessment (DPIA). Getting everyone on the same page is the best way to ensure you cover all your bases.
As simple as that sounds, making sure your third party services are up to date is a huge part of maintaining a secure site. There’s a reason these companies are constantly pushing out new versions of their products — they find vulnerabilities and fix them (ideally, before they are exploited). By not staying on top of your updates, you’re leaving your site and your users’ data at risk.
Do More with Less Data
It’s a simple equation: the more data you collect, the more dangerous it becomes to store it. Keep this in mind when you start collecting the data of your users.
Plus, there are different types of data you can collect, and certain types are regulated to a greater extent due to the GDPR (and the CCPA in California). For instance, “sensitive personal data,” which includes details about users’ sex life/health, biometric data, political beliefs, religion and ethnicity, is regulated more severely than “personal data” (name, email, location, bank info, ID numbers, pins and IP addresses). Think carefully before you start haphazardly accumulating user information, because it could get you in trouble later on.
This doesn’t mean you need to give up on data processing, but it’s important to be aware of how your website and business does so. A nice balance is implementing a trusted third party tool like Google Analytics, which can help you glean valuable demographic data about your user-base without getting you into legal trouble.
4. Keep on Top of the Legal Landscape
Privacy and data security have never been more at the forefront of online business than they are today. The past several years have seen some big changes in the way businesses approach data collection — not just because of legislation in the EU and in the US, but also due to the major slip-ups of highly visible tech companies.
As we move further into the digital age, privacy and data protection will continue to get more and more attention from governments around the world. Europe was the first to act in a huge way with their 2018 General Data Protection Regulation (a follow-up to the 1996 Data Protection Directive), but the US is now on a similar trajectory, with California passing its own formidable privacy protection law (CCPA).
Thanks to the repeal of federal privacy legislation in 2017 that would have allowed the FCC to closely regulate how internet providers use customer information, many states around the US took (and are taking) measures into their own hands — and not just California. Making sure you’re aware of the newest laws that apply to your particular company is a must, because they’re coming out at a faster rate than in the past.
Conclusion: Prepare & Prosper
While “techlash” has certain sinister undertones, it’s not a word to fear — if you’re prepared. Being cognizant of your customers and their concerns over the way their data is processed and stored sounds like common business sense, but now that it’s legally mandated, it’s definitely time to buy in.
Techlash, in the end, should end up being an overall positive for companies going forward. It encourages honest business practices, transparency, and puts the power of data back in the hands of consumers (where it belongs). Happy consumers mean more sales. If you build privacy into your platform, and then pair it with a proactive approach to security and data collection, you’ll be prepared to not only weather the techlash storm, but to thrive afterwards.