Think the internet has transformed business? Well last year only 12% of retail sales were made online* globally. According to Jose Belo, Data Protection and Privacy Senior Consultant at Exigo Luxembourg, a lack of trust is holding back progress but a combination of technology and regulation is making a breakthrough.
“Some see GDPR [the EU’s General Data Protection Regulation] as a protectionist measure. In a way it is, but ultimately it will help inject trust into the system,” Mr Belo said. Embedding the regulation into new technologies and systems enables privacy by design and by default. This means that clients and partners can be confident their data will be treated with care and in confidence, thus encouraging them to trust online retailers and service providers. “Privacy, data protection and privacy by design are essential for startups and established companies to continue their path towards innovation,” he added.
That said there are serious challenges in a world seeking to grapple with the potential of artificial intelligence and blockchain. It is an unresolved question how the open, distributed nature of blockchain can be reconciled with GDPR, a regulation that was designed to deal with a world of centralised databases and their related, often closed networks. Yet it is the openness and unbreakability of distributed ledgers is what enables them to be trusted by all users.
Similarly with AI, we are now in a world where algorithms can teach themselves chess and within weeks are beating the best human-programmed systems. The potential data protection challenges are enormous. Also, there’s no question that legacy systems with programming languages from previous generations will come increasingly under the spotlight.
“This is the point of GDPR. It’s not about compliance its about helping the industry and the wider market work together to build innovative, resilient systems,” said Mr Belo. For example, open banking, as enshrined in the second payment services directive (PSD2), offers the prospect of clients having access to an unlimited, exciting range of new financial services.
However these will only gain wide public acceptance if there are assurances around data privacy and secure digital communication. “Contractual consent is at the centre of PSD2, as people need to allow the sharing and processing of their data in a seamless, highly trusted fashion. These questions need to be addressed at a fundamental level when solutions are being designed and implemented,” Mr Belo added.
However sometimes is is not possible to arrive at legally clear solutions as regards data protection due to the nature of the technology being used. There have been attempts to use a principles-based approach but these have their limits. So business and developers have to demonstrate good faith and clear, effective communication with clients, partners and regulators.
Mr Belo sees trust between companies and customers as the only solution to stimulate the potential growth in online service providers. “If businesses want to grow online, technology and regulation can help to find a balance between innovation and regulation through trust,” he said.