The Regulation Cycle: Putting GDPR in Context

Just as regulations were needed for the auto industry to mature, regulations like GDPR help data-driven marketing to grow up.

May 25, 2018, the day tech companies have all braced for, has come and gone. The European Union now will enforce its General Data Protection Regulation, a landmark privacy framework. GDPR enshrines data privacy as a civil right, placing the individual’s choices over the business models and strategies of data-harvesting companies. For the B2B marketing world, GDPR introduces uncertainty about the future of data, the products we make with it, and the insights we glean from it. Can business continue as usual?

As a martech founder and proponent of an Insights Economy, I feel optimistic about GDPR. In fact, it may be a blessing in disguise for marketers.

In any industry where consumers face risks – automotive, financial, healthcare, foodstuffs, and so on – regulation is a balancing act, not a party ender. I’ll use the auto industry to describe the full cycle of regulation, since digital privacy has had only a partial cycle. Then we’ll see where GDPR fits and what it means for B2B marketing.

The Automobile Regulation Cycle

Disruption: A new industry emerged and disrupted life on a grand scale. In this story, Henry Ford’s Model T, introduced in 1908, disrupted travel with the first affordable automobile.

Too little control: The lack of regulation enabled quick innovation without safeguards. Between 1908 and the 1960s, there were few standards for vehicle safety, working conditions, and road construction in the automobile industry. The CDC reports that the death rate in automobiles declined from 18 per 100 million vehicle miles traveled (VMT) in 1925 to 1.7 per 100 million VMT in 1997.

Oops: The big three we know today – Ford, GM, and Chrysler – faced scrutiny over working conditions, which led to the auto unions, and safety, which spurred a response: Ralph Nader’s book Unsafe at Any Speed: The Designed-in Dangers of the American Automobile. The industry innovated faster than it could create proper protections, oversight, and governance. Nader’s book may have been the turning point.

Regulation: Regulators reacted to the Oops phase to protect the common good. The 1966 Highway Safety Act created the National Highway Safety Bureau, which we now know as the National Highway Traffic Safety Administration. They instituted rules for highway construction, vehicle design (including seat belts), traffic rules, and emissions (i.e., no more leaded fuel). In concordance with the mood, muscle cars peaked in the 1960s then went out of favor as regulation increased.

Balance: Automakers tussled with health, insurance, and consumer groups. A 1981 article in The New York Times portrays this as the norm – the way we might think of Facebook versus Congress news today. Vehicle-related deaths plunged, even as vehicle miles traveled increased. Automakers resisted new regulation because it raised costs. By the 1990s, the tension approached an equilibrium that is still acceptable to consumers, businesses, and regulators.

Next disruption: The race to driverless cars began in the 2010s. As Tesla, Uber, Google, and others race to be first, regulation is remarkably light. The first injuries and deaths involving autopiloted cars have happened as we near the “Too Little” stage in 2018.

Notice that this model has a happy plateau in Balance. Society gains an awesome technology, the automobile, and over the course of a century, we get a relatively safe, affordable transportation system. Arguably, these cycles don’t take a century anymore, depending on how you categorize technology (e.g., do personal computers and mobile phones belong in the same cycle or separate ones?).

Back to GDPR. To understand why it’s a blessing in disguise and how it could affect B2B marketers, let’s plug it into the cycle.

The Digital Privacy Regulation Cycle

Disruption: The invention of the World Wide Web in 1989 heralded a new era of communication and business. Digital data, a unit of information, became a commodity to exchange. After a false start in the early 2000s, the Dot-com Bubble, web technologies came into their own. Bubble survivors such as Google (1998), eBay (1995), and Amazon (1994) gained momentum, joined by LinkedIn (2002), Facebook (2004) and Twitter (2006).

In the B2B space, newcomers like Salesforce (1999) and Atlassian (2002) rose, not without stiff competition from Microsoft, Oracle, IBM, and other established IT players. Many web companies formed business models predicated on collecting and using various forms of personal data. Marketers became the biggest buyers of this data. 

Too little control: The web industry enjoyed over two decades with minimal regulation. By the 2010s, the lack of protection centers on three issues: 1) Inappropriate, intrusive, or misleading data collection; 2) Hijacking attention using "addictive" strategies adopted from the gambling industry; 3) Personalization techniques that, sometimes, combine problems 1 and 2.

Oops: After years of colossal data breaches (Target, Anthem, Sony, Ashley Madison, JPMorgan, Yahoo, etc.), the European Union passed GDPR on April 14, 2016, and commits to enforcing it beginning on May 25, 2018. It seems like overkill.

But, the privacy controversy comes to a head in 2016 when it's asserted that Russian operatives manipulated Facebook and Twitter’s algorithms to sway a U.S. presidential election. Public opinion towards tech plunges. Although the focus is on consumer tech companies, B2B marketers are recognized as buyers, brokers, and players in this system.

Soon thereafter, the revelation of breaches at the Democrat National Committee (2016) and Equifax (2017) validate the reasoning behind GDPR, showing that personal data isn’t safe in governmental or corporate hands.

A 2018 scandal involving Cambridge Analytica, a political consulting firm that accessed and operationalized Facebook data unethically through an academic researcher, becomes the poster child of privacy abuse. It is the ultimate Oops.

Regulation: In April 2018, Facebook CEO Mark Zuckerberg appears in a session with members of Congress who openly contemplate implementing a GDPR-type policy in the US. As GDPR goes into enforcement, we, the participants in this history, wait to see how businesses, governments, and consumers react to the new paradigm.

Balance: To be determined!

Today, we are just entering the Regulation phase and working towards equilibrium. In that respect, GDPR is a blessing in disguise. Consider that GDPR, the most prominent model of data privacy does not ban marketers from collecting and operationalizing data. Among other things, it gives individuals “the right to be forgotten” and offers protections that enable a person to opt out of personalization.

Consider how much worse GDPR could have been. In an alternate universe with worse data breaches, regulators might have imposed a highly restrictive regime for controlling AI, data storage, data commerce, and so forth. Instead, we have a regime that asks marketers to establish trust and respect individual’s feelings about privacy. What a gift for consumers and marketers.

So, don’t buy the media coverage painting GDPR as martech Armageddon. The Insights Economy must endure some regulation to reach the promised land. We’re on our way.

{image 1}

Bonnie Crater is Founder and CEO of Full Circle Insights.