Why companies should respect consumers’ right to privacy
Jeroen Seynhaeve 2023-03-13
You may be thinking: “To hell with data protection, what about my profits?” or “I have nothing to hide”.
Surely, there is money to be made from people’s private information. Most tech companies monetise the information they collect from people – by selling or exchanging raw data, or by processing it and selling what they learn from it. In fact, these money streams provide them with the resources needed to develop and manage the technologies that harvest private information, free of charge. It’s a bizarre state of affairs: more technology collects more data that is traded for money that enables more technology to collect more data etc. It is a state of affairs nobody really had a problem with for many years. After all, weren’t we all collectively ecstatic about our sparkling new devices and convenient new apps?
But this has changed. Data manipulations that exploit people for ulterior purposes – often hidden, sometimes harmful and immoral – have come to light. Only the top of a titanic iceberg, some claim. Only the start of a doomed future in which people will be dominated by those in control of technology, or worse – by intelligent technology itself. In any case, reasons enough, most claim, to motivate a global call for regulation that protects people’s privacy, and in the same breath – human liberties.
While well intended, there seems to be an awful lot of confusion and frustration surrounding these regulations. On the one hand, people invoke them left, right and centre to justify their refusal to share information. On the other hand, companies bombard consumers with dense-looking statements and requests for our consent at the drop of a hat. It is perhaps good to point out that these regulations don’t aim to prohibit the processing of private data categorically – there are simply too many social and economic benefits resulting from that processing. What they do in fact aim for, is establishing conditions for doing so. These conditions fundamentally revolve around one principle – consent – and aim to give people back control over which private information they share with others. For South Africa, the most relevant of these regulations are the Protection of Personal Information Act (POPIA) and the EU’s General Data Protection Regulation (GDPR).
Privacy is something we all value …
But why should privacy be protected at all? While some argue that privacy is bad – its lack of transparency may be used as a cloak to hide social harms or to fence off economic progress and distribution – most agree that people desire to have control over which information they share with others – to some extent, for at least two reasons. Firstly, privacy makes us human. The desire for privacy reveals something about how we relate with other people. Think of the difference between sharing intimate information with a pet, or with a device, as opposed to sharing that information with another person. We wish to keep some information about ourselves away from other people – perhaps because of how people may use that information against us (in ways that pets and devices can’t). Or, as some philosophers claim, because of how sharing information of different levels of intimacy defines our different social relationships. Secondly, if knowledge is power, then knowing something about a person gives power over that person. Privacy gives us power to control who knows what about us, and consequently control over who we allow to interfere with our minds and lives.
OK. But why should a company respect the right to privacy?
While the value of privacy may be obvious for consumers, profit-driven companies may be forgiven to question “What’s in it for us?” Why should we respect our customers’ privacy, if there is good money to be made from personal data?
- The legal fraternity may be keen to invoke the investigative, administrative, conciliatory, criminal and civil procedures that may be lodged against you by the Information Regulator in terms of sections 73-109 of POPIA – for not complying with POPIA’s conditions for lawful processing of personal information, for not cooperating with the Information Regulator, or for the harm this has caused.
- But there are other, more positive reasons too. As part of their own compliance requirements, companies within your supply or service chain need to ensure that the companies they work with are POPIA compliant. As a start, you would do well to require the companies you work with to be POPIA compliant – especially if they share personal information about third parties with you, or you share this information with them;
- Your customer reputation and trust is at stake. A blatant disrespect of people’s privacy, or a malicious data breach that could have been prevented, harm your company’s reputation and consumer trust in ways that may be hard to justify or rectify in the context of today’s privacy sensitive information society;
- Good quality, well organised and well secured personal data about your customers or suppliers is a great asset for your business, and raises its market value.
Interested to read more about this topic? Read The Ethics of Data Privacy
Latest blog post Why companies should respect consumers’ right to privacy
You may be thinking: "To hell with data protection, what about my profits?" or "I have nothing to hide". Surely, there is money to be made from people's private information. Most tech companies monetise the information they collect from people – by selling or exchanging raw data, or by processing it ... Read / View all articles
