Privacy - The Direction of Travel

April 5, 2023 Winterberry Group

Winterberry Group Managing Director, EMEA, Charles Ping, shares his take on understanding the key areas of alignment and differentiation on privacy across the US and Europe.

One of the benefits of being involved in Winterberry Group work across both the US and Europe is the ability to transfer knowledge around the evolution of privacy across the two regions. Being London based with a long history in the privacy arena, I’ve seen the principles behind laws such as GDPR and CPRA grow from general consumer and lobbying concerns into specific pieces of legislation. At Winterberry Group we also get to see the solutions that are evolving around the stricter European regimes as they emerge, giving a directional perspective. 

What is certainly true is that the complexity inherent in some of the legal approaches to data and privacy hasn’t always served the consumer well. As an example, has the introduction of consent boxes for cookies actually delivered the objective of the consumer having meaningful control over how their data is used? The unintended consequence of this daily barrage is that only a vanishingly small proportion of consumers actually read these notices, which almost certainly mitigates against them delivering the primary objective of consumer understanding about what data is being captured, for what purposes, by whom, and for how long will it be kept. However, these problems are the growing pains in a general trajectory where giving consumers information and control over how their data is used will be the endpoint.

In our client work, whether it is growth strategy or commercial diligence, one of the top three questions is reliably around privacy. The framing of the questions is usually whether the client’s business model has privacy headwinds or tailwinds. The answer to this question isn’t a legal one; it's a business perspective based on an understanding not just of the clauses within current legal texts, but of the reasons behind the law. And when looking 5 or 8 years ahead we tend to examine the inherent features around a business that will enable it to stay ahead of legislative changes, and hopefully their competition. This is where the privacy principles behind their operating model matter. Terms like Privacy by Design, Data Minimisation, Pseudonymization, and Accountability can never successfully be retrofitted to a business model that is fundamentally on the back foot (although some have tried). When these approaches to data are embedded, utilised, and monitored within a business, product, or service then a tailwind is more likely to be present. The privacy genie is never going back into the bottle, despite what some may hope. However, I’m equally sure that we are not at the final privacy destination yet. Certainly not in the US but also not in Europe.

What we do see is that global clients tend to try and harmonize around single approaches, with minor local adaptations. The lure of being able to compete and win these global clients is a significant forcing factor on the larger players across the technology and supply side. The key points around meaningful consumer knowledge and control will continue to drive the regulatory landscape and the media and brands that prosper within it.

Share This: