Opt-Ins
Updated user interfaces that prioritize opt-ins for newsletters, special offers, and so on (as opposed to having users automatically signed up for such services).Re-Engagement
If your company built its database via scraping other sites or social networks, or through purchasing email lists, new regulations may demand a “re-engagement” campaign to obtain opt-ins from everyone on those lists. (For companies that had to modify their operations to comply with GDPR, this proved particularly time-consuming and expensive.)Right to be Forgotten
Companies may need to offer a “right to be forgotten.” In other words, if a user wants their account deleted and all their information stripped from the company’s system, the company must comply.Data Portability
Users may have the right to receive data in a portable, machine-readable format, which will allow them to more easily move between similar services.Breach Admission
Companies would have to admit to any data breach within a few days of discovery. (If this kind of regulation goes into effect, it could prove extremely lucrative to crisis-communications firms.) The bottom line is that tech companies would end up more accountable to users. And who doesn’t love accountability, aside from the CEOs, CFOs, project managers, product designers, and everyone else who would need to burn 80-hour weeks for a year or two in order to bring their company into compliance? We’re joking, of course, but the underlying point stands—instituting regulations means a lot more work for folks (and a lot of money to contracting firms willing to take over the workload; remember everyone who profited immensely from Y2K work?). Apple also has some ideas about how U.S. tech firms can more strictly enforce privacy. In fact, Tim Cook was kind enough to boil it down to a few Tweets:Since Apple makes its money from hardware, as opposed to monetizing user data, it can use privacy to its competitive advantage. But that shouldn’t discount the broader momentum toward stricter data protections. And if those regulations are put in place, tech pros (and their companies) could find themselves buried under a ton of new work.It was an honor to be invited to #ICDPPC2018 in Brussels this morning. I’d like to share a bit of what I said to this gathering of privacy regulators from around the world. It all boils down to a fundamental question: What kind of world do we want to live in?
— Tim Cook (@tim_cook) October 24, 2018