It isn't often I disagree with the editors of Businessweek - but their most recent editorial complaining about GDPR needs an alternative perspective.
Let's start with GDPR compliance costs. The editorial complains about the high cost of GDPR compliance. Yet... the reality is that the compliance costs cited in the Businessweek editorial appear to be in direct proportion to the degree that companies have created businesses that prey on customers rather than serve them.
Conteneo's GDPR compliance costs are negligible precisely because we have never sought to hide anything we do with the data we're capturing in our platforms. Instead, we have always strived to put our customers and our customer's customers in control of their data. In reviewing GDPR compliance, we were actually quite thrilled to find that many of the choices we've made for years were nearly prescient in the way that they "future-enabled" (instead of "future-proofed", a term I detest - who wants to prevent the future?) GDPR.
The editorial references an article on the challenges of the GDPR Right to be Forgotten and certain AI algorithms. More broadly, a lot of companies are getting themselves tied up over the Right to be Forgotten. However, in many cases a properly designed enterprise data model (whether centralized or federated, and one covering operational and analytic systems) should be able to either delete or pseudonominize data. In other words, don't let the Right to be Forgotten turn into some kind of scare tactic. Instead, roll up your sleeves and get to work implementing it!
I also disagree with the Businessweek editorial's assertion that informed consent has to be implemented in a way that will mislead, confuse or annoy users. I will be first to admit that Conteneo's pre-GDPR "consent" was using some dark patterns. We didn't really like this, but we thought that a dark pattern about agreeing to our terms of service was an acceptable tradeoff to getting participants into Weave forums as quickly and easily as possible. It wasn't, and we're removing our dark patterns just as quickly as companies like Microsoft are adding them.
The coming of GDPR has given us the chance to rethink how participants join forums. We have some really terrific ideas on improving this that will be rolled out over the next few months, starting with simple and plain language in our informed consent. More broadly, our work suggests that properly worded informed consent is a means to establish a trust-based, mutually beneficial relationship with all people who use Weave.
We're still working on GDPR compliance, and while I am pretty confident we'll be fully compliant by the 25-May-2018 deadline, there is a chance that we may miss something. In that case, I want our customers to know that we'll do everything in our power to make sure that we're doing our best to follow both the spirit and letter of the GDPR regulations.
Ultimately, Conteneo is one small company that is thrilled with GDPR. GDPR compliance will enable Conteneo to further establish trust with even more individuals and companies around the world, giving us a significant competitive advantage over the companies who'd rather secretly collect and ultimately misuse your data.