Philipp Schrader, Sr. Experience Designer, BCG Digital Ventures, reflects on the discussion around the General Data Protection Regulation (GDPR) that took place during the sixth edition of DV’s Startup Talks meetup in Berlin.
The Sixth edition of Startup Talks in Berlin
Would you be willing to trade a seamless user experience for higher data protection standards?
This question was posed to over 100 entrepreneurs, investors and students at the sixth edition of the Startup Talks meetup in Berlin, titled “Data protection: Obsession or human right — will new policies kill AI innovation in Europe in May 2018?”
The answer: 40 percent of the audience said yes–higher data protection standards matter more than the user experience. In light of the recent debates around the General Data Protection Regulation (GDPR), it’s no surprise that data protection is top of everyone’s mind.
What does GDPR mean for our products?
“More levels of consent in a user interface mean more buttons in your sign-up flow, which directly impacts how many users will convert,” said Mo Moubarak, Co-Founder, MoBerries.
But nobody really knows what the implications of GDPR will really be–and this is the key challenge with the new approach to better data protection.
Panel member Edward Percarpio explained that: “We’re actually all waiting for the first person or company to get sued.” And this is what it will take to understand the implications this regulation could really entail. And Edward should know–as the Privacy Architect for Sovy, a fledgling startup that specializes in providing free/low-cost GDPR compliance solutions for small and medium-size businesses.
Could GDPR be a success story after all? According to Percarpio, GDPR is a huge success already, as its one of the first regulatory topics in the digital space that people are actively talking about. “How many legal topics have been discussed this publicly? We all know how sexy policies really are.”
The core idea behind GDPR is straightforward: European regulators aim to give control back to citizens over their personal data as well as to simplify and unify the regulatory environment for international businesses within the EU. Penalties for non-compliance are substantial, with fines that reach up to €20 million or four percent of global annual turnover in the prior year, whichever is greater.
What may seem like a long shot from a user’s perspective unfolds as essentially two things:
- Explaining how an algorithm came up with an output (e.g. a product recommendation)
- Getting the user’s consent before using their data to feed this algorithm
According to Mo Moubarak, Head of Business Development at MoBerries GmbH, this is exactly where theoretical regulation collides with real life. MoBerries guiding principle is to connect the world’s professionals through a transparent job market via an AI-driven hiring platform that connects talent with companies through an interactive neural network.
“From a product perspective, more levels of consent in a user interface mean more buttons in your sign-up flow, which will directly affect how many users will convert. And if you cannot convince them in the first few seconds, users will bounce and go to the competition,” said Moubarak. And that competition could be located in a country with less strict regulations, like the US or China.
Data protection in a globalized world
So, will the EU lose the tech game because speed and permeability matter most in a globalized world? According to Srinivas Sridharan, Founder and CTO, Greenlake Research, a machine learning and AI R&D and consulting firm focused on the IoT, automotive and energy domains, GDPR is not going to destroy technical innovation in Europe, but have the opposite effect.
“It will increase coding skills and force designers and engineers to come up with new problem-solving techniques in order to be GDPR compliant. Ultimately, it could set the boundaries for a fair and neutral way of using the web and our digital identity,” said Sridharan.
Julia Krueger, an independent expert working in close cooperation with the digital rights hub netzpolitik.org, strongly believes that: “Humans have the right to understand the factors that lead to automated decision making; they also have the right to object this decision, and this is exactly what Article 22 of the GDPR is trying to achieve.” As you would expect, there is quite a bit of leeway in the formulations of GDPR, and it takes people like Kreuger to translate the often-vague regulations into tangible implications.
GDPR will affect all of us
Clearly there are still many open questions around GDPR, especially how it will translate into practical implications and standards, as well as who will be affected by it the most — startups or big corporations.
What’s equally important is the question about our behavior and values as people that spend a substantial amount of time online. Even before GDPR, there have already been many attempts to build transparent and ethical social media platforms , such as ind.ie. Even though more and more people are making the switch from the Facebooks and Googles of this world to decentralized alternatives, the numbers are still marginal.
So, the real question we should all be asking ourselves is: Are we willing to settle for a potentially less intuitive but more transparent digital product in the beginning? And are we willing to change our daily habits and question the status quo of how we behave in the digital space? Because, ultimately, laws and regulations are only as good as our willingness to make the best out of them.
Watch the full StartUpTalks session here
The BCG Digital Ventures Startup Talks series is open to those who are interested in learning more about the tech startup scene in Berlin and beyond. On a quarterly basis, we welcome inspiring experts from the tech and digital industry to discuss current topics. Join our meetup series in Berlin or Los Angeles. #dvstartuptalks