What would an investor group for data privacy focus on?

Added – could it help address issues like this? – Facebook’s Model Attacked by German Antitrust Regulator

In 2018, I co-authored a report on data privacy for the IRRC which showed some scary statistics for investors who think that the current state of data privacy is stable.

The report quotes a 2016 survey on data privacy in the US by the Pew Center which found that:

• 74% of respondents regarded it as very important that they control who can get information about them;
• 47% were not confident they understood how their information would be used;
• 92% of adults agreed or strongly agreed that consumers have lost control of how personal information is collected and used by companies;
• 68% of internet users believed current laws are not good enough at protecting people’s privacy online; and
• 64% believed the government should do more to regulate advertisers’ use of data.

And this was before the US elections and Cambridge Analytica scandals!

These look like real risks to the way data privacy is currently regulated and used by companies. Given that data dependent tech companies are 26% of S&P 500, there is real value at risk.

My question is why is there no group of investors publicly aligned and engaging tech companies on the issue of data privacy?

We have investor groups such as:

• CDP for climate and forests
• CERES for climate, water and supply
• 30% Club for diversity
• FAIRR for animal rights.

Investor advocacy groups can play an important role in exploring specific issues and working with investors and companies to develop new solutions that manage risks and develop new opportunities.

In addition, investor advocacy groups enable outsource the real time monitoring of specific issues and engage when it is important. Diversified investors do not have the time to have a detailed opinion of every issue.

Finally, due to the global nature of capital, investor groups can more easily engage across jurisdictions compared to government.

So why do we not have a dedicated tech and data privacy? We have privacy foundations and think tanks but no group of investors as far as I can see.

Possible reasons include:

• Given the success of the tech companies that are dependent on data, investors are disincentivized to engage on the issue of privacy for fear of substantial impacts on company’s business model. The value at risk is the reason to engage!.
• The dual share structure of these companies, such as Facebook, means that founders and other closely aligned investors have majority control (even without majority share ownership) so traditional investor engagement methods such as shareholder motions or proxy votes don’t work.
• There are few people outside the tech companies that understand the issue of data privacy and are able to effectively and credibly engage. Companies state that data is anonymized and that machine learning programs don’t use specific data points but develop inferences from vast sets. Outside viewers can’t verify that and companies have the majority of their competitive advantage in these processes so they are not likely to willingly demonstrate this.

So we are stuck with a situation where there is no credible group of shareholders able to effectively engage. Yet the risks are clearly there.

So what would I do?

Firstly, I would pick a specific element of data privacy as an issue.

One is the passive collection of data (i.e. when a particular business collects data when a user is not actively using the service). This would enable the group to look at the ways data is passively collected, discuss what the implications of reducing passive collection might be for companies and develop a set of rules/guidelines that balance user and company concerns.

In addition, this would enable the group to focus on what is coming. Passive data collection in smart environments….