The Days of Regulatory Entrepreneurship are Over
–– 23 Jan 2020
“Talk About Privacy” with Vass Bednar from Delphia
Gilbert: I’ve previously shared that like many people, I got into privacy ‘by mistake’ as a result of my day job as a technologist. As a policy person, what has been your journey to work with Delphia on issues related to the personal data economy?
Vass: I’ve been building a public policy “tool kit,” from different vantages: the public service, politics, academia and the private sector because I want to deeply understand how change happens. While working at a think tank and later a major technology company, I was also chairing a federal panel on the future of work. In all of these environments, there was a tension that decision-makers faced: on the one hand, more data is being created and collected than ever before; and on the other, we were often diagnosing that we “need more data to understand this problem.” I wanted to bring this experience to help build something novel in the data space as a responsible innovator.
Gilbert: It’s pretty novel to employ a policy person at an early-stage start up.
Vass: We’re working in two highly regulated, super-important spaces: data, and money. At this point, our attitude is: if you’re building something without that regulatory compliance lens, you’re doing it wrong. The days of regulatory entrepreneurship are over. At Delphia, I get to work across our functional teams – legal, product, platform, etc. – on a portfolio of work related to our trust infrastructure. For instance, we’re building in CCPA-compliance even though the legislation doesn’t apply to us (yet!).
Gilbert: California is really leading on privacy-related legislation, and I’m feeling optimistic about Canada. I worry that listening to some political voices, the UK is drifting away from ‘civilised’ Europe and Canada and towards some kind of mid-Atlantic data casino status – I hope not though! What’s on the horizon in Canada, where Delphia is based?
Vass: We talk a lot about Privacy by Design, especially in Toronto. I feel like it’s yes, home of the Raptors, home of Drake, home of Privacy by Design but actually implementing, which is back to policy work: muddling through. When it comes to actually operationalizing Privacy by Design, there isn’t a prescriptive rule book.
Gilbert: I think you’re right. When we were building TapMyData, it required us to really revolutionize our approach to building a tech, and a company. It’s a huge learning curve to ‘forget’ what you know about ‘gathering more data to understand the problem’, especially as data is viewed as such an asset!
Vass: Absolutely. And there’s definitely a dimension of vigilance or patrolling because as you continue to build and scale, there are new opportunities and risks when it comes to data collection and storage. One thing we do differently at Delphia is make a huge effort to document our decisions more effectively. This creates substantive records of arguments and trade-offs that factored into a business or vendor decision, which is really valuable from an institutional engagement and memory perspective.
Gilbert: That makes a lot of sense. That’s how you get accountability in practice, not just in principle – it’s a mitigating factor. There’s always going to be reactive stuff in any organization that isn’t perfectly “best practice,” say – someone takes a phone call and puts personal data on a sticky note on someone else’s monitor. You’re only as strong as the weakest link in the chain.
Vass: So true!
Gilbert: Delphia is a really interesting startup which is shaking up assumptions around this long established “data deal” that we all get as consumers, whereby our data is leveraged to create value but we don’t see a penny of that.
Vass: At Delphia we are “dealing in” individuals to a personal data economy that they’re not a part of in a novel way, as you’ve said. Right now hedge funds – Wall Street, Main Street, whatever the colloquialism is – they’re leveraging data to their advantage. Traders are capitalizing on a very murky alternative data market. I think we’re starting to go through a reckoning in terms of improving terms of service and better consumer protection. Everyone is looking for some kind of competitive big data edge in the stock market, and we’re trying to democratize that and bring it back to everyday people; using the wisdom of the crowds via social media and other tools, we can detect early indicators of sales surprise or purchase intent. And we will reward you for that participation in a transparent way – versus making a fun Tetris app that covertly tracks your location and reads all your text messages.
Gilbert: The current odds of the game are stacked towards just a couple of huge data players, and most (all) of us are unaware of the full impact…
Vass: Which is the norm – and actually consumer protection is a really interesting frontier for data rights. But I think because consumer protection isn’t thought of as being particularly sexy or cutting edge, we sometimes forget about it. At least here in Canada and in Ontario, the way our legislation is written there’s no recourse for people. Because the legislation couldn’t conceive of you or I receiving something of value for free, participating in Facebook services for free, when we know the price is our privacy or our data. But it’s not quantified in any way, so it can be difficult for lawmakers to grasp.
Gilbert: And Delphia, Brave and others are helping socialise the idea you can own your data, and then do something with it including but not limited to making ‘money’.
Vass: I suppose you can also think of Delphia as a pre-market solution to financial inclusion in a way, in that we’re building an on ramp for investing. You can start investing with just your data and learn more about investing and then eventually start investing with dollars as well. You can invest your data, your dollars or data and dollars with us. And then the moon shot is not that different from the universal basic data income that some people have spoken about. It’s all part of re-engaging the consumer to take back control of their data – very similar to the leadership TapMyData has shown in this regard.
Gilbert: I think you’re right. And I think one of the interesting things about GDPR was it gave a platform both for within organizations who were responsible for the security and integrity of data like business continuity and tech support who’ve been saying this stuff is important for the but were being overruled by the commercial stakeholders every time.
Vass: In light of that, I think what we’ll see more of is companies reporting out annually on privacy and security. I think that’s the next frontier. We saw it with corporate social responsibility, which was definitely consumer driven and became a business interest. I think we’re very close to at least annual reporting that is partially driven by consumers but has to be motivated by forward-looking data governance.
Gilbert: So is Canada the Silicon Valley of Priv-Tech?
Vass: Not yet! We’re preparing to put more teeth on our Digital Charter. Open banking is on the horizon in Canada, which should do a lot to elevate the conversation around data ownership and portability. Our federal privacy legislation (PIPEDA) is up for review. There’s a lot of “wait-and-see” in Canadian policy-making. So in terms of becoming the Silicon Valley of Priv-Tech, I think we’ll have to wait-and-see on that too!
*You can sign up for Delphia’s waitlist here.