Over the past few years, scandal after scandal has put tech companies under a microscope. Users, policymakers, and investors are demanding to know how companies are protecting privacy and free speech, and companies that fail to do so are being held accountable, by the government, by their users, and by their employees. Businesses large and small need to take proactive steps to protect users and find ways to navigate this landscape.
The ACLU of California has a guide to help: Privacy and Free Speech: It's Good for Business, which offers advice for companies wrestling with today’s most pressing challenges.
The industry can do better. It must do better. Right now, governments are seeking massive volumes of information from tech companies. Democracy is under threat by people exploiting poor privacy practices to suppress speech and weaponize personal information. The Trump administration is trying to exploit online services to monitor immigrants, activists, and entire neighborhoods. And a stream of data breaches is endangering users and exposing companies to massive potential liability.
Mistakes in this climate can be catastrophic, for both users and a company’s long-term viability. Anticipating threats and protecting users isn’t just the right thing to do, it’s also critical for business.
To protect people’s rights, companies must plan ahead, ask difficult questions early, and build privacy not just into their products, but into their business models. The ACLU guide offers over 100 case studies that illustrate the benefits of building a business on a foundation of privacy and free speech. Other case studies show the serious risks, for both users and the business, when companies fail to do so.
The guide includes expert advice, identifies common mistakes, and gives clear guidance on how to avoid them. For example, companies must respect their data by only collecting what’s needed, protecting users, and avoiding replicating destructive real-world biases. Had Facebook limited and protected the data it collected, Cambridge Analytica couldn’t have abused user data and the company could have avoided the lasting reputational harm from users who find the company’s numerous privacy failures unacceptable.
We show companies how to plan ahead by building privacy and security practices and policies into organizations’ structure and product-design process. With proper planning, Equifax could have prevented a hacking nightmare that exposed highly sensitive personal information of 143 million people and led to the largest class-action suit in history.
We also highlight how to promote privacy by communicating clearly with users about what data a company collects and what it does with the data. If Venmo had been transparent about its default privacy settings, then it wouldn’t have come under fire from users furious that years of their transaction histories end up being aired publicly.
We illustrate how companies can support diverse voices, encourage free expression, and only remove content when it is illegal or specifically harmful. By following this advice, PayPal could have avoided a barrage of public criticism for threatening to kick book publishers off its platform unless they removed “offending literature” from their catalogs.
And we provide concrete examples of how companies can effectively partner with users by putting them in control of their data and standing up for their civil and human rights. Twitter, for example, was hailed for protecting its users when it sued U.S. Customs and Border Protection over a request to unconstitutionally identify and share the personal information of an online critic.
Time and again, companies have learned firsthand that taking proactive steps to design user-protective products and business plans builds long-term sustainability, while failing to do so can lead to public relations nightmares, costly lawsuits, and government investigations.
The stakes are simply too high to ignore privacy and free speech, and with this guide, companies will have an important tool to protect their users and build their bottom line.