As the CEO of a leading software company, I’ve marveled at how nanotechnologies, robotics, quantum computing and artificial intelligence are transforming how we work and live. And I long believed that there was nothing wrong with the tech industry that the tech industry couldn’t fix itself.
Lately, however, massive breaches of consumers’ privacy and the misuse of social media during the 2016 presidential election have led to a crisis of trust in our industry. In the eyes of many, the tech industry has gone from celebrated to suspect.
It’s now been almost 20 years since Congress passed a major piece of legislation to protect consumer privacy. Business can be an extraordinary platform for change, and if companies in Silicon Valley want to regain the trust of consumers, a good place to start would be supporting a national privacy law that gives people a reason to believe that those companies will uphold their privacy, not violate it.
And as pioneers who champion the power of technology to improve the human condition, tech CEOs and companies ought to be leading the fight for reform. Instead, too many have abdicated their responsibility and are sitting it out—or, worse, are actively resisting privacy legislation at the federal and state levels.
The industry has a great deal to gain from a new law. The United States does not have a single, overarching national privacy law to protect consumer information online. Instead, we are starting to see proposals in different states that would create a patchwork of 50 different sets of regulations. For consumers, this leads to an unappealing future where one's level of privacy would depend on a ZIP code. For companies, this framework would create complications and confusion in navigating their obligations to consumers living in different states.
It isn’t easy for me to call for greater regulation of the sector to which I’ve devoted my life. When I said earlier this year that social media platforms like Facebook can be addictive, especially for children, and that they should be regulated—like cigarettes—I was criticized by some of my peers for supposedly betraying my industry. And I realize that fashioning new regulations is exceedingly difficult.
But, as an industry, we must recognize that the failure to protect personal data is not only a danger to consumers, it also poses one of the greatest threats to the long-term health of the high-tech industry itself, and, by extension, our innovation-based economy.
Fortunately, there are models for how to strike the necessary balance between regulation that safeguards consumers and the innovation that fuels economic growth. Canada, Japan, Australia and other nations already have general privacy laws. The European Union’s General Data Protection Regulation—based on the principle that personal data fundamentally belongs to consumers, not companies—went into effect recently.
What would an American version of such a law look like? We wouldn’t want a cookie-cutter version of the European model; any privacy law would need to be tailored to our own traditions, values and rule of law. Moreover, in our system, industry cannot be relegated to the sidelines. Industry has to be part of the solution.
Such a law could include three important elements.
• First, rather than obscuring their data policies in long, incomprehensible terms of service agreements, companies should be required to be transparent with clear notices about the types of personal data they collect, how that data are used and shared and what choices consumers have.
• Second, consumers should have substantive control over the use of their personal data, including whether it is monetized, as well as the right to have data deleted—a so-called right to be forgotten. This is not to say that companies like Facebook and Google cannot monetize data. In fact, in today’s digital world, data is currency, and consumers have shown that they love free apps. Rather, this means ensuring that consumers understand the bargain they’re signing on to—and that even if they choose to sign on, consumers still retain meaningful control over the data and companies uphold their promises.
• Third, companies that fail to fulfill these obligations should be held accountable, including by the Federal Trade Commission, for any violations that are “unfair and deceptive.” This, no doubt, will be a tough pill for many tech companies to swallow. But the era in which tech operated in near-total freedom had to end. This, in turn, requires a change in the underlying culture—and also a recognition that trust and innovation are not a zero-sum game.
Tech CEOs should recognize that well-crafted legislation is not only the right thing to do, but also good for our industry’s bottom line. Accountability breeds trust, and demonstrating to consumers that Silicon Valley values their privacy—not simply their data—would be an important step in rebuilding trust. Protecting privacy can also be a competitive advantage; companies that are trusted by customers are more likely to earn their business.
Looking further ahead, Silicon Valley should also challenge its brightest minds to change the basis of the existing business model—that data are essentially free.
Maintaining trust by giving people control and transparency over their data will, in the end, be a small price to pay, an investment in the future of the industry. A single national privacy law would provide companies clear and consistent rules of the road, encouraging innovation.
Technology is not neutral; it has become one of the most powerful and decisive tools in our lives. Our data represent who we are and what is known about us. Having control over our data should be an issue we can move forward without debate—it should be a right, and those responsible for safeguarding our freedoms can no longer be passive. It’s time for Congress to pass a strong, comprehensive national privacy law to safeguard the personal data of American consumers, and it’s critical that Silicon Valley actively support such an effort.
Marc Benioff is founder, chairman and CEO of Salesforce.