Legislation Won’t Fix data Privacy Concerns. Instead, the Tech Sector must Forge a New Global Industry Standard

Nik Emir Din explores what the tech sector could learn from Fairtrade.

Every day, there is a new war over data. Right now, Europe and Meta are locking horns over transatlantic data transfers, with Meta threatening to withdraw its apps from EU-hosted servers. But with more countries – and citizens - questioning big tech’s data practices, and after countless stories of data breaches, isn’t it time the tech world listened?

In January, millions of Christian prayer app users discovered their data was being sold, monetizing one of the most private aspects of a person’s life – their faith.

And they are not alone.

In 2020, Bitsmedia was blindsided by a publication which alleged Muslim Pro was linked to a company that may have sold user location data to contractors connected with the US military.

The app, Muslim Pro, is the world’s largest Muslim lifestyle app. Our global user base exceeds 120 million users — from nearly every country on the planet. And as most of our users are Muslims, the alleged transaction not only felt shocking, but ominous.

Over the years, Muslim communities have experienced marginalization and intense scrutiny and surveillance for various reasons. This allegation reinforced outdated and harmful notions that Muslims need to be policed. As a Muslim-centric company, whose values and vision align with Muslim communities, we empathized with the sentiments many of our users must have felt after learning about the incident. We also knew we needed to enact real change in order to restore user trust.

We accordingly reformed our policies to establish a new and robust privacy framework. This included an open and transparent privacy policy as well as complete data anonymization, with on-going periodic independent audits of our systems.

However, we know more actions are needed. Not only for us, but the entire industry.

Let’s start with data anonymity. Even though there’s been a huge push in places like Europe (with the EU’s General Data Protection Regulation, or GDPR) to ‘anonymize’ data, recent studies show that it hasn’t been enough to protect identities after all.

Going a step further in our case, even though individuals couldn’t be identified through “anonymized” data, our data reflected an identifiable religious group. Hypersensitive categories such as gender, race and religion based on the source of shared (or stolen) data would not be protected by GDPR if anonymized by its guidelines and open to abuse.

Now view this within the framework of ongoing, rampant data harvesting across the entire industry. Just this week, a new study claimed that TikTok, now the world’s largest social media platform, is also one of the biggest sources for sharing user data with third-party trackers - who then sell the data to unknown buyers. The platforms may change, but data is still king.

Apps continue to sacrifice privacy to remain free and appealing to users (and gain market share). About 92% of apps are free, and their survivability boils down to in-app purchases and third-party advertisers. Tech giants such as Google and Facebook have built enormous empires off the back of data harvesting. Data, - and the digital advertising industry it fuels - has now surpassed oil as the world’s most lucrative and important resource.

So, how can the tech sector embrace a business model that does not rely on misusing user data?

It starts with listening to consumers. Apple recently introduced new privacy opt-ins for iPhone users, tanking Meta’s stocks more than 26% in one fell swoop. Apple was well aware that consumer demand for personalized and targeted ads - the justification for data harvesting - has been diminishing for some time on the back of privacy concerns. A 2021 YouGov survey discovered that 57% of people prefer not to receive personalized ads, while only 11% of respondents were okay with their personal data being used.

As such, we need to have a realistic view of what legislation can accomplish. Many countries, states, and intergovernmental bodies have enacted data privacy laws that are often  divergent and flawed. More importantly, the laws don’t respect borders. Even the strictest legislations, such as GDPR, are not globally enforceable.

Instead, companies can take the lead by  envisioning a future that respects consumer concerns, prioritizes privacy and consent, and builds products that are ‘private by design’ - minimizing or eliminating the need for data sharing altogether. Apple and GDPR deserve credit for making consent opt-in, not opt-out.

Finally, for the data we do aggregate, we as an industry should protect user data, make it clear we’re protecting user data, and put daylight between us and companies that cross the line. While a minimum set of standards, such as GDPR, helps us get there, an international benchmark of data privacy standards that companies can voluntarily adhere to, not unlike Fairtrade certifications, would take us much further.

Fairtrade, for example, is a voluntary global framework which holds the food industry to higher standards. It addresses consumer-centric concerns by implementing rigorous criteria to the supply chain which are then externally audited, inspected, and confirmed.

We believe the tech industry would benefit from a similar approach, a framework that promotes transparent policies, supports smaller organizations, and limits how data can be used or abused. These principles could be debated and generated internally by industry but audited externally by autonomous or independent bodies. This combination, a social contract with the consumer like Fairtrade, would give power back to users without hamstringing the industry with bureaucracy, overreach, and uncertainty.

Ultimately, consumers and providers alike will agree that some form of data collection for the improvement of products, services, and overall functionality is an inevitable necessity, especially when it comes to competing alongside the continuing growth of Big Tech. But we can and should have responsible regulation on data sharing, especially when it comes to sensitive data.

An approach to privacy standards such as this would allow users to make informed decisions about their digital engagement, permitting the free market to do what it does best by rewarding companies that respect consumers, exposing companies that betray consumer trust, and driving innovation while providing vital services and needs more efficiently than any other mechanism.

We at Bitsmedia, a relatively minor player, don’t have all the answers as to how this approach would play out. But we have learned the hard way that data privacy and user trust should not be taken for granted. Our experience and our continued growth showed us that data privacy and profitability can go hand in hand.

While most apps are not faith-based, all apps operate on certain shared expectations: Apps serve users. Apps don’t use users. Companies that take consumers for granted by weaponizing user data might make some money in a short amount of time.

But that profit doesn’t last - and neither could they.

Nik Emir Din is the Chief Financial Officer (CFO) and Country Head of Malaysia at Bitsmedia, developer and publisher of the Muslim Pro app - a leading Muslim lifestyle app with more than 100 million downloads worldwide. Nik also heads the Malaysia office and is responsible for global business development initiatives for Muslim Pro, including strategic partnerships, industry collaborations, and user acquisitions.

Prior to his management role at Bitsmedia, Nik had an illustrious career in the investment banking and financial services sector working for Khazanah Nasional Berhad’s Investments division and the RHB Banking Group, where he held a Senior Manager role. Nik strongly believes in sustainable businesses and investments that have a meaningful impact on economies without compromising on returns. He is also an advocate for digital technologies and their role in empowering communities and transforming individual lives by unlocking their capabilities and providing access to more opportunities.