As the digital economy becomes increasingly complex and intertwined with daily life, policymakers around the world are grappling with how to effectively mitigate the risks consumers face online. Now more than ever, the flurry of activity from policymakers highlights how important and challenging this is.
In the United States, Congress debates the American Data Privacy and Protection Act and the Federal Trade Commission considers rulemaking on commercial surveillance and data security. In the United Kingdom, Parliament struggles to develop a suitable privacy framework to replace GDPR. In India, lawmakers withdrew flagship privacy legislation to substantially revise it. As policymakers work to address these important challenges, they have the opportunity to rethink a fundamental element of the data economy that has not yet been meaningfully addressed in data protection frameworks: different data-driven business models pose significantly different risks to consumers.
IBM recommends policymakers consider two distinct categories of data-driven business models and tailor regulatory obligations proportionate to the risk they pose to consumers. High-risk data-driven business models are those that rely on using consumer data as a revenue stream, also known as external data monetization. Low-risk data-driven business models are those that rely on the use of data to improve a company’s operations or products and services, also known as internal data monetization or data valorization. As this paper will explain, incentive structures and other elements of high-risk data-driven business models create a significantly higher likelihood of causing harm to consumers.
-Christina Montgomery, Chief Privacy Officer, IBM
-Joshua New, Senior Fellow, IBM Policy Lab
Share this post: