Jules Polonetsky — privacy rights advocate and CEO of the Future of Privacy Forum — joins BigIDeas on the Go to talk about the past, present and future of data privacy. He shares insights from his background as a CPO during 9/11 and the Snowden era, as well as his thoughts on how data intelligence technology will ethically usher us into the future.

FPF and the Center of the Privacy Debate

Before Polonetsky founded the Future Privacy Forum (FPF) 12 years ago, “there wasn’t really a good place in the center of the privacy debate,” he says. “Trade groups did their thing supporting industry interests, and advocates and civil society spent their time critiquing and litigating and worrying about the surveillance economy.”

While the advocacy groups had good points, admits Polonetsky, he was more interested in “convening everybody” to fill gaps and address more actionable questions. “How do we get the good we want?” asked Polonetsky. “How do we support advertising in a responsible way? How do we have the data available for research? How do we support mobility and all the utility and actually take seriously that there are regulatory challenges here?”

At the FPF, says Polonetsky, “that’s what we do.” The FPF brings advocates, academics, and regulators together with CPOs, DPOs, and other senior executives who ask, “what are the tools I need to scale this — and how do I find my data in the first place?”

The Dawn of the Internet and Self-Regulation

As an early Chief Privacy Officer, Polonetsky noticed a central challenge around the question, what should the rules be?

“The U.S. did not have a broad privacy structure, as we don’t today. We had sector-specific rules for finance, banking, health, kids — but we didn’t have a general set of rules. So, many of these companies who thought they were just doing good things — ads to help keep websites free — were shocked! They were being celebrated as ‘startup billionaires’ and democratizers of access and content and freedom, and all of a sudden they were being prosecuted by attorneys general, by the Federal Trade Commission, by regulators.

So the question that emerged in the early days was, “How do we self-regulate? And everyone believed in self-regulation at that point.”

“And Then Came 9/11”

After 9/11, “the ad market collapsed and all these sexy companies went bankrupt and nobody was all that interested in who did what with cookies,” says Polonetsky.

The challenge shifted to “where and what is wrong with our databases?” Everyone wanted to know, “why didn’t we have the data to link together if some possible terrorist was getting a license to fly a plane?”

After some distance from 9/11, the Snowden revelations raised another question in terms of data privacy and surveillance. “We started looking and saying, wait a second — did we just go too far?” Either way, during this period, “the marketing questions were not front of mind. The government surveillance questions were front of mind. And here we are today, and we’re worried about both.”

The Need for Data Intelligence

The marketing years are back — with a vengeance. “Data uses are happening in ways we were only dreaming of back in the day,” says Polonetsky. “It’s become a challenge for folks in the business world to keep up with not only the intense regulatory developments … but the media concerns, the ethics concerns, the consumer concerns.”

At FPF, Polonetsky focuses on technology solutions. A few years ago, he turned his attention to asking, “how do we support the people making the tools — the BigIDs of the world?”

It wasn’t always this way. When Polonetsky first started encountering data intelligence technologies, he said, “There’s no way! This is nuanced stuff. You need lawyers sitting on every one of these issues. Putting these things into tools that scale? It’s not doable. You can’t scale these things. It’s too legal and too complex.

“And here we are a number of years later — and the reality is that most folks at most organizations cannot function, because at the end of the day, once they do their work, they need the tools.”

The challenge takes on a slightly different dimension at small and medium enterprises. For these organizations, says Polonetsky, “frankly, the tools may be the only thing you have, because there is no lawyer on hand.”

And if you are a lawyer at a major organization, “and you’ve been doing impact assessments, and you’ve been trying to map your data, and you’ve been trying to use the identification tools, you need systems to scale these things. It’s been remarkable to see the industry grow.”

Check out the full podcast to learn more from Polonetsky on data privacy’s ethical role, and his take on how regulations will evolve in the next few years. “Regulation is coming,” he says. “It’s coming fast. And it’s not going to be consistent.”