GDPR-US - Salesforce's Benioff calls on the tech industry to 'flip the coin' on data privacy

Salesforce CEO Marc Benioff recently caused a stir in some circles by calling for a version of GDPR to be introduced in the U.S. on the back of the recent data privacy scandals centering on social media firms, most notably Facebook.

As I noted at the time, this isn’t a new meme for Benioff - he was talking about the same basic concepts four years ago! - but the crisis of confidence caused by the actions (inactions? ) of Facebook has pushed the subject onto the mainstream agenda. This, combined with a push in California for state legislation on consumer privacy that stands a chance of becoming law, has led to the Salesforce boss now stating that a Federal law akin to Europe’s GDPR (General Data Protection Regulation) is the next logical step.

Yesterday, on the firm’s quarterly conference call with analysts, he took the opportunity to return to the theme and repeat his call for legislative action, citing customer trust issues as a driver:

Things are changing and some of that has been induced by our industry, where for the first six months I think that in many aspects of our industry, we’ve been going through a crisis of trust. The headlines in many of the newspapers have been about vendors who are having trust issues with their customers, we saw that a little bit last year in San Francisco and this year we've seen it again.

There’s a mindset divide between Silicon Valley and Europe when it comes to data and its ownership/stewardship, he argues:

I think from the European perspective the way they look at data is data belongs to you, it's your data. Now for us at Salesforce, we understand that. We've had that position from the beginning. Our customers’ data belongs to them, it's their data. I think in some cases, companies that are start-ups and next generation technologies here in San Francisco, they think that data is theirs. I think the Europeans with GDPR have really flipped the coin, especially in advertising but in another areas, saying, ‘Hey, this data belongs to the consumer or to the customers, you guys have to pivot back to the consumer, you have to pivot back to the customer’.

And taking that premise as read, the conclusion is obvious, he adds:

We need a national privacy law here in the United States that probably looks a lot like GDPR.

Tough love

At a time when Facebook CEO Mark Zuckerberg can’t even explain how his firm’s policies are going to change in the wake of GDPR - are U.S. users getting the same protections as their European counterparts or not? Who knows? - Benioff’s views are likely to be met with some scepticism, indeed outright rejection, in less-enlightened parts of the tech world.

But his point of view is that that a bit of hard-to-swallow-medicine is needed and will make everyone feel better in the end. He insists:

[A GDPR-like regulation] is going to help our industry. It's going to set the guardrails around trust, around safety. It's going to provide the ability for the customers to interact with great next generation technologies in a safe way.

I think that this is going to accelerate with Artificial Intelligence. We saw that recently with an AI demonstration from our industry where average customers could not tell [whether] they [were] interacting with a computer or were they interacting with a human being. That starts to cross the line on what is trust and that's where our industry really has to come forward and say [that] we're going to make sure that these technologies are trust-based.

I think the Europeans definitely got that figured out. And I think the rest of the regulators in the world are looking strongly at that.

For the Facebooks of the world, the fear with all this is of course the impact it will have on their ability to serve-up personalized ads and therefore the impact on the bottom. Facebook’s own Chief Finance Officer admitted that GDPR itself was an unknown variable in terms of projections. Take that ‘problem’ to the U.S. and his job just got an awful lot harder.

Benioff thinks that the ad industry and those firms that serve it will be fine, but need to adjust their thinking in the current climate:

While I think that that advertising is a model that will continue to be successful... I think that the idea that you need to build a one-on-one relationship with your customer, something that we've been saying now for almost 20 years, is probably more true than ever. Because ultimately your ability to have success with your customer will be able to sell or service, or market to them, or conduct with them in a one-on-one way based on the system of record that you have with that customer.

Salesforce is a system-of-record-oriented company, that’s where we started. And then we evolved into the system-of-engagement. We evolved into the system-of-intelligence. And in many of ways, we’re becoming a system-of-systems. But at the end of the day, where we see the world going is, we're providing to our customers the ability for them to have that unique customer experience. To say that you’re going to have this fully anonymized relationship with your customer, and if that’s the future, I’m really not buying into that.

It’s clear that the Salesforce belief is that the time is ripe for action finally to be taken on this issue. Amy Weaver, Salesforce’s General Counsel and President of Legal, states:

I think this is really a critical point for the U.S. with privacy law. We’re seeing the global conversation around the importance of privacy. It’s going to be important for the U.S. to be a leader now, and not just a follower.

She argues that there are number of key areas that need to be focused on now:

One is insisting that organizations are transparent about the data practices, what's collected, how it’s used, who it’s been shared with. The second is giving individuals more rights to control about their personal data. It starts with individuals, their privacy and their rights. And then the third thing is holding organizations truly accountable for the privacy practices. I think that this is going to be a key for our entire industry and establishing trust.

I don’t think that there’s any doubt that Federal privacy law is the best [option]. One of the nice things about GDPR is that it replace the patchwork of laws throughout Europe. Now it may be necessary to have a state-by-state implementation in the United States as a practical step forward, but the idea is really to get us to one national privacy law that we can all agree to.

My take

There’s nothing here that I could criticise. That said, there are going to be many in the tech sector, particularly at the consumer-facing end, who are going to resist calls for change and there will be legislators who’ll pick up the ‘too much regulation’ meme and run with it.

That’s why we need to see other enterprise tech leaders stepping up to the mark (no pun intended) and supporting the arguments that Benioff is putting forward. I can imagine many who will be of the same mindset; equally I can imagine many who will not be.

But this is a debate that’s been put off for too long - the U.S. has to have a ‘tough love’ conversation with itself about data protection.