Our new paper, titled Data Protection and Tech Startups: The Need for Attention, Support, and Scrutiny, has been uploaded to SSRN.
While discussions of data protection have focused on the larger, more established organisations, startups also warrant attention. This is particularly so for tech startups, who are often innovating at the ‘cutting-edge’ – pushing the boundaries of technologies that typically lack established data protection best-practices. Initial decisions taken by startups could well have long-term impacts, and their actions may inform (for better or for worse) how these technologies are implemented, deployed and perceived for years to come. Ensuring that the innovations and practices of tech startups are sound, appropriate and acceptable should therefore be a high priority.
This paper explores the attitudes and preparedness of tech startups to issues of data protection. We interviewed a series of UK-based emerging tech startups as the EU’s General Data Protection Regulation (GDPR) came into effect, which revealed areas in which there is a disconnect between the approaches of the startups and the nature and requirements of the GDPR. We discuss the misconceptions and associated risks facing innovative tech startups, and offer a number of considerations for the firms and supervisory authorities alike. In light of our discussions, and given what is at stake, we argue that more needs to be done in order to help ensure that emerging technologies (and indeed, the practices of the companies that operate them) better align with the regulatory obligations. We conclude that tech startups warrant increased attention, support, and scrutiny in order to raise the standard of data protection for the benefit of us all.