PDF iconDownload This Paper
Open PDF in Browser
Add Paper to My Library
Permalink
Using these links will ensure access to this page indefinitely
Copy URL
Copy DOI

Data Protection and Tech Startups: The Need for Attention, Support, and Scrutiny

18 Pages Posted: 17 Jun 2019

See all articles by Chris Norval

Chris Norval

University of Cambridge - Computer Laboratory

Heleen Janssen

University of Amsterdam - Institute for Information Law

Jennifer Cobbe

University of Cambridge - Faculty of Law

Jatinder Singh

University of Cambridge -- Dept. Computer Science & Technology (Computer Laboratory)

Date Written: June 6, 2019

Abstract

While discussions of data protection have focused on the larger, more established organisations, startups also warrant attention. This is particularly so for tech startups, who are often innovating at the ‘cutting-edge’ – pushing the boundaries of technologies that typically lack established data protection best-practices. Initial decisions taken by startups could well have long-term impacts, and their actions may inform (for better or for worse) how these technologies are implemented, deployed and perceived for years to come. Ensuring that the innovations and practices of tech startups are sound, appropriate and acceptable should therefore be a high priority.

This paper explores the attitudes and preparedness of tech startups to issues of data protection. We interviewed a series of UK-based emerging tech startups as the EU’s General Data Protection Regulation (GDPR) came into effect, which revealed areas in which there is a disconnect between the approaches of the startups and the nature and requirements of the GDPR. We discuss the misconceptions and associated risks facing innovative tech startups, and offer a number of considerations for the firms and supervisory authorities alike. In light of our discussions, and given what is at stake, we argue that more needs to be done in order to help ensure that emerging technologies (and indeed, the practices of the companies that operate them) better align with the regulatory obligations. We conclude that tech startups warrant increased attention, support, and scrutiny in order to raise the standard of data protection for the benefit of us all.

Keywords: GDPR, tech-startups, data protection practices, emerging technology, privacy by design, compliance, data subject rights, supervisory authorities, data protection officer, data protection impact assessment

JEL Classification: K19, K2, K20, K24, K29, K42, L50, L86, O30

Suggested Citation

Norval, Chris and Janssen, Heleen and Cobbe, Jennifer and Singh, Jatinder, Data Protection and Tech Startups: The Need for Attention, Support, and Scrutiny (June 6, 2019). Available at SSRN: https://ssrn.com/abstract=3398204 or http://dx.doi.org/10.2139/ssrn.3398204

Chris Norval (Contact Author)

University of Cambridge - Computer Laboratory ( email )

15 JJ Thomson Avenue
William Gates Building
Cambridge, CB3 0FD
United Kingdom

Heleen Janssen

University of Amsterdam - Institute for Information Law ( email )

NIeuwe Achtergracht 166
Amsterdam, North Holland 1018 WV
Netherlands

HOME PAGE: http://https://blockchain-society.science/?page_id=67

Jennifer Cobbe

University of Cambridge - Faculty of Law ( email )

10 West Road
Cambridge, CB3 9DZ
United Kingdom

Jatinder Singh

University of Cambridge -- Dept. Computer Science & Technology (Computer Laboratory) ( email )

15 JJ Thomson Avenue
William Gates Building
Cambridge, CB3 0FD
United Kingdom

PDF iconDownload This Paper
Open PDF in Browser

Do you have a job opening that you would like to promote on SSRN?

Place Job Opening

Paper statistics

Downloads
384
Abstract Views
2,811
Rank
162,868
1 Citations
32 References
PlumX Metrics

Related eJournals