Data Protection and Tech Startups: The Need for Attention, Support, and Scrutiny

18 Pages Posted: 17 Jun 2019

See all articles by Chris Norval

Chris Norval

University of Cambridge - Computer Laboratory

Heleen Janssen

Computer Science and Technology

Jennifer Cobbe

University of Cambridge - Computer Laboratory

Jatinder Singh

University of Cambridge -- Dept. Computer Science & Technology (Computer Laboratory)

Date Written: June 6, 2019

Abstract

While discussions of data protection have focused on the larger, more established organisations, startups also warrant attention. This is particularly so for tech startups, who are often innovating at the ‘cutting-edge’ – pushing the boundaries of technologies that typically lack established data protection best-practices. Initial decisions taken by startups could well have long-term impacts, and their actions may inform (for better or for worse) how these technologies are implemented, deployed and perceived for years to come. Ensuring that the innovations and practices of tech startups are sound, appropriate and acceptable should therefore be a high priority.

This paper explores the attitudes and preparedness of tech startups to issues of data protection. We interviewed a series of UK-based emerging tech startups as the EU’s General Data Protection Regulation (GDPR) came into effect, which revealed areas in which there is a disconnect between the approaches of the startups and the nature and requirements of the GDPR. We discuss the misconceptions and associated risks facing innovative tech startups, and offer a number of considerations for the firms and supervisory authorities alike. In light of our discussions, and given what is at stake, we argue that more needs to be done in order to help ensure that emerging technologies (and indeed, the practices of the companies that operate them) better align with the regulatory obligations. We conclude that tech startups warrant increased attention, support, and scrutiny in order to raise the standard of data protection for the benefit of us all.

Keywords: GDPR, tech-startups, data protection practices, emerging technology, privacy by design, compliance, data subject rights, supervisory authorities, data protection officer, data protection impact assessment

JEL Classification: K19, K2, K20, K24, K29, K42, L50, L86, O30

Suggested Citation

Norval, Chris and Janssen, Heleen and Cobbe, Jennifer and Singh, Jatinder, Data Protection and Tech Startups: The Need for Attention, Support, and Scrutiny (June 6, 2019). Available at SSRN: https://ssrn.com/abstract=3398204 or http://dx.doi.org/10.2139/ssrn.3398204

Chris Norval (Contact Author)

University of Cambridge - Computer Laboratory ( email )

15 JJ Thomson Avenue
William Gates Building
Cambridge, CB3 0FD
United Kingdom

Heleen Janssen

Computer Science and Technology ( email )

15 JJ Thomson Avenue
William Gates Building
Cambridge, CB3 0FD
United Kingdom

Jennifer Cobbe

University of Cambridge - Computer Laboratory ( email )

15 JJ Thomson Avenue
William Gates Building
Cambridge, CB3 0FD
United Kingdom

Jatinder Singh

University of Cambridge -- Dept. Computer Science & Technology (Computer Laboratory) ( email )

15 JJ Thomson Avenue
William Gates Building
Cambridge, CB3 0FD
United Kingdom

Register to save articles to
your library

Register

Paper statistics

Downloads
95
Abstract Views
763
rank
272,608
PlumX Metrics