Meet the expert: Jared Browne to speak at PrivSec Brussels

Head of Data Privacy at the Fexco Group, Jared leverages over ten years’ experience in Compliance and Data Protection. He is a member of the Executive Committee of the Association of Data Protection Officers in Ireland and a member of the Executive Committee of the Confederation of European Data Protection Organisations.

At a time when organisations are under unprecedented pressures to strengthen the customer relationship, Jared appears at PrivSec Brussels to explore the GDPR’s transparency requirements and how they can help companies to process data in a way that nurtures trust.

We spoke with Jared about his career so far and to learn more about this crucial topic.

Could you outline your career pathway so far?

I am originally a philosophy graduate, having completed a Bachelors and a Master’s degree in the area, an awful long time ago. That has given me critical thinking and an ever-present appreciation of ethics – two things that will help anyone in a compliance or data protection career.

After that, I retrained and qualified as a solicitor in Ireland. I had the misfortune to qualify in 2010, at the depths of the global recession, which meant there were no immediate prospects for a career as a solicitor. 

Instead, I moved into financial services compliance with the Fexco Group, a company I have now been with for over 12 years. I worked in a variety of compliance roles, involving financial services regulation and data protection.

From 2017, I have exclusively worked in data protection and I am now the Head of Data Privacy for the Fexco Group. Fexco are a multi-national company with operations in 28 countries, spanning numerous industries. Currently, I have a strong interest in ethical A.I. and how the forthcoming A.I. Act will interact with and impact the GDPR.

What’s at risk for companies that fall short of GDPR’s standards on transparency, other than regulator penalties?

Beyond regulatory penalties, companies risk losing customer trust. Hiding data processing activities from customers is a short-term game with short-term gains. Abraham Lincoln said: “You can fool some of the people all of the time, and all of the people some of the time, but you cannot fool all of the people all of the time.”

If companies do not play the long game of being open and transparent, I think customers will naturally gravitate towards competitors who do take data protection seriously.

Furthermore, I think companies will find it difficult to realise the true value of technology if they do not design transparency into its development. For example, automated decision-making through A.I. and machine learning is growing exponentially and if companies want to get true buy-in from customers they will need to be upfront about how data is processed in this context.

What are the primary hurdles that companies face as they work to meet GDPR’s transparency requirements?

One hurdle is actually learning how to design transparency into website and software development. An awful lot of money is spent by marketing departments on UX design and user experience, down to the detail of colours chosen and the construction of pages. If transparency is going to make a meaningful difference then companies will need to build it into UX design and give it the funding it deserves. 

Another hurdle comes from devising means of transparency that are actually engaging. The classic, text-based, legalistic privacy policy has its merits and it works to a degree, but we know that most web users struggle to read the majority of these written policies. All other avenues should be actively explored, and companies should get creative. Why not graphics, cartoons, videos, audio messages, or all of these combined as a genuinely interactive experience?

Beyond compliance, what benefits can companies expect to uncover when they work proactively to meet transparency requirements?

Transparency is a fundamental value that spans all areas of life, both personal and commercial. It stands to reason, in the most basic sense, that the more open a person or company is, the more trust they will garner.

It’s not that hard to conceive, but it seems to be very hard to persuade some controllers to take the leap, and trust that being open is a better bet than holding your cards close to your chest and leaving customers to wonder what you are really doing with their data. Aside from better customer relationships, I think companies can genuinely improve their reputation if they become known as the open company. This means letting customers know about the risks that are associated with the data processing.

All companies, understandably, are quick to emphasise the benefits of services and to, perhaps, gloss over some of the less comfortable aspects. However, if companies are upfront with the risks, customers may actually respect them and continue on the journey with them. Treat customers like adults – they can handle the truth – and the benefits could be reaped.