New Regulations May Either Help or Hurt the Emergence of Unknown Startups

Recent events like the Cambridge Analytica scandal and Facebook’s resulting congressional hearings have revealed a need to pressure internet giants to protect privacy and user data. Self-regulation hasn’t been sufficient, and with the concurrent rise of the GDPR (General Data Protection Regulation) in Europe and new public and governmental scrutiny of data protection practices in the US, legal regulation appears to be the next step. If large internet giants aren’t inclined to protect users when left to their own devices, or their business models don’t present easy solutions to privacy problems, new privacy laws are likely to compel an increased level of caution.

At the outset, it seems like these events may foretell trouble for the largest and most high-profile internet companies. And as giant companies are required to pause and look inward, and possibly even reshape their user experience in order to generate alternative sources of revenue, they may be brought down to size…which, presumably, clears the path somewhat for startups and internet newcomers. This idea of a zero-sum landscape, in which market access represents a fixed commodity and gain for one provider means loss for another, is attractively simple.


But events may not play out like this, and some signs are pointing to the opposite possibility; new privacy restrictions may actually make life harder for newcomers and easier for established brands that still enjoy a huge measure of recognition and public trust.

Unfamiliar startups and new companies will need to provide their users and shareholders with two stories, not just one. They’ll need to demonstrate value, sustainability, and the potential for meaningful growth, but these new startups will also need to reassure all stakeholders (including both clients and investors) that their data management policies and procedures are fully compliant with both the letter and the spirit of all relevant privacy requirements. When the stakes are high, it’s harder to summon confidence in a market newcomer. This is especially true when established giants have vastly more experience and more to lose in the event of a data breach.

In order to compete, ambitious startups already needed to show up armed with the essentials: A great idea, a strong business plan, and reliable capital. But now they’ll need something else as well: A defensive, proactive approach to data security in an increasingly regulated environment, and an important story to consumers that their data is in good hands.