SDF Interview: Anne Hardy, CISO at Talend, on regulation vs self-regulation for Big Tech

Like (slow) buses, you wait for years for interviews to turn up on the SmallDataForum podcast, and two turn up within but five months of each other.

With Thomas taking the first plunge with his doctoral supervisor, Darren Lilleker, back in March, it was Sam’s turns to become inquisitor with Anne Hardy, Chief Information Security Officer at US-French data security firm, Talend (lovely animation on the homepage).

Our conversation focused on the necessary balance between regulation and self-regulation of Big Tech. After some spectacular failures of anything approaching good governance – from Facebook and Cambridge Analytica to the Trump and Brexit campaigns, familiar topics to aficionados of this podcast – the tide is turning on consumer privacy and the uses and abuses of personally identifiable information (PII data).

Finally, the message has hit home that “if the service is free, you are the product”, in an internet floating and bloating on over-targeted advertising revenue.

GDPR is into its fourth year – “a necessary wake-up call” for Anne – and a useful counterbalance or pivot point for Big Tech to self-regulate. The same with CCPA. Big companies have the means to self-regulate, although Anne does not favour excessive use of “the stick” to punish the biggest players.

Regulators have been tempted to go after the FAANG five, Uber, and the airlines, and this is understandable. They have the biggest data sets, the most to gain, and the most to lose – not to mention the deepest pockets that can stomach serious fines. Our interview took place just as the EU was handing out its largest ever fine to Amazon for processing data in violation of GDPR, although at $888m it represents less than one fifth of one percent of 2020’s record $386bn turnover.

But Anne believes that many smaller players in the tech ecosystem are guilty of much worse practices than the tech behemoths and that regulators should pursue bad apples irrespective of size.

Sure, it looks good on the CV of a country Data Protection Officer to scalp one of the biggest tech firms, but David should go after malfeasant Davids every bit as often as the wrongdoing Goliaths.

That said, Anne does look in wonder and awe at the space-hopping antics of Bezos, Musk, and Branson, unelected men with more power – and rockets – than most presidents. And Apple’s offshore $190bn cash reserves are bigger than even the biggest nations’ access to unrestricted cash.

The balance of power has shifted from nations to corporations, hence the need for regulation plus self-regulation to keep them in check.

Shifting sands

Towards the end of our wide-ranging discussion, Anne observes: “The internet was not built with security in mind” (while Sam reflects on Berners-Lee’s frequent, somewhat wistful musings that he never intended it to be an advertiser-funded model).

The attacks on platforms and web properties with vast vaults of consumer data contravene the trust individuals and companies place in pro-social behaviour, and we all suffer because of that . “We’ve put Band Aids everywhere to protect breaches,” Anne concludes, and while they can do so much, we need to rethink how the internet is built, how it operates, and where it’s vulnerable if society is to have a balanced and productive relationship with cyberspace for the long-term future.

With Facebook still a spotty teenager, it’s remarkable how far we’ve got – in relative safety and security – in such a short time. We end our chat not in a trough of despond but with a mix of nostalgia and optimism for what might have been and what might be yet to come.

Many thanks to Anne for her time and Gallic wisdom.

Listen to the interview:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.