Salesforce CEO Marc Benioff described Facebook as the “new cigarettes” in a recent appearance on the television show CBS This Morning and called for the U.S. to adopt a national privacy law like the GDPR, which just went into effect in Europe.
“Maybe this is a time where the government has to step in and regulate not just that product but really our industry,” Benioff said, referring to Facebook. “We’re really at that point with technology.”
Calls for regulation in social media and cloud computing are not new — I’ve made similar observations in this space. However, it’s interesting that a technology industry insider like Benioff now has made these points — especially at a time when the industry has been tarnished by external events. Perhaps there is no better time.
“What we need is a national privacy law, and that will really not just protect the tech industry — it’s going to protect all the consumers,” Benioff said in the CBS interview. “Ultimately, it’s going to protect our kids, which is really what this is all about, because we know that all these [social media] companies are looking to bring kids into their social networks as well.”
Standards and Rights
Benioff raised two issues that ought to be teased apart, especially by people who would like to see change. Without separation, we run a risk of engaging in an undisciplined argument that settles nothing.
The first issue is standards, which is really about how to get multiple technology vendors to work together to support things like GDPR and whatever comes after. At a more fundamental level, standards will help multiple vendors preserve their uniqueness while supporting the interoperability needed to implement regulation that will span the industry.
The relational database standard and SQL emerged about 40 years ago. Does anyone seriously doubt that the complex multivendor cloud industry we have today could have emerged without those and many other standards?
The other issue is rights — as in identifying the rights of vendors as well as end users. As Benioff put it, “that would mean the companies would have to fully disclose how they collect your information, use your information. And you’d have a right to be forgotten, so that if you want all your information deleted, you can hit that button and be assured that your data is gone forever.”
Without some added standards in this area, it’s hard to see how we protect privacy, because there are so many vendors today who collect data for the express purpose of selling it to flesh out the profiles kept by individual companies. You could begin with almost nothing and assemble a reasonably complete picture of a person’s data with a little time and effort.
These independent data-gathering organizations currently don’t have effective ways to propagate a deletion, however. Why should they? The incentive is in the other direction.
Benioff’s Track Record
Marc Benioff has rarely, if ever, been late for a technology party. For most of the last decade he nimbly skipped from topic to topic as fast-following competitors tried to keep up. They were always a year (or should we say one Dreamforce?) behind: certainly with cloud, then social, analytics, platforms and much more.
Lately he’s revved up the philanthropy and employee empowerment engines. In the same CBS interview, Benioff revealed that Salesforce has spent US$9 million trying to nail down fair employee compensation, noting that when you buy companies you have to go through the same audit process — and Salesforce buys lots of companies.
Benioff’s efforts have been focused on reducing costs by commoditizing everything about IT. While this also can be said of setting standards for interoperability, the idea of regulating how the industry works is a pivot toward humanizing the industry at a time when some people are beginning to question the efficacy of modern IT.
It’s likely time to take Benioff’s leadership on GDPR and the call for regulation seriously. Implicit in all this is another data point related to building the information utility of the 21st century: Some of our security and interoperability needs simply won’t be satisfied with the current Balkanized assembly of clouds that we have today.
As with other Benioff-led innovations, there’s a strong profit incentive for him and others. Salesforce was able to reap significant profits from being a first mover in cloud computing, and that’s also been true in other areas — like social, platforms and AI.
I recently appeared on the Gillmor Gang, a streaming interview show, and made the observation that change, like what I am advocating here, doesn’t usually happen without a catastrophe of some kind — Pearl Harbor or 9/11 to name two. Other guests weren’t so sure, but when you look at history the ambiguity evaporates.
The information industry is in such a moment today. It’s a time that calls for direct action to ensure its future by establishing regulations rather than having them imposed, as GDPR is about to do. Interestingly, what’s needed isn’t so much technical innovation and invention. It’s agreements, standards, and sensible regulation, things that sound easy but can sometimes seem much harder to pull off.