Business historians might one day see 2018 as a pivotal year. We are in the midst of an AI revolution, with more and more data being processed by algorithms that will help us to make better decisions or simply make the decisions for us. But the collection and exploitation of this data is not without costs and historians might view this year as the year when society began to realise that.
An obvious example of that is GDPR, which came into force in Europe in May 2018 as a tool for regulating data use and protect individual privacy. Companies worldwide have had to take it into account if they want to continue providing products and services in Europe.
GDPR came into effect a couple of months after the Facebook-Cambridge Analytica scandal revealed that Cambridge Analytica had collected data from millions of people and used it for political purposes without their knowledge or permission. Facebook's share price dropped and trust in the social network fell from 80 per cent in 2017 to around 30 per cent.
In October, Tim Cook, chief executive of Apple, spoke at the International Conference of Data Protection and Privacy Commissioners and called for more regulation, not less. Mr Cook warned attendees at the Brussels event that our data "is being weaponised against us" and argued that AI "must respect human values — including privacy".
He added: "We should celebrate the transformative work of the European institutions tasked with the successful implementation of the GDPR. We also celebrate the new steps taken, not only here in Europe but around the world — in Singapore, Japan, Brazil, New Zealand. In many more nations, regulators are asking tough questions — and crafting effective reform. It is time for the rest of the world, including my home country, to follow your lead."
That's a pretty clear statement of intent. Critics have pointed out that Apple's business model does not rely on accumulating data as much as those of its more advertising-driven rivals, Google and Facebook, who Mr Cook referred to as the "data-industrial complex". That's true but if Apple is seeking to make data privacy a competitive advantage then its rivals should take notice.
According to a GlobalWebIndex survey from September 2018, 70 per cent of internet users in the UK and US say they are more concerned about their online privacy now than they were a year ago. Meanwhile, an April 2018 study found that just 20 per cent of consumers "completely trust" organisations to protect their dat .
While Mr Cook was speaking in Brussels, Facebook's privacy chief, Erin Egan, was in Washington DC lobbying for a US version of GDPR. You might imagine that Ms Egan's meeting was followed by a delegation of turkeys lobbying for Christmas, but Facebook's position is not that strange. The social network is well aware of the public mood and, more practically, is keen to avoid every US state taking its own approach to data privacy, which would leave companies dealing with numerous complex regulatory systems.
If you are a company that collects - or buys - user data and leverages that in your business, what should be your approach to data privacy? If 2018 truly is a watershed year, then the first principle has to be transparency. You have to be open with customers about the data you collect, what you do with it, and what they get out of the deal. This process should also encourage you not to collect and keep data that you don't need.
Second, build trust with your consumers. Greater transparency will help. Anyone working in data security understands that breaches cannot be avoided with 100 per cent certainty, so if, or when, a breach strikes your business, then customer trust will be key to how well you recover and how quickly.
Finally, businesses need to be prepared for a change in data ownership. There has been talk for some time about individuals having personal data accounts, in the same way that we have bank accounts. We would then allow trusted businesses to access particular data, for a specific amount of time, in return for services. We are a long way from that. Online data is simply too messy for the average person to know how to take control of it - or to have the incentive to do so.
Data accounts might not be here yet, but they seem more likely now than they did a year ago. The question is whether the events of 2018 really will change our approach to data. The business historians writing about the data industry of 2028 will decide.