“Moving fast and breaking things” has never created trust. Start-ups must build customer trust from early days by embedding sound security and privacy practices in the products and in their culture.
The current business paradigm, structured by big tech firms over a decade ago by which individuals willingly provide their personal information in exchange for a service may be reaching crisis point.
Over time, unenforced regulations simply get ignored and become useless. It is likely that things won’t change until the regulators make them change, and they will have to go sooner or later through a harder enforcement line.
Quite a lot will now go down to the regulator’s appetite. If they are inconsistent, too heavy-handed or too lenient, focus only on the GAFA, or pick the wrong battles with small firms, they will dilute the act, endanger their credibility and lose momentum.