When a Glacier and Volcano meet: How data privacy is both changing slowly and quickly

Robert Thelen
7 min readNov 19, 2021


Did you feel it? Sometimes change can happen slowly, like a glacier retreating over millennia. Every day, a few more feet are gone, but from a distance, day-to-day, it looks the same. Sometimes change can happen quickly, like a volcanic eruption that creates a new island. These events are so jarring and unsettling that the world seems new. Both glaciers and volcanos irrevocably change the physical environment around them and the psyche of any human who experiences them. Data privacy has seen both glacial changes and volcanic eruptions leading to a moment of collision.

The Glacial changes — Regulations

The power of a glacier is sometimes overlooked in the short term due to its slow speed, but over the long arch of time, few forces are as powerful. Mountains are capped, lakes are created, billions of tons of earth are moved over hundreds of thousands of years. Governments are like glaciers, they move slow, but their power is second to none. New regulations or rules, when enforced, can create brand new landscapes of opportunity and put insurmountable pressures on even the largest companies.

The first signal of the coming wave of data privacy regulations came from Europe in the form of GDPR. After a decade of piecemeal laws and rules, in 2016, the EU adopted the most extensive data privacy regulations on the planet. When the principles went into action in May 2018, the EU gave its citizens more control over their personal data than ever before. Companies, monopolies, and well-funded lobbyist organizations were quick show the economic costs, and even quicker to dismiss the possibility that Americans would ever want such a law. For a few years, privacy was a European phenomenon.

After the EU, dozens of other countries slowly started to protect data privacy and even some US states started to add laws. Now 66% of countries and 20+ states have passed or are proposing data privacy laws. Since the beginning of the internet 30 years ago, it took 26 years for a comprehensive law to be written, but the slow change of regulations and pace of government can be seen all around us. Cookie popups, “California opt-out” buttons, Data Subject Requests, more comprehensive protection, and fines for data breaches are all a result of these regulations. This slow-moving force has established new norms and expectations; entire mountains have been moved.

The Volcanic changes — consumers and companies

It seems that in the United States app developers and advertisers who rely on targeted mobile advertising for revenue are seeing their worst fears realized: Analytics data published [in May] suggests that US users choose to opt out of tracking 96 percent of the time in the wake of iOS 14.5.

When Apple released iOS 14.5 late [April], it began enforcing a policy called App Tracking Transparency. iPhone, iPad, and Apple TV apps are now required to request users’ permission to use techniques like IDFA (ID for Advertisers) to track those users’ activity across multiple apps for data collection and ad targeting purposes. — Ars Technica

We are in the middle of an eruption. The earth has been shaking for a few years and the magma bubbling for several months, but the lava started to flow in May 2021 when Apple introduced the new privacy features that gave their consumers the right to turn off app tracking and 96% took advantage of this new feature. What looked like a drastic action by Apple was very well-calculated and safe considering the changing consumer attitudes around data privacy. They knew the eruption was coming and took steps to stay safe in public opinion.

In April 2020, McKinsey and Co (the famous consulting firm) released research showing that U.S. consumers care about data privacy. Citizens looked at Europe with longing eyes and are starting to feel abandoned by U.S. companies.

The responses reveal that consumers are becoming increasingly intentional about what types of data they share — and with whom. They are far more likely to share personal data that are a necessary part of their interactions with organizations. By industry, consumers are most comfortable sharing data with providers in healthcare and financial services, though no industry reached a trust rating of 50 percent for data protection. — McKinsey

Other than healthcare and finance, no industry received a trust rating over 20 percent! Poll after poll started to show that Americans care about privacy. Some of these polls show that the real tipping point was back in late 2019. Even a volcano takes time to build.

Why did Apple go all-in on privacy? Because its users were demanding it. The truth is, this has been one of the most significant build-ups in modern tech history. The signs have been all around us, from opinion polls to mass Instagram migrations, to companies putting privacy front and center as a competitive advantage.

“To increase customer trust, executive leaders need to build a holistic and adaptive privacy program across the organization and be proactive instead of responding to each jurisdictional challenge.” — Bart Willemsen, Vice President Analyst at Gartner ; Source: IBM

The eruption under a glacier

Eyjafjallajökull erupting

Although rare, sometimes a volcano erupts inside of a glacier, causing great releases of energy that the world can see. In 2010, Eyjafjallajökull erupted over the glacier of the same name. For three weeks, most flights between North America and Europe had to be canceled or rerouted at great expense.

In the tech world, we have seen this type of collision of energies before. In the early 2000s, slow-moving financial tech regulations and standards on how credit card information (PCI) could be stored, met a fearful consumer who no longer trusted e-commerce sites with their credit card numbers. At that moment Stripe was born and set up the fintech decade to follow. The glacier and the volcano overlapped, and in the early 2000s it blew up for the fintech industry.

Personal data privacy is having a similar moment. Slow-moving regulations and standards around personal data are directly above a consumer that is suspicious and distrustful of almost every website and app, but not just with their credit card information, with all of their digital information. The good news is, like Stripe before it, the answer here is simple.

Google, the search engine giant and the most prominent collector and processor of user data, recently gave tips around how to lean into these changes. Google recognizes that when the lava starts to flow, you have no choice but to accept it and move and adapt to avoid the heat and destruction. There is no “putting it back in.” There are some long quotes below, but having Google say this is important.

Transparency is crucial to build trust. People prefer to buy from companies that are clear, open, and honest about the personal data they collect and why. Eight in 10 adults believe companies should provide more detail upfront about what data they collect from visitors to their websites. Responsible brands can cater to these demands by ensuring they use non-technical language, provide information in the right context, and avoid lengthy privacy policies.

Our research found most people feel they lack control over their own data. Eighty percent of people are concerned about potential misuse of their personal information. People want to retain ownership of their information and they want to feel in control. When they feel they have the time to consider their choices and willingly provide information, they feel far more comfortable.

Customers should be able to review and manage the way their data is used, such as opting out or managing the frequency of marketing communications. People are three times more likely to react positively to advertising when they feel a greater sense of control over how their data is used. People feel empowered when they have this sense of control. For some, this creates a desire to further tailor their marketing experiences to better suit their needs1— opening up additional opportunities for brands to build long-lasting relationships that offer value to both parties. — Emphasis added — Google research

What is a shock right now will become standard in a few years. A new and more fair landscape will result from the tumultuous months behind and ahead of us. The good news is, the internet (and the next generation) will thank us for leading these changes.

We are building a better internet with data privacy at Rownd. Using our B2B SaaS tools, any website, app, or company can be a leader like Apple and create a competitive advantage with privacy. We’d love to chat with you further about data privacy. Visit our website or get in touch today!



Robert Thelen

CEO @ Rownd, ex-Google, ex-IBM, Air Force Vet / Afghan war vet, Data Privacy Revolutionist