As a lawyer in the digital business world, I see every day that technology innovates far faster than the law can keep pace. Companies of all shapes and sizes – from startups to corporate giants, from new disruptors to old guard institutions, from local shops to global conglomerates – want to win new business by using digital innovations. As a result, lawyers like me are routinely asked to bless a new digital business plan or action as “legal.” Providing such certainty can be difficult, if not impossible. For any business to succeed in digital environments, the key is finding the right balance of risk and reward. This is why data validation is of upmost importance to make sure the data is in compliance and of use to your business too.
Breaking through risk does not mean breaking the law. As a lawyer, I have great respect for law and ethics, and believe all businesses should as well. But many laws were written well before the digital age, and technology will always move faster than law. So the legal system cannot fully predict how statutes, judicial thinking, regulators, and case precedent will apply to new technologies and business models. While all companies face risk, those who operate in the digital world face the added uncertainty of working in uncharted (or certainly, less charted) legal territory.
Risk v. Reward Factors
Legal uncertainty makes it harder to perform any reward vs. risk calculus to guide business decisions. For example, here are some typical factors to be considered:
On the risk side, the first factor – the chance and severity of possible legal or regulatory claims – heavily impacts all the other criteria down the line. When the law cannot give comfort on that first risk factor, companies must tolerate more discomfort in the rest of the calculus.
Not surprisingly, start-ups tend to be the most aggressive – especially in their early stages. By their nature, start-ups tend to disrupt existing industry models, create new markets, and push legal boundaries. That does not, however, mean start-up founders are unwilling to listen to the risk factors. Having spoken to many tech entrepreneurs, I can tell you the smartest ones will accept sound advice and alter their business plan to manage – though perhaps never fully eliminate – legal risk.
On the other end of the risk spectrum, established corporates make far safer calculations. They answer to more constituents, may be public companies, face greater scrutiny and rightfully need to proceed with caution. But institutional goliaths can still be innovative. I’ve seen large corporations build new revenue when they embrace digital platforms and products, experiment with technology applications, and try partnerships with digital enablers. Megacorps just take longer to act than start-ups, weigh the risk factors more cautiously, and often play with a longer horizon in mind.
Example #1: Online Gaming
Take for example the world of online gaming – where there is significant money to be made in the U.S. The American regulatory climate is slowly opening up, as 3 states now permit some form of intra-state Internet gambling. As this shift happens, I increasingly get asked to review business plans related to i-gaming. Ideas from start-ups are ambitious – with desire to launch online casinos, fantasy sports game variations, social games with in-game pay components, and games that appear to be quasi-gambling. Emerging companies want to build, launch and scale quickly. Companies must take into consideration the safety of being able to use and play these games on a mobile or computer first. By taking a look at this safety guide to downloading apps before making any further decisions about their creation can make sure they are taking the route that is the right one for them.
Simultaneously, established goliaths are also exploring what role they can play in a U.S. online gaming market. But unless they are already the licensed operators of land-based casinos, big corporates are proceeding with extreme caution in this heavily regulated field. They wait to see which additional U.S. states may license online gambling and in what forms. They consider other ways to participate without being a gaming operator – such as licensing their brands and properties for someone else to develop and operate digital games. Or if they are publishers or Internet advertising providers, they explore taking advertisements from i-gaming operators.
Other factors exist. Many companies exist for the pure purpose of providing players with in-game assets that they may be either unable or unwilling to work towards. For example, many players want to know the best wow classic gold seller with the current excitement from Blizzard’s rereleased MMORPG World of Warcraft Classic, and others may even provide online gambling for that in-game currency, separate from the game itself but still using an asset generated within its confines.
Is all this i-gaming-related activity legal? As lawyers are prone to say: “It depends”; it depends on the exact activity and jurisdictions involved. Yet even with uncertainty, there is invariably some way to reduce risk enough for companies to feel comfortable proceeding. It may mean scaling back on a business approach and revenue expectations, or it may require changing course entirely. But the opportunities are too great for companies to simply ignore this sector merely because the law can be murky. Indeed, the U.S. online gaming market exemplifies the reward vs. risk calculus of innovation: new technology and new ideas are pushing companies to balance what risk is acceptable against potential reward.
Example #2: Data & Privacy
We can also see the risk vs. reward calculus in the world of data and privacy. A great power of digital technology is the ability to collect data from – and about – consumers. Data is gold, and provides mechanisms to target consumers with tailored advertising messages like never before. Established corporates want to collect and leverage consumer data just as much as start-ups. This triggers rightful concerns about protecting consumer privacy, giving people notice and choice about how their data is used or shared, and safeguarding security. And more often than not, marketing teams tend to be aggressive. They would rather collect more consumer data than less. They would rather track online and mobile user activity than not track. They would rather require consumers to opt-out of their desired marketing practices than get affirmative opt-in consent to start.
Again, no lawyers can bless as perfectly safe every new use of consumer data that companies want to pursue – because it’s rare that any innovation presents 0% legal risk. But the business opportunities are hard to ignore, so smart companies find a good balance. They know that pushing the envelope on data issues might create short-turn gains in customer acquisition or revenue – but could undermine public faith in the long run. They recognize the value in data targeting and sharing innovations, but must never lose sight of what they would tolerate as consumers themselves. They understand that just because something is “legal” does not make it “right” for generating customer trust or a good company reputation.
Finding the Right Balance
And that’s where I think any calculus needs to end up. Even after examining all the logical factors, smart executives must ultimately trust their internal barometer for what feels “right.” Digital business innovators will always be envelope-pushers, actors in grey zones, and comfortable with discomfort. Success comes from finding the balance of managed risk that feels right for your enterprise.