Check out all the on-demand sessions from the Intelligent Security Summit here.

Two battles are underway simultaneously in the area of user data privacy. One is a well-publicized regulatory battle. Through laws like 2018’s General Data Protection Regulation (GDPR) in Europe and 2020’s California Consumer Privacy Act (CCPA), governments are trying to rein in the “Wild West” ethos of online life and extend digital protections to all citizens. The second battle is less prominent but is in some ways more interesting — the fight to gain a competitive advantage by doing privacy better.

An indicative salvo: At the start of this month Twitter announced it would update its worldwide privacy policy to give users more detailed guidance about the data its advertisers might receive, in compliance with the provisions of the CCPA. It’s important to understand that there was no need to update global policies for a law that concerns only California residents. Yet Twitter did so. The company also concurrently launched a new Twitter Privacy Center.

It’s not hard to understand why. Twitter thinks a strong position on data privacy could be advantageous. Distrust of social media platforms has never been so widespread, and in the current environment, it’s not crazy to decide that winning on trust can make a real long-term difference to user numbers and bottom line. Between Twitter’s highly visible privacy leadership and its decision to reject all political advertising dollars earlier in the year, the company is making a strategic play for long-term differentiation.

Microsoft is another heavyweight positioning itself to benefit from a commitment to user data privacy. In November the company threw support behind the CCPA by announcing it would honor the regulation’s standards nationwide, making it the first tech giant to come out in full-throated support of the new law. Microsoft is an interesting case; it wasn’t built with user data at the center of its business model, and it doesn’t dominate headlines like its FAANG counterparts. Nevertheless, the company closed 2018 with the biggest market cap in the world, and its stock has soared in 2019. Microsoft’s on a winning streak, and it’s using CCPA as an opportunity to put pressure on rivals to walk the walk on privacy.

I follow all this closely because, full disclosure, I’m founder of a company that builds data privacy solutions. And these developments are compelling because they’re an opportunity to road-test a thesis I’ve held for a long time: The current discussion about data privacy extends beyond simple regulatory compliance; it is the corporate social responsibility issue of the early 21st century, and customers will reward the businesses that get it right. There are global brands that derive a huge amount of equity from behaving ethically. Think Volvo. Ben & Jerry’s. Even more recent entrants like Tom’s. But this sort of ethical brand positioning has been largely absent from the technology world over the last two decades of internet explosion. Now it seems leaders in the space see an opportunity to take this “high-ground” position in relation to privacy protection.

Will the market reward companies that are proactive on privacy? Time will tell. We’re still trying to understand the extent to which consumers care about privacy — i.e., whether they care enough to meaningfully change their consumption habits. At present, the dissonance between the way people feel about privacy and the way they act about privacy is striking. Large majorities of consumers report feeling uneasy about how devices and platforms collect and use their data. But minorities of customers report having made meaningful changes to their consumption patterns as a result of privacy concerns. Perhaps this will continue to be a curious point of dissonance. Or perhaps consumers simply don’t perceive that they have the option to substitute privacy-respecting platforms for those they distrust. But if the differentiation efforts of these tech companies continue, maybe that option will become more clear in the mind of the consumer. And maybe then we can gain a better understanding of how the market rewards responsible data privacy management.

In summary, the California Consumer Privacy Act is a milestone moment in US privacy regulation. But it would be wrong to view it as some sort of end point in the story. Instead, 2020 heralds the beginning of a new chapter in which companies view the issue as more than just a legally-imposed obligation. Getting privacy right can be a key part of brand-building in the coming decade.

Update on December 26: Removed incorrect mention that Twitter issued press releases to all major news outlets about its new privacy policy.

Cillian Kieran is the CEO and founder of privacy company Ethyca.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.