In the United States, 92 per cent of individuals reported concern over their privacy while using the internet, highlighting how recent massive data breaches and narratives around Big Tech data monetization have eroded internet users’ trust. This has been especially heightened by the rise of opaque artificial intelligence systems and evolving sociopolitical landscapes.

Gaps in regulation

While the European Union’s General Data Protection Regulation in 2018 set a benchmark as the first comprehensive legal act aimed at enhancing internet users’ privacy rights, it is not without its shortcomings.

GDPR and subsequent regulatory frameworks have largely been ineffective at enforcing and holding Big Tech companies, particularly Google and Meta, accountable for collecting and selling user data. Claims surrounding potential GDPR violations have reportedly taken years, sometimes more than four, to be handled. The delays stem from complex procedures involving multiple agencies and countries handling complaints against specific companies, creating significant backlogs and weakening the act’s ability to enforce and uphold its mandate.  

In the United States, the absence of federal legislation on data protection has led numerous states to take matters into their own hands. The US’s patchwork regulatory reality may create more harm than good, as variations on specific matters create endless compliance complexities for businesses operating across numerous states.

Users then receive varying degrees of data protection based on their location at any given time. Furthermore, for small- and medium-sized businesses, developing individual compliance programs for individual state regulators heightens costs that limit their ability to compete with Big Tech and other large corporations.

Meanwhile, Big Tech has been throwing its weight around with intense lobbying efforts, claiming any sort of legislation with real teeth to it will undermine innovation. While this is a discussion worth having, companies whose business model is highly dependent on data-based ad revenue don’t want increased consumer data protections. 

Despite heightened awareness surrounding the value and vulnerability of personal data privacy, centralized entities, in the form of Big Tech conglomerates and governments, hold powerful sway over our user data. Regulatory protections are usually welcomed, but the lack of transparency between the intentions of Big Tech and governments won’t repair the distrust many have toward both.

Web3’s heightened role

This is precisely where web3’s decentralized infrastructure can bypass centralized entities, whose interests may not align with most users, to provide a higher standard of data protection. 

Blockchain—and web3 more broadly—have had countless iterations and use cases of its technology designed to try and build wealth through games, crypto schemes, or other avenues. However, many projects and developers are either missing or choosing to ignore the potential they have in protecting user data.

Thanks to blockchain’s inherent encryption technology and immutable ledger, some web3-based privacy projects are staking their claim as an alternative to the current web2 system that dominates online interactions to profit from ad revenue. One such example is tomi, a DAO-governed project that leverages web3’s data-preserving strengths to create a decentralized, privacy-focused “alternative internet.”

tomi’s modus operandi is to champion security, data privacy, and freedom of speech throughout its operations and product offering. This includes offering services that advance its mission in material ways—including a VPN, storage, and private messaging service for its users to safeguard their browsing and communications by leaning into web3’s capacity for data privacy. Since the project is governed by a community and works on a unified model to keep the familiarity and UX of web2, tomi’s focus lies in making decentralized technology as intuitive and accessible as possible.

The reality is that as much as regular users would like to take more steps to preserve their data privacy, they’re unlikely to take these measures if there’s any inconvenience involved. This simple fact creates an obstacle that many web3 infrastructure projects don’t feel comfortable trying to overcome.

So, what is the takeaway here? For one, web3 projects must take themselves more seriously as champions of data privacy and protection within a cratered regulatory landscape worldwide. By stepping in with alternatives for those who are concerned about both Big Tech and regulatory overreach, developers have a strong and compelling use case that won’t fizzle out during a market downturn. However, preserving privacy cannot come at the expense of UX, and this must remain at the forefront if projects ever want a significant user base to transition to web3.