What is policy in a tech company?

Director, Policy.

It’s amazing how little this job title really tells you about what this role or the team do.  If the role were head of legal, or marketing, or engineering, you’d be able to take a pretty good guess.  But in the tech sector, “policy” is one of those words that people don’t really know what it means (which is fair enough, because it usually means different things to different companies).  I recently asked a colleague who works in the policy team at one of the big tech companies about what “policy” actually means in their org chart.  Funny you ask that, she said, because we were just trying to work that out the other week.  This is a Silicon Valley company with one of the biggest policy teams in the tech sector and they’re still trying to work out what “policy” means to them.  So I started asking that same question of other policy people in tech companies and realized that when we each say “policy” we can mean vastly different things.  I happen to think that policy is incredibly important in the tech sector, so in the interests of having a conversation about it, I want to first talk about what “policy” actually means.

“Policy” is a framework for deciding what to do when there is more than one valid choice available.  Unless you have policies, you are just making decisions on the fly.  To me, good policy tells you how to navigate the gray areas between legal and illegal to do what is profitable and what is right.  Good policy is that sweet spot where your legal advice, business imperatives, and company values all align. 

So, what does this mean for what a policy team might do?  Each company arranges their teams very differently but I wanted to share one way to conceptualize the three different buckets.  It’s imperfect, but it’s as good a place as any to start.  The three policy buckets are:

1.     public policy;

2.     internal policy; and

3.     policy development.

“Public policy” means the work that tech companies do to engage with public institutions and influence government policy.  This part of “policy” is often done out of DC by folks who have strong political connections.  A public policy advisor is the kind of person who helps advocate and progress a company’s position on issues such as net neutrality, encryption, or immigration reform.  They help work out whether the company should be working in coalition with other tech companies on shared issues and whom they should be calling on the Hill.

“Internal policy” is a broad, catch-all term to try to encompass all the policy decisions that a company makes internally about its product development.  This could include policies on data sharing and privacy, online harassment, content removal, and fraud management.  Depending on the company, sometimes these roles can be called policy counsel, product counsel, or simply be rolled into the work of other roles such as legal counsel or product manager.

“Policy development” is probably the least descriptive term of the three, but it’s difficult to think of a better alternative.  This bucket of work is about how to develop a principled stance on the way a company and its products interact with outside stakeholders.  A role in this area will usually specialize in one aspect of the product and its interactions.  One example is policy on the way in which a company handles requests for user data from government agencies or censorship requests.  How can a company ensure that its users can trust a platform with their private information, but also assist law enforcement in preventing criminal activity?  Should the data be encrypted and who should hold the keys?  How should the company decide which requests to respond to?  Should the laws be changed? In this way, policy development bridges the divide between public policy and internal policy.  It works out how internal policy and public policy should be shaped to meet company objectives, usually on a specific issue.

I hesitated to write this post because I felt like I should wait until I had a better way to categorize different types of tech policy.  However, after having talked with policy professionals in several of the large tech companies, this really is the best conceptualization that I’ve heard.  It feels like we are at a very early stage of our discussions about the role of policy in a tech company but it’s an important discussion to have.