Apple’s move represents a rare positive step in that battle, as it empowers consumers to take on a system built by what I call the “tech gorillas”—behemoths like Facebook and Google that feed on personal data. It’s a system that intentionally violates users’ privacy, as we saw yet again earlier this month with the revelation that more than half a billion Facebook users’ data had been posted online, from phone numbers and full names to locations and birth dates.

The use and misuse of personal data is not a problem confined to just Facebook and Google. Earlier this month, we also found out that the venerable Procter & Gamble worked with Chinese trade groups to get around privacy tools meant to keep the data of iPhone users safe. In short, we face a global crisis.

Headlines like these will prompt calls from some for more government regulation. Regulatory intervention, though, solves only part of the problem. Businesses must be able to operationalize the law. 

A patchwork of regulations has made it difficult for even the most well-meaning companies to develop consistent, coherent, and achievable data privacy practices.  Compliance in Europe, for example, is not the same as compliance in California. In fact, compliance in California isn’t even the same as compliance in Virginia—the latest U.S. state to join the data privacy fray, with others waiting in the wings.

With a dizzying array of regulatory hoops to jump through, companies are left to make an impossible choice between complying with the data privacy rules and leveraging data for growth.

But with the right technology in place, that is a false choice.

Companies can and must be able to do both, but that will only happen if we change the way we think about data and privacy. It can’t be about either embracing technology with all its warts or abandoning it and giving up the things about tech that we love. Technology created this problem, but it can also help solve it. Apple providing users with tools to control their data is the first step in a long journey to rein in the abuse of personal data by the tech gorillas.  

We need more and better privacy tools, not more regulation. Lawyers and policymakers have started putting standards in place. Now it’s up to technology to do what it does best: help companies move faster, smarter, and more strategically. I talk to CEOs, chief technology officers, and general counsels of big companies all the time, and almost unanimously they say they want to make consumer-friendly data decisions, they just don’t have the tools to do so. That’s a fixable problem.

To do this right, we need to approach privacy tools with three core principles in mind. 

First, they must be programmatic, meaning that software makes them consistently repeatable and automatic. Once a company makes a set of choices about the use of data, it needs to have the peace of mind that its decisions will be applied correctly in practice.

Second, they must be enforceable. Software needs to do more than simply broadcast privacy instructions (which is largely what’s happening today); it needs to be able to actually enforce them across connected systems. 

And third, they must be auditable. The only way to empower consumers to have a voice in the use of their data is to create a digital trail that can be provided at a moment’s notice. This is critical to creating accountability.

My company, Ketch, builds software based on these principles to simplify and automate data privacy compliance for companies. Done properly, data privacy can strengthen a company’s relationship with its consumers, forge a path of future growth, and eliminate future costs.

The first step on this journey requires nothing more than a simple shift in mindset: wrestling privacy from the hands of the “gorillas” and putting it where it must be, in the hands of consumers. Steve Jobs established the core principle years ago, when he challenged us to ask customers about their data privacy: “Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you’re going to do with their data.”

Data exploitation has become a feature of modern life, but it doesn’t have to be that way. Apple’s latest move demonstrates that we do have a choice. We can use cutting-edge technology to design a privacy management architecture that companies can implement to enhance their existing privacy policies and build adaptive ones over time.

We can safeguard data for users while protecting economic growth. We can—and we must—find a balance between innovation and privacy that works for everyone. 

Tom Chavez is CEO of the venture firm and incubator super{set} and the software company Ketch.