by Rob McGovern, CEO of PreciseTarget
These days, nothing will bring down the mood in a room full of data and technology executives as quickly as the topic of consumer privacy and data security. As scrutiny of long-standing industry practices continues to mount (especially at Facebook and Google), executives are watching anxiously to see what looming regulatory and legal actions could mean for industry practices going forward.
The fact that consumer privacy is viewed as a dangerous topic in many industry circles— to be monitored and managed, but not proactively tackled—is indicative of a massive problem within the data and technology space. But what if we flipped our perspectives? What if, rather than fretting over how to preserve “the way it’s always been done,” we forged a new path—one where privacy is part of the fundamental system design?
It’s time for consumer data companies to rethink privacy. We must discuss it openly and ensure our behavior is beyond reproach. Those that do so will not only be fortifying themselves against future legal and regulatory headaches, but also putting themselves at the fore of what will become the next big competitive differentiator within the tech space: consumer-first privacy protection.
Regulations Won’t Solve It
Given the sweeping wave of data privacy regulations that are either already upon us or currently in the works, there’s a common misconception that the government, for better or worse, is already in the process of “solving” the consumer privacy question. That logic is flawed in two ways:
- Policy makers are ill-equipped to formulate reasonable, enforceable privacy legislation.
- Even if legislation were well-conceived, it would be unlikely to thwart privacy violations among tech companies that aren’t willing to fundamentally change their business models.
Laws like GDPR in the EU and CCPA in California are attempting to secure consumer data by imposing fines on violators. The problem is that the resulting fines—even multi-billion-dollar dings—are still just a drop in the bucket when it comes to how much companies like Facebook and Google are profiting from consumer data. In addition, on the regulatory front, the government is incapable of keeping up with tech companies, which can devise policy workarounds much faster than legislators can close loopholes.
Where Current Arguments for Privacy Invasion Fall Down
Most tech companies collect consumer data on the premise of personalization. In other words, the data they collect is used to personalize a consumer’s online experience—and people want personalized experiences. So, data collection is really for the benefit of the consumer, right?
At most companies, that argument is a smokescreen. Consumers do want personalized experiences, of course, but they don’t want to become the product. And that’s precisely what’s happened within many of today’s business models. Data is used to personalize experiences, yes, but that data is also used in much less charitable ways—such as promoting ads to other on-platform users and being leveraged by third parties for purposes elsewhere.
Think of it this way: I love that Spotify learns my preferences and selects songs accordingly. I do not, however, want everyone who plays Elvis’s “Blue Suede Shoes” on Spotify to see a notation that says, “Rob McGovern always listens to this song when he’s in the shower.” Empower me with personalized music—but privately, please.
A Better Path Forward
Consumers are tired of their data being exploited, and their frustration is building to create a powerful new current within our industry. In the long run, pro-consumer data companies are going to become much more valuable than data exploiters.
So what does a pro-consumer data company look like? In our view, the system needs to be designed around three principles:
- Aggregated data: The personalization of experiences requires companies to derive intelligence from large data sets, and the presentation of that data should remain at an aggregate level. When making recommendations to a person, you should show them recommendations based on the larger data sets—without exposing person-level data.
- Go beyond encryption: Ideally, consumer data companies shouldn’t possess personally identifiable information, meaning they shouldn’t be able to directly identify a consumer in their system. Some players try to gloss over this by saying their identity information is encrypted, but encryption is only as strong as the most powerful brute-force hack. We must go beyond current off-the-shelf encryption models.
- Consumer centricity: Finally, the very design of data systems needs to be aligned with the desires of the consumer. In other words, when data is applied in the real world, it should serve the wants of the end user, not a retailer’s inventory clearance needs.
The data exploitation problem won’t be solved with new laws—but it will be solved by market forces. As consumers continue to place greater emphasis and value on their privacy and the protection of their data, we’re going to see a new class of companies rise to deliver on their demands. These companies will transform the competitive landscape as we know it.