Drawing on discussions from recent MEF Privacy events in London and Las Vegas, CEO Rimma Perelmuter explores the debate around how companies handle the safeguarding of consumer data and asks, in the context of increasingly stringent regulation relating to such data, if the burden of ownership could outweigh the potential advantages…
When the notion of ‘big data’ first emerged around a decade ago, this question was never really asked. For the first time, companies had the ability to gather metrics about customers on a huge scale, analyse them and use the results to make products and services better.
Of course, many seized this opportunity. And they did indeed improve their offerings. It’s been reported, for example, that Netflix examined viewer data to categorise its library into nearly 80,000 ‘micro-genres’ of movie. It used them to make personalised recommendations, which became key to its success.
But more recently, many consumers have started to push back against the idea of giving companies free rein over their data. They are worried about security (what happens if my data is stolen?) and they have general ethical concerns (why does this organisation need to know so much about me?).
At MEF, we know how important these issues are. Our annual consumer studies reveal the ‘push back’ – and how much it is costing.
Last summer, we found that over a third (36 per cent) of consumers in eight countries are put off downloading and using more mobile apps and services due to privacy and security concerns. 52 per cent have deleted apps that worried them. For the fourth year in a row, we found trust was the biggest barrier to growth.
So companies have had to take these concerns on board. And now, they have a growing legal obligation to do so too.
Next year, the EC’s Data Protection Regulation (GDPR) will come into law. GDPR seeks to ensure the data privacy of all EU citizens. As such it will reshape the way organisations across the region store and use personal data – and explain their policies to customers. There will be significant fines for misuse.
All of which brings me back to my original question: is data an asset or a liability?
Over the last two months, MEF has run multiple expert sessions to debate the question of consumer trust and data stewardship.
We’ve heard a range of viewpoints. At one end are the companies whose start point is data privacy. At our London event in December, we heard from Alan Duric, CTO of Wire – a privacy-focused messaging app that encrypts all data. Unsurprisingly, Duric believes organisations should ask for minimal information.
He said: “They say data is the new oil, but I see it as radioactive waste. Most data is not used. It’s just waiting there for damage to be done.”
Listen to the panel in full now
His fellow panellist Gervase Markham, policy engineer at Mozilla, added: “If you store personal data and it gets stolen, you’re in a worse situation than if you don’t have that information in the first place.”
Duric and Markham made a strong case for taking a light touch to data gathering. But other companies cannot take the same approach.
At our CES Summit, we heard from Emily Hancock, VP of legal at Evernote. Since Evernote’s core business is gathering user files, it takes a more nuanced view.
“Obviously, we don’t see data as a liability,” she said. “But we do know we have to invest and innovate in keeping the data secure. And we have our red lines. We never sell or read customer data for example.”
Clearly, in the new climate of rising customer anxiety, organisations must be extra careful about how they gather data. But they must also take the same care over how they explain their policies.
Evernote knows this better than most. When it tried to explain a new machine learning process in December, it faced a backlash. Hancock said: “We wanted to be transparent… but we were blunt and users got the wrong impression. They felt we weren’t treating data with respect – though that’s at the heart of what we do. The lesson we learned was you can’t underestimate that people aren’t paying attention to privacy until they are. So you have to put yourself in the shoes of an everyday user and ask ‘is this what a user would expect’ when thinking about data stewardship. If not, you need to rethink what you’re doing.”
Jan Volzke, VP of reputation data at Hiya, picked up on this point. He said it’s crucial to zero in on the ‘big’ questions when explaining privacy policy. In the case of Hiya, a caller ID app that blocks nuisance calls and texts, there’s an obvious one.
“We wanted to zoom to the most important question rather than explain the whole privacy policy in detail. For us it’s this: ‘why do you need access to my contacts?’ We know that before anyone reads our policy, this is the question they want answered.”
Laura Berger, attorney at the Federal Trade Commission, was pleased to hear this. She believes transparency and the notion of ‘privacy by design’ will not just benefit customers, but also organisations. She said: “Privacy by design will not just keep you on right side of law but will differentiate you as a company that does practice good stewardship.”
Berger believes a big challenge for the future will be encouraging companies in the IoT space to take this approach. After all, it’s easy to see how Hiya and Evernote would be incentivised to be good data stewards. But a company that makes connected cameras? Maybe not. At least not yet.
“Just because your company is not collecting the data, don’t assume you don’t need good security to protect the transmission of data,” she said. Indeed the FTC has already taken action against more than 500 companies related to privacy violations.
The hope is that, in time, these companies will change their internal cultures to address security and privacy concerns from the outset. According to Fatemeh Khatibloo, principal analyst at Forrester Research, this is a lesson every organisation that touches data should learn.
“You need to embed the notion of a data stewardship in every layer of the product design process. From day one you ask questions around the potential harms and risks. It’s just that simple. ”
Get more Insights
For more in-depth discussion on the regulation, use cases, trends and drivers that are disrupting and enabling game-changing opportunities for businesses, consumers and their personal data, listen to more sessions from the Data & Privacy Summit in Las Vegas.
