It is easy to get caught up in the greatness of Big Data analytics. It's a marketer's dream: tracking customer activity; understanding what he or she is thinking, doing—using this information to transform every interaction into unexpected delight. To know the customer is to love the customer, and companies everywhere are showing that love through personalized offers strategically mapped to individual needs, wants and propensities to buy.
All goodness there.
But, what happens when things go a little too far? When the use of customer data transgresses from "friendly and engaging" to pseudo-stalker-like? When, instead of analyzing it for their own insight, companies sell customer data to the highest bidder?
"Today, big data is just as disruptive as the technology that enables its collection and availability, except it's all but traded as a commodity. That has both positive and negative consequences," explained Scott Schlesinger, senior vice president and head of Business Information Management for Capgemini. "It's great to get an offer for something you really want that saves you money or gives you options. But, it's not so great when you start to feel like your every movement is being tracked, shared and sold at will."
Most consumers accept data tracking as the price they pay to use Facebook, Google or similar sites for free; or secure coupons or discounts from their favorite retailers. It's a collective win-win. You give me what I want; I'll share what you want to know.
But, the data round-up doesn't end with retail or your favorite search engine.
It's Not Who You Know, It's What You Know About Them
"Financial institutions have been collecting and selling depositor data for years. Granted, it doesn't have my name and your name, but it does have demographic information like '39-year-old female, lives in Cleveland, $X in deposits and these buying patterns,'" Schlesinger said. "Even though the data itself is anonymous, would some customers feel violated if they knew about the practice? I'd have to argue 'yes.'"
A recent Reuters post by Leila Abboud explained how some telecom companies are weighing the risks versus the rewards of selling data on their mobile phone users' locations and browser movements—an endeavor that some analysts predict could grow into a multi-billion-dollar market. According to the post, by placing probes in mobile networks, providers can capture millions of records a day, strip this data of personal information, then pool it so it can be sold and analyzed for patterns.
And that super-cool free or 99 cent app you just downloaded to your phone? If you're big on privacy, maybe you should read the fine print.
"If someone creates a 99 cent car comparison app, the developer probably isn't making money on the sale of that application but on the sale of the data collected through that application," Schlesinger said. "Car manufacturers, automotive dealerships, even some lenders—to them, the data collected is far more valuable than the application itself. In some instances, the app is a means to an ends; a road to a more lucrative buyer."
Is this bad? Is this good? This ability to collect this massive amount of information is relatively new, so it's hard to say.
"The point is, companies have to balance consumer perception against the benefits of leveraging data. Do they use it to engage their customers? Do they sell it to increase income? And if they're going to sell it, how do they 'sell' that concept to their customers?" Schlesinger said. "If a bank proactively approached a consumer, explained clearly what it was doing with his or her anonymous data, and offered a fee reduction or some compensation for using it, I bet it would get a very positive response. The consumer would feel like he or she is in control, as well as sharing in the wealth the institution gains from selling this information."
Privacy from the Legal Perspective
Okay, so we covered some strategies, but what about the rules? When it comes to data privacy, what's legal and what's not?
The answer to that question depends on where you live (and how actively you accept terms or conditions without reading them through).
"In the European Union (EU), privacy laws cover all data, whereas in the United States, privacy laws focus on financial information, health information and children, with additional state laws around certain disclosures and consumer protection enforcement by the Federal Trade Commission," explained Christopher Wolf, a director of Hogan Lovell's Privacy and Information Management practice group, and one of the first lawyers in the United States to specialize in privacy law. "Although privacy laws in the U.S. are not as expansive as those in the EU, the enforcement is far more robust. So, the EU has more on paper, but in many ways, privacy practices in the U.S. are under closer scrutiny."
But according to Wolf, most of the companies he works with are more concerned about maintaining a positive public image than circumventing the rules.
"As consumers become more aware of how their data is being used, companies are becoming more sensitive to individual privacy concerns. Businesses are becoming their own privacy stewards, taking steps to be as transparent as possible to protect their brands' reputations and secure consumer trust," Wolf said. "As a result, consumers are seeing more prompts, like 'do you want to share your contacts,' location, or other information, in addition to the lengthy disclosures."
Is this new transparency a united attempt to avoid tighter regulations? According to Wolf, quite the opposite is true.
"Some of the companies I work would welcome a baseline law that privacy practices. Currently, there's no consensus, which makes things challenging for companies and consumers alike," Wolf explained. "The Obama Administration proposed a Consumer Privacy Bill of Rights two years ago, designed to give users more control on how their information is used and to give specific guidelines for businesses. Consumer advocacy groups and some businesses have continued to encourage passage of such a law."
However, even when extensive regulations are in place, the world of data privacy still has some grey areas. Case in point? The EU's "Right to Be Forgotten," which enables consumers to essentially make their Internet presence disappear. First of all, it's questionable that this feat is technologically possible. More importantly, would a U.S. version of this Right conflict with one of our Founding Fathers' fundamentals?
"There's an interesting case before the EU Court of Justice (the EU version of the U.S. Supreme Court) involving a consumer whose foreclosure reported in a Spanish newspaper came up in Google. That consumer asked to be 'forgotten' electronically, to put that incident behind him. Google Index said no, we index information as it appears on the web," Wolf said. "This is a case where an alleged broad right to be forgotten bumps up against the right of free speech. Google is likely to win that one in the EU."
So, do we have to discard our First Amendment to gain our data privacy? Do we have to accept a public online persona as a fact of connected life? Or can we meet somewhere in the middle?
The reality is there is no perfect solution right now. But, we are making progress.
Start By Examining Your Own Data Policies Today
"The best advice I can give companies right now is not to wait for legislation. Choose your data strategies carefully. Create strong policies around customer data and communicate those as clearly as possible. Employ state-of-the-art security measures to protect sensitive data," Schlesinger said.
Finally, know that the conversation around data privacy is only just beginning.
"I think the growth of the privacy protection industry illustrates just how critical this topic has become," Wolf of Hogan Lovell said. "This year the International Association of Privacy Professionals, with tens of thousands of members, is meeting here in Washington D.C. Ten years ago, membership would not have filled a large auditorium."
Clearly privacy has become a very public topic indeed.