Are privacy regulations sufficient to protect us?

For any organization holding its customer’s personal data, GDPR and CCPA have upped the ante on Privacy. The big question for marketing and product leaders is ‘How can privacy be profitable?‘

Chasing the goal of profitability through privacy, I curated the Privacy Conference at Web Summit 2019. I attended sessions relevant to privacy seeking answers.

Regulation is pursuing two related tracks, data mobility and privacy. Open Banking and Open Finance are protocols designed to allow consumer financial data to move securely between organizations. While privacy legislation such as GDPR and CCPA enforce a set of consumer digital rights. But are these enough?

Edward Snowden: In Conversation

In Web Summit’s Opening Night interview Edward Snowden commented on the General Data Protection Regulation, “The problem isn’t data protection, the problem is data collection. Regulating protection of data presumes that the collection of data in the first place was proper, that it was appropriate and that it doesn’t represent a threat or danger. That it’s okay to spy on your customers or your citizens so long as it never leaks, so long as only you are in control of what it is.”

In addition to collection, critical decision-making is being turned over to Machine Learning algorithms that act on available data. Given biased training datasets, algorithms answers will propagate the bias. An algorithm to identify high-risk patients to provide access to special health care programs was found to be racially biased. Decisions that affect the lives of millions of people are now programmatic.  

Margrethe Vestager: In conversation

Margrethe Vestager re-spun Asimov’s laws of robotics, “The first priority would always be humans, that technology should serve us and that we need humans to understand what is going on to create what is gong on and to do that as a community, the challenges that we have to make the tech community in itself, the user community much more diverse and also to reflect the world that we want to live in.[..]  but the bottom line of all of this is that we may have new technology, but we do not have new values, dignity, integrity, humanity, equality, that’s the same.“

The data trail we leave behind today goes way beyond our transaction histories, web search and social. The streams of real time data – from smart homes, vehicle telemetry, connected devices, and where our face or identity is recognized and tracked in public places – reveal the most intimate details of our lives. When combined this amounts to total surveillance greater than for any incarcerated person. Privacy legislation simply cannot keep pace with technological innovation whether it is new methods of tracking us, new algorithms to analyze and predict behavior or easier ways to combine data.

Brittany Kaiser: Can anything be private any more?

Brittany Kaiser provides the last word on this topic, “We can have all the laws and regulation in the world but if it is not enforceable by technology, the tracking and traceability of data, transparency, opt-in and consent and permission structures, and the ability to monetize our data for ourselves instead of giving it away nearly for free, then there’s no way forward, it has to be technology and law together.”

Back to Web Summit 2019 – The Privacy Track

Next Steps For Marketers

As a marketer, your job is to create and nurture product markets. Data has been incredibly effective in enabling this, yet without regulation has created paths to exploitation and bad actors. New regulations put a throttle on current customer acquisition practices and engagement models. Yet there is an opportunity right now to turn this constraint into competitive advantage. Here are 6 steps to move to a privacy-for-profit model.

First build trust

1. Implement Governance: establish an actual operation model for governance that goes beyond compliance.
2. Offer Transparency: ensure that your current customers gain transparency into how their data is used and the benefit they receive.
3. Enable Control: give them some means of control, there are many third party solutions that could be leveraged.

Then find profit

1. Determine Value Proposition: what are new propositions that can be created out of consent. What are the data products, what is the consumer offer?
2. Create the Value Chain: what is the data value chain required to deliver a profitable business. How do we create a data mobility infrastructure and work with partners to create new value?
3. Make it Scale: how can the profitability grow as that proposition scales? What are the business models and data value projections that will justify investment?

3 Points Digital’s Personal Data and Privacy practice will help you find the profit model in your privacy preparations. We provide interim Chief Data Officers and frameworks for Governance, Transparency and Control.

Web Summit Videos

In Conversation with Edward Snowden. Edward Snowden and James Ball

Can anything be Private Anymore? Brittany Kaiser, David Chaum and Joseph Menn 

In conversation with Commissioner Margrethe Vestager