The secret is out. A number of tech companies, in their quest for ever-higher profits, play fast and loose with consumer privacy. And that’s because the way they make money is by exploiting the data of their users.
Nowhere is this truer than with companies that offer their products for “free.” Free is never really free—at least not online—since these companies actually depend on advertising revenue to prop up their bottom lines. So while you might not be paying money for the use of their products, they will exact their price: you have to give up reams of personal information to access your favorite apps, from your location to your online history to your contacts.
All this information is gold to advertisers.
You’ve probably heard: “If you’re not paying for it, you are the product.” Businesses driven by an online advertising model have stretched this maxim even further: “If you’re not paying for it, you, your friends, and your family are the products.” Many leading technology companies relentlessly monitor the actions, clicks, and conversations of their users with the primary motive of uncovering personal habits and interests. This data is neatly pressed into “actionable market segments”, packaged and sold off to the highest bidding advertisers, so that they can target their messages to the consumers most likely to buy.
In fact, the more granular the data, the more advertisers will pay. An advertiser’s fulfillment of accurate market segmentation is in reality a total invasion of privacy for you and me.
Consumer privacy is fundamentally incompatible with an online ad-revenue strategy.
Of course, it doesn’t stop with what advertisers yearn. The recent Facebook-Cambridge Analytica scandal revealed that third-party vendors also have access to the treasure trove of personal data and are doing whatever they want with it—ethical or not. In the world of social media, nefarious outcomes compound uncontrollably. The Cambridge Analytica data breach compromised 87 million consumers after gathering data from only 270 thousand users!
We only know about the Cambridge Analytica scandal because that story was widely reported. But how many other companies have easy access to our personal information? How many more are violating our privacy at this very moment?
Regulators are waking up and taking action. Governments in Europe, India and elsewhere are demanding change since they understand that many of today’s tech-business models depend on the violation of consumer privacy. The EU’s General Data Protection Regulation (GDPR), which goes into effect this month, is one such response.
According to GDPR rules, companies are required to know whether their data is secure and whether any data elements could be used to de-anonymize users and reveal personally identifiable information. The GDPR also requires companies to seek explicit permission from users before showing them personalized ads, one of many restrictions aimed at ensuring privacy. The penalties for noncompliance are severe—as much as four percent of global annual revenue, depending on the nature of the offense. Every organization that does business in Europe or with European customers is now racing to comply with the GDPR.
India is another country that’s protecting consumer privacy and holding companies accountable. Recently, the country’s Supreme Court ruled that privacy is a fundamental right for its 1.3 billion citizens, and this right is protected under the country’s constitution.
In its ruling, the court took direct aim at the technology industry, noting that companies like Facebook and Google know way too much about us. “This can have a stultifying effect on the expression of dissent and difference of opinion, which no democracy can afford,” the court said. “There is an unprecedented need for regulation regarding [how] such information can be stored, processed and used.”
Increasingly, the burden for protecting consumer privacy is falling back on to the shoulders of businesses. Companies must now make consumer privacy their responsibility; not just because governments are forcing them to, but because it’s the right thing to do for their customers and therefore for themselves.
You might be asking: How can your company make privacy a core responsibility?
The first step is to examine your processes for data collection. Adopt a policy of asking for the least amount of user information, gathering only what is needed to do business. For example, if you only need a customer’s email to conduct a transaction, ask not for their home address, telephone number, and date of birth as well.
Next, if you do collect customer information, let them know what you have on them. Most people are shocked when they uncover the amount of information social media and other companies have gathered about them. Be open and transparent with customers so there are no surprises down the road.
Companies shouldn’t treat data privacy regulation, like GDPR, as a cost of doing business as though it were some burdensome audit process they must comply with.
Here’s an analogy. In the past, a company facing new environmental regulations in one region would simply move its operations, or waste, to another region with weaker regulations and trash the environment there. Such practices are no longer acceptable: today’s savvy consumers simply won’t stand for it. Similarly, companies that skimp on privacy protections—or honor them only where they’re mandated—are destined to be shunned in the long run. We live in a global economy where privacy is not a first world prerogative.
It’s time to rewrite your privacy policies. Today, most are written by lawyers with the intent to obfuscate and confuse. Consequently, most consumers just click the “agree” button without even knowing what they have haplessly agreed to.
Make your policy so plain and simple that even a 5th-grader will know what data you’re collecting. Who knows? It might actually be a 5th-grader that is your user today, and possible patron tomorrow.
And finally, if your business is ever breached, tell your users right away that their data has been compromised. Consumers today tend to find this out in the press. Your users deserve to know the truth, and they deserve to hear it directly from you, not from their newsfeed.
An approach to privacy stems from a corporate moral footing. When it’s a reaction to regulation, it will always fall short. Consumers are demanding full accountability and, increasingly, will reward those companies that make data privacy a central tenet of their business strategy.