Data at scale has transformed the way businesses operate, and growing access to consumer data continues to change the way companies develop and market products and services.
Business leaders have every reason to regard this as a positive development, and data usage benefits consumers too as it enables increasingly accurate personalization demanded by consumers.
At the same time, companies are under increasing scrutiny for how they use consumer data, and governments are responding with more legislation to protect privacy rights. According to a KPMG survey, 86% of consumers say data privacy is a “growing concern,” and more than 62% of business leaders acknowledge their companies could do more to protect consumer data. But how?
When Consumers Are the Product
The problem is that most of the time, companies’ use of the consumer data obtained from third parties falls into an ethical grey area, at least as far as consumers are concerned. At one end of the ethical data continuum, there are clear-cut cases of illegitimate and illegal use, like purchasing data from hackers. At the other end are public sources of consumer data, which most regard as fair game for corporate use.
But if you’re using data gleaned from people’s web searches and social media content, that falls into the grey zone with consumers. As the saying goes, “if the platform is free, you’re the product,” and social media users sign a terms of service (TOS) agreement that tells them their personal information is for sale, so by using legally obtained third-party consumer data, companies aren’t doing anything illegal.
But few people actually read the TOS agreement, and consumer sentiment indicates that while they probably aren’t going to stop using free platforms, many consumers instinctively don’t like being the product. WhatsApp’s massive loss of users after a data use disclosure demonstrates the amount of anxiety people have about their personal data — even if they checked the TOS box that authorizes it.
When new Apple data disclosure requirements forced the popular messaging app to send users a note requiring consent for parent company Facebook to use their data ranging from user status to transactions and more, users deleted the app in droves. That may in part be due to distrust of Facebook after high-profile privacy scandals, but it’s still a cautionary tale for those of us who collect and use consumer data.
How Companies Can Align with Consumers on Privacy
Companies that use third-party data from social media companies are unlikely to incur legal exposure, but as the blowback shows, there could be a reputational or even regulatory risk in edge cases. Businesses that use consumer data from social media and search sources can do better by consumers if they take proactive steps to safeguard consumer privacy.
One step is to ask data vendors to let you see their user agreement and make sure it explicitly authorizes the type of use you intend. It’s also a good idea to thoroughly vet vendors before purchasing data to ensure they haven’t been credibly accused of data misuse.
Another proactive measure is to take a look at the content being provided to you and confirm it doesn’t contain identifying information you don’t need. For example, if you’re purchasing data for analytics on spending patterns at the ZIP code level, it should be aggregated. If there’s identifying information that you don’t need to know, that’s potential exposure for your company if your business gets hacked.
A best practice on internal data safety is to designate an individual or team to serve point on review of agreements and data filtering. While this doesn’t have to be their only job, it’s important to designate a specific taskforce who regularly takes on the responsibility, because the processes, governance and use cases for purchased data can change. For example, a dataset purchased for one analytics use case may contain more information than is required for another, so the data should be scrubbed of unnecessary identifying information.
It’s also best practice to regularly monitor the content of data that streams in from various sources to ensure that changes on the vendors’ end don’t impact the content you receive. For vendors, sometimes the easiest course is to provide more information and let the user break down the data, but from a data privacy protection standpoint, a change might require additional data scrubbing.
Some companies that work with externally sourced consumer data at scale choose to partner with data experts to handle integration, engineering and operations, instead of taking that on internally, but the same best practices would apply. The bottom line? When it comes to consumer data, people’s concern about privacy matters, so data users should look beyond what’s legally required and be proactive about safeguarding the information that drives their business.
About the Author