Privacy as a competitive advantage

As Big Tech is under attack from Congress and the public about how they handle and monetize customer private data, some companies have chosen to pivot. Instead of collecting and profiting off of consumer data, their focus is on protecting privacy.  The strategy isn’t purely altruistic. On the contrary, committing to data privacy offers a competitive advantage that is forcing other companies to play catch up. 

How consumers feel about data collection

According to a recent Pew Research Poll, the vast majority of people are concerned about both government and corporate data collection, but they don’t know much about it:

  • 62% of consumers believe that companies collect their data every single day
  • 63% believe that the government collects their data every day
  • 81% believe they have little to no control over how companies collect their data
  • 84% believe they have little to no control over how the government collects their data
  • 81% believe the risks of corporate data collection are greater than the benefits
  • 66% believe government data collection risks outweigh the benefits
  • 79% are very/somewhat concerned with how companies use data
  • 64% are very/somewhat concerned with how the government uses data
  • 59% don’t understand corporate data use
  • 78% don’t understand government data use

How data is collected

There are four types of data collection:

  • Personal data - This includes personal information such as your Social Security number, name, address, your computer’s IP address, web browser cookies, device IDs, etc. It also includes demographic data such as gender, age, etc.
  • Engagement data - What you do when you’re on a website, social media site, ad, mobile app, or text platform
  • Behavioral data - Behavioral data includes purchase history, how you use an app or web-based product
  • Attitudinal data - Often collected via surveys, attitudinal data measures customer satisfaction, product quality and desirability, etc. 

Tech and eCommerce companies collect data in one of three ways:

  • Asking customers, such as with surveys
  • Tracking data
  • Purchasing data from other companies

Because by nature, data is nebulous, and because companies don’t exactly broadcast how they’re using data, consumer concerns are understandable. Judging by some companies’ behaviors, concerns are warranted. 

How data is stored

Most companies store data on the cloud, or on large servers located away from the company’s headquarters. Some store it on-premises. 

How data is used

Worldwide, data is a $300 billion a year industry. Data has surpassed oil as the most valuable resource. Data collection is hardly new, although the internet made it much easier.  Whether formal or informal, companies have always collected data, and it’s not always a bad thing. Merchants tracked who entered their stores, when the stores were busiest, which items sold well and which didn’t, etc. Without data, businesses would have no idea what their customers wanted, when and what they should restock, and what should be returned to the vendors.  Then, data collection went on steroids, but it’s still not always a bad thing. Data collection can improve the customer experience. Data-based targeted advertising might make some feel violated, while others appreciate that they see ads for things they want or need. Some use data to help improve data security. Some examples are facial recognition, voice recognition, the last four digits of your Social Security number, and other methods of securing personal data.  Despite some consumer benefits to data collection, the biggest beneficiaries are corporations. They use data to define and refine their marketing strategies, to collect more data, and in the case of social media and search engines, to sell data to advertisers. 

Companies don’t always use data responsibly

In April 2020, Zoom allegedly automatically linked users with their LinkedIn profiles. Even if they signed in with an anonymous name, fellow users could see the real name and LinkedIn could use the data to sell advertising.  Google allegedly violated children’s privacy through its G Suite for Education platform. According to a California lawsuit, the platform unlawfully collects biometric data from children. If found guilty, Google is likely in violation of the Children’s Online Privacy Protection Act (COPPA) which requires parental consent before data mining from children under 13. Facebook misled users and compromised privacy when they allowed Cambridge Analytica to harvest political data through a third-party app from a Facebook quiz. The social media giant was fined $5 billion from the Federal Trade Commission. Ring Doorbells, which lets subscribers view and communicate with anyone who comes to their door, is riddled with third-party trackers that collect sensitive information, such as name, IP addresses, etc.  These are just a small selection of the most notable examples. Each day, it seems, the news cycle is filled with stories of major data breaches or corporate violations of public trust. 

  • US Health data fraud contributes to $68 billion in annual economic losses
  • In 2020, there were nearly 1.4 million reported cases of identity theft, a 53% increase from the year before
  • Nearly half of identity theft includes stolen financial data, like credit card numbers
  • In 2020, credit card and identity theft resulted in $4.5 billion in US economic loss
  • 45% of Americans have fallen victim to a data breach over the last five years

What is the us government doing to protect data?

Despite the fact that we are in the era of big data, the government has done little in the last 20 years to protect our data. In the last 50 years, Congress passed four significant pieces of privacy legislation:

  • US Privacy Act of 1974 - Defined citizens’ rights and government restrictions in US governmental agency data collection
  • HIPAA (Health Insurance Portability and Accountability Act, 1996) - Regulated and defined privacy and security in the healthcare industry
  • GLBA (Gramm-Leach-Biley Act, 1999) - Prevents financial institutions from sharing data that is not publicly available  
  • COPPA (Childrens Online Privacy and Protection Act, 2000) - Requires parental consent before collecting personal information from minors. A 2012 update expanded the law to protect children’s screen names, email addresses, chat names, video and audio files, and geo coordinates

While the federal government is lagging behind, more than 20 states have passed bills protecting customer privacy. 

Commitment to privacy can pay off

In April 2021, Apple released an iPhone update, called App Tracking Technology (ATT), that allowed users to opt out of sharing data with advertisers. Most iPhone users chose to opt-out, which turned out to be a brilliant marketing tactic for Apple but a massive problem for others in Big Tech.  Because many mobile apps run mechanics in the background that track user behavior after seeing an ad, including clicking on the ad and making a purchase. Because Apple controls half the mobile device market, their update prevented advertisers from tracking ads’ success.  As a result, both advertisers and platforms for whom advertising is their main revenue source are experiencing consequences. Meta, Facebook’s parent company, is reeling from flat sales in the third quarter of 2020. While that might not seem disastrous, without the Apple mobile operating system (iOS) update, Meta claimed, they would have experienced growth. More significantly, Snap, Snapchat’s parent company, suffered significant losses in the third quarter, for which they blame Apple’s changes. At the same time, Peloton, who is an advertiser rather than an advertising platform, claimed that the iOS update hurt user growth. As for Apple’s stock, in the third quarter, it rose over 36 percent. It’s impossible to determine with absolute certainty that Apple’s update was the singular cause of Apple’s stock rising. Some of that could be due to escalating murmurs that they will soon release some long-awaited products. However, it is clear that consumers are very concerned about how their personal data is used. 

Further evidence it’s good business to protect privacy and data

Apple is far from an anomaly. The majority of companies have shown that protecting data is good for the bottom line.

  • 97% of companies gain competitive advantage or investor confidence from investing in privacy
  • More than 40% of companies earn back at least twice their privacy and security spend
  • 84% of consumers express loyalty to companies that protect privacy
  • More than 70% of companies experience operational benefits from protecting privacy

How to protect customer privacy

There are four steps companies can take to protect privacy:

  • Work with your compliance team - Treat international government regulations as a starting point and adhere to the most stringent. Good places to start include Europe’s GDPR compliance (General Data Privacy Regulation), California’s CCPA and CPRA compliance (California’s Consumer Privacy Act and Consumer Privacy Rights Act), and Canada’s CASL compliance (Canada’s Anti-Spam Law)
  • Ensure internal buy-in - Work with the C-Suite, IT, and legal to create a top-down privacy strategy
  • Put in place proactive third-party data management - Have safeguards put in place that thoroughly checks data before it enters the core systems and database
  • Establish and regularly update opt-in policies - Skip the legalese. Make opt-in policies user-friendly and regularly update them. Include cookie consent and other data privacy tools
  • Document privacy compliance - It’s one thing to tell customers you respect their privacy, but it’s another to prove it.