1 Year Later: Gen Z College Students Weigh in Again on Personal Data Collection

Last February, I reported on some of the things my Gen Z students wrote in response to an assignment about who gains the most from the value exchange of convenience-for-personal-data. A year later, I gave the same assignment with the same supplemental readings to students, and the results were notably different.

Last February, I reported on some of the things my Gen Z students wrote in response to an assignment about who gains the most from the value exchange of convenience-for-personal-data between consumers and marketers.

A year later, I gave the same assignment with the same supplemental readings to a similar group of 40 students from Rutgers School of Business Camden, and the results were notably different.

Last year, I wrote, in “Gen Z College Students Weigh-in on Personal Data Collection — Privacy Advocates Should Worry”:

“Some Gen Zers don’t mind giving up their personal data in exchange for the convenience of targeted ads and discounts; others are uneasy, but all are resigned to the inevitability of it. However, the language they use to describe their acquiescence to data collection should be troubling to privacy advocates.”

This year’s students are far more concerned about the collection and sale of their personal data, but they are just as resigned to the inevitability of it. At the same time, some bask in the advantages it brings them and they’re sympathetic to the needs of marketers to provide a personalized data-driven experience to consumers.

The privacy concerns of the current group are more pronounced than the previous group.

“I used to believe that the consumer benefitted from the perks of technology. But more and more, I believe that marketers benefit more. Social media, search engines, TVs, refrigerators, Alexa or Google Home, Kinsa Thermostat are all ways that marketers can reach the consumer with things we use in our everyday lives. Some people don’t even realize they’re feeding right into it just by providing some information about yourself.”

Another wrote:

“Privacy has almost become a thing of the past. Places like our kitchens, bathrooms, and bedrooms have transformed from places behind closed doors to areas that are willingly shared with thousands of others on the receiving end of the data being collected for business purposes.”

Yet, like last year’s group, they are resigned to giving up personal data for access to information and services.

“Consumers are beginning to realize how often what they do, speak, and read are all being recorded. Personally, I’ve been more aware than ever of what is being tracked. I’m more aware of every ad I look at and every website I clicked on. This lifestyle is something that can’t be avoided.”

A common complaint involves the lengthy user agreements that consumers must accept to use web-based services and Internet-connected devices:

“This type of ultimatum often means that consumers regularly grant permission on their personal devices, rather than lose their access to a particular product.”

The proliferation of the Internet of Things may be behind much of the change in attitude since last year. (Caveat: I confess that I’ve warned about small sample sizes in the past [“Beware the Small Sample”]. I’m not drawing quantitative conclusions here, but rather reporting on a trend from qualitative research done with 40 students each year).

“Some people who purchase these tech-savvy devices often don’t understand the policies of the product. Understanding the policy and happily opting-in for your information to be used is one thing, but complying because you’re unsure is another. Did you know that brands can start tracking your information at the age of 13? How can a child understand the policy and process of how this works if a grown adult cannot?”

Another stated:

“The terms of agreement can exceed 10,000 words and not be accessible unless the consumer searches the web for it. Consumers don’t get the full story of how much the companies invade their personal lives. Even aspects like your political preference are being monitored and can aid in influencing your votes.”

One student is mounting a fierce resistance:

“I am one of those people that have a Post-it over the camera on my laptop. I shut off the location on my phone, even though I feel like it is being monitored without my consent a lot of the time. My smart TV is not connected to the Internet, and I rarely use streaming devices, such as Netflix or Hulu — if I do, it is usually on my computer. Devices like Google Home and Alexa completely freak me out and I do not believe I would ever purchase one for my home. Even some of the newer home security systems — like Xfinity Home or the video doorbell, Ring — introduce new ways for people to hack in and monitor your personal activity.”

Data leaks and potential misuse are another concern. One student worried about home assistant devices mishearing innocuous phrases as legitimate commands to record and send private conversations:

“Families could be going through a family matter and these devices are listening and recording what is being said. Next thing you know, it is being sent to your boss or colleagues who did not need to hear or know what is going in in the comfort of your home. Also, the refrigerators that know exactly what is inside can share this information with marketers who then share it with insurers who can possibly charge consumers more for unhealthy diets.”

But it’s not all gloom and worry. One student who recently booked a trip to Disney World was delighted by the collection and use of her personal data:

“Being able to get discounted magic bands and Disney exclusive accessories catered for my needs has been a huge bonus. This also benefits Disney, as they are getting my credentials and can alter their research based on my specific data. A part of the reason they are so successful is because of how personal they make the process feel. Even from the first search, they are there to help guide you and aid in your conversion to purchase. (They) get you to come back, because they have that initial information and the personal details of your preference.”

(BTW, how great is Disney? Offering discounts on those magic bands that they use to track your movement and purchases throughout the park. They not only get you to agree to it, they get you to pay for it and be grateful for the discount).

So the time may be right for privacy advocates to gain a foothold among the generation whose members have gone so willingly into the world of sharing personal data.

2019 to 2022: The Evolution of Consumer Consent and How to Adapt

By opening a dialogue with audiences about data collection and processing, as well as empowering them to decide how their data is used, marketers and publishers can enhance their relationships with consumers.

Editor’s Note: While this piece was originally written for the publishing audience, privacy legislation and consumer consent are still very important topics for marketers to navigate.

The EU’s General Data Protection Regulation (GDPR) laid the foundation for privacy legislation in 2018. One of its key aims was to give consumers more control over their personal information and make users understand they have a choice when it comes to providing consent to data collection and processing.

In the US, initial responses to the GDPR ranged from criticism to pay walls or completely blocking EU visitors from accessing content. While many companies made sure their legal teams were up to speed with the newly introduced regulation, multiple factors are now making US publishers sit up and further address data privacy, associated regulations, and the importance of consumer consent.

Google’s €50 million fine — issued by French regulator CNIL, for lack of valid consent in ad personalization — was one of the first to grab attention. Fines for data breaches might not have been as frequent as some expected, but regulators have had time to build cases and more large fines are expected to come, according to The Wall Street Journal.

In addition, US states are working to implement their own regulations. California’s Privacy Act (CCPA) is due to come into force in January 2020, Vermont’s new legislation is already in place, and a consumer privacy bill has been proposed in New York. The exact requirements of each regulation may differ from the GDPR — the CCPA relies on the user opting out rather than opting in, whereas opt-in is expected as part of the New York Privacy bill development. There may even be a federal regulation requiring opt-in on the horizon, with privacy advocates such as Apple CEO Tim Cook, as well as members of the Federal Trade Commission, calling for a stricter national privacy law.

Collecting user consent may not yet be a legal obligation, but publishers are realizing that it makes good business sense as consumers demand more control over their personal data. According to GlobalWebIndex, more than 70% of US consumers say they are both more aware of, and more concerned about how companies use their information than they were 12 months ago, while less than half feel they are in control of their personal data online.

By opening a dialogue with audiences about data collection and processing, as well as empowering them to decide how their data is used, publishers can enhance their relationship with consumers. Demonstrating transparency and responsible data use builds trust, but also educates users via one-to-one communications about the necessity of data to their business models and the inherent value exchange.

Publishers that go beyond the one-size-fits-all approach to create meaningful consent experiences right now will reap the rewards in the long term. The next two years will be critical for consent and there are a number of practical considerations to take into account when implementing consent programs.

Ensure Usability

The consent interface is often the first point of contact between publisher and consumer, so care needs to be taken in its design and functionality. Consent requests need to achieve the perfect balance between giving the user the details they need to make an informed choice and not alienating them with complex jargon they won’t understand or unnecessarily disrupting their user experience – all while ensuring legal compliance. Consent requests should be highly explicit, giving users the power to opt in or out of data collection for specific purposes or by particular companies. Ideally, publishers should test a variety of messaging formats to deliver the best possible experience.

Execute Consent Seamlessly

Once a user submits their consent preferences, publishers need to make sure they are integrated across the advertising supply chain. The IAB released its Transparency and Consent Framework (TCF) as a tool to help publishers and other participants in the digital advertising ecosystem comply with their obligations. The updated second version of the TCF increases the importance of consent by enabling users to object to data collection under legitimate interest, an alternative legal basis for data processing. It’s also important that consent preferences can be communicated across non-IAB vendors.  

Apply Preferences Across Devices

With consumers frequently switching between laptops, smartphones and TVs to consume content, it is best practice for publishers to share choices across multiple devices. The ability to connect user preferences to an authenticated profile and apply these everywhere the user interacts with a publisher’s content saves the user from having to supply consent every time they log in through a different device. An authenticated profile is a tool that allows users to manage their preferences across site, browser, and devices, and allows publishers to collect consent signals based on identity rather than cookies.

Publishers in the US who aren’t yet legally obliged to implement a consent program yet might be hesitant, with the fear it will be disruptive to their business or they will lose advertising revenue if their audiences fail to give permission. However, they need to consider that across the EU, the publishers that experienced the least disruption were those that adapted early and gave themselves plenty of time to get the consent process right.

By 2021, with GDPR well established, the CCPA in force, and other regulations underway, consent will be a user expectation if not a legal obligation. Publishers should start implementing consent programs now to build trusting relationships with their audiences, increase transparency around data processes, and put themselves in a good position to deal with the regulatory changes ahead.

Getting ‘Facebook Sober’? What Marketers Should Know About Consumers’ Attitudes and Social Data

I thought I was pretty clever when someone told me they hadn’t been on Facebook in over a year and I said, “Wow, you’re one-year Facebook sober.” They laughed. The next day, another person said they’d been off for two years — same comment by me, same reaction. But later, I found the term on Urban Dictionary.

I thought I was pretty clever when someone told me they hadn’t been on Facebook in over a year and I said, “Wow, you’re one-year Facebook sober.” They laughed. The next day, another person said they’d been off for two years — same comment by me, same reaction. But later, I found the term “Facebook sober” on Urban Dictionary — so much for my right to claim ownership of the term.

It’s unlikely that a new 12-step program is going to keep a significant percentage of the more than 2 billion people off of the social media platform any time soon, even though they know Facebook is exploiting their personal data for profit. While studies show that consumers believe the economic benefit of Facebook to them is about $1,000 per year, based on how much they would need to be paid to stay off the platform for that period of time, most will not pay anything to keep a company from tracking their data.

A study published by PlosOne in December 2018 quantified the monetary value that users assigned to participating on Facebook, using an auction experiment design.

Though the populations sampled and the auction design differ across the experiments, we consistently find the average Facebook user would require more than $1,000 to deactivate their account for one year. While the measurable impact Facebook and other free online services have on the economy may be small,* our results show that the benefits these services provide for their users are large.
* (Of course, this statement neglects the $40 billion Facebook realizes in annual advertising revenue.) 

While people claim to be concerned about privacy, they’re not willing to pay for it. A Survey Monkey poll done for the news site Axios earlier this month shows that three-fourths of people are willing to pay less than $1 per month in exchange for a company not tracking their data while using their product — 54% of them are not willing to pay anything.

Researchers at Stanford and NYU sought to determine the effects that Facebook deactivation would have on people’s knowledge, attitudes, moods, and behaviors. “This Is Your Brain Off Facebook,” published by the New York Times on Jan. 13, reports on this study.  A portion of the study participants were paid $102 to stay off Facebook for one month. The researchers stated:

Using a suite of outcomes from both surveys and direct measurement, we show that Facebook deactivation (i) reduced online activity, including other social media, while increasing offline activities such as watching TV alone and socializing with family and friends; (ii) reduced both factual news knowledge and political polarization;(iii) increased subjective well-being; and (iv) caused a large persistent reduction in Facebook use after the experiment.

Despite these findings, the Times reported “some participants said that they had not appreciated the benefits of the platform until they had shut it down:

“What I missed was my connections to people, of course, but also streaming events on Facebook Live, politics especially, when you know you’re watching with people interested in the same thing,” said Connie Graves, 56, a professional home health aide in Texas, and a study subject. “And I realized I also like having one place where I could get all the information I wanted, boom-boom-boom, right there.”

As I noted in my post last month, “Gen Z College Students Weigh-in on Personal Data Collection,” some GenZers don’t mind giving up their personal data in exchange for the convenience of targeted ads and discounts; others are uneasy, but all are resigned to the inevitability of it. One student summed up our mass acquiescence, saying:

“I do not feel it is ethical for companies to distribute our activities to others. Despite my feelings on the situation, it will continue — so I must accept the reality of the situation.”

The reality of the situation is that people are not willing to go cold turkey on Facebook.

New Privacy Regulations Coming Your Way: California Consumer Privacy Act (CCPA)

Have you recovered from last spring’s GDPR adrenaline rush yet? As much anxiety as GDPR regulations provoked, that may soon look like the good old days. Now California passed a privacy initiative you will be expected to follow starting Jan. 1, 2020.

Editor’s Note: While this piece is directed at publishers, CCPA also will be something marketers will have to be compliant with, just like GDPR.

Have you recovered from last spring’s GDPR adrenaline rush yet? Everybody in publishing was nervous about finding the right way to comply with new European privacy regulations. It did not seem like there was one clear path to compliance.

As much anxiety as GDPR regulations provoked, that may soon look like the good old days. At least in the EU, 27 countries came together with one edict. They also spent the time necessary to be smart and coherent, whether or not you agree with all the details.

Now California passed a privacy initiative you will be expected to follow starting Jan. 1, 2020. In many industries as goes California law, so go U.S. standards. This will be, in practice, a new national standard. California is too dominant a market, larger than most countries on the globe. Add to that a quirk in the drafting of the law, which says you must treat anyone who has left California and intends to return as a Californian. What?

Newly minted California Governor Gavin Newsom hailed the “first-in-the-nation digital privacy law” in his first State of the State address, according to reporting by Wendy Davis in MediaPost. “Companies that make … billions of dollars collecting, curating, monetizing our personal data also have a duty to protect in. Consumers have the right to know and control how their data is being used.”

CCPA Is Not Like GDPR

“The California law was written in five days, and really shows,” says Christopher Mohr, VP of intellectual property and general counsel at SIIA. “It is an extraordinarily complicated and poorly written statute.” Adding insult to injury, it is grammatically inconsistent and difficult to understand. I can’t imagine what compelled them to rush such important legislation through. It sounds irresponsible when you consider the EU worked on GDPR for more than three years.

“This is not the same as GDPR — it’s much broader.” Not a statement the already GDPR-fearing publishing industry wants to hear. Mohr continues, “In GDPR the information is tied to a data subject, for example, an individual. The CCPA covers ‘households’ as well as individuals. In addition, the CCPA’s potential ban on the use of information extends not only to the information but to the ‘inferences’ you might draw from it.” Inferences? Yikes! The law goes on to explain what is meant, but the idea of inferring conclusions sounds ripe for misinterpretation to me.

The main goal of the law is to regulate the collection and sale of personally-identifiable (PI) consumer data to third parties and service providers. You do not need to get paid for the data. If you disclose it to another party, it is considered a transaction. Using outside vendors to help manage your data is not a problem, because you are the controlling party.

Everyone will now have the “right to delete.” I asked Mohr to confirm that means deleting people from your database, not from your articles. “That’s the intent, I think. Whether the words match the intent is a completely different issue, and it’s not as clear as it could be. Personal information covers any information that could be associated with an individual.”

Anyone can tell you to cease disclosing their data to others; and you must comply. You cannot deny goods or services to anyone because of their data opt-out. That becomes the new Catch-22: In order to know you are not supposed to have data on an individual, you must have that individual in your database. And since it is likely you must have data on an individual in order to do business with him or her, how do you conduct business with data exceptions? For those rare European GDPR complainants, admittedly some American publishers will simply delete; good-bye. In the Hotel California, “you can check out any time you like, but you can never leave.”

Preventing a Privacy Tower of Babel

Fortunately, enforcement is by state attorney general, not by individuals. In other words, thank God this is not an invitation to everyone in California to sue. Of course this law will be challenged in court. It may be too vague, according to some. It may be discriminatory, since non-profits (and government agencies) can ignore it and do what they want, the way it is written.

Living in this hyper-intrusive world, it’s hard to disagree with the intent of CCPA since we are all being personally data mined. But play this out. Imagine what mischief the other 49 states can do. Davis reports, Washington state “lawmakers are considering a bill that would not only give consumers the right to learn what data is collected about them, but would also allow them to prevent their personal data to be used for ad targeting.”

Federal legislation is coming on this after the recent grillings on Capitol Hill of some of the leading big-tech luminaries. Typically federal legislation trumps local law, which is what makes interstate commerce work. Hopefully there will be one law of the land, so any company handling data can maintain sanity versus bowing to every state, city, or county passing a law. But in these Alice in Wonderland times we are in, I will leave that speculation to you.

You have complied with GDPR so that means you now have DPO (data protection officer). The CCPA gives your DPO a little more to do.

I’m no lawyer, so I’ll provide the usual disclaimer on all the above. On the other hand, I am a member of and advocate for the Specialized Information Publishers Association, part of SIIA, whose general counsel Chris Mohr was invaluable in enabling me to share an understanding of this law. I believe it makes great sense to occasionally be involved with your peers and work on common problems like privacy laws. As a member of SIPA or Connectiv, you won’t need to call your lawyer every time there is a question about the new privacy landscape. You can take advantage of knowledgeable experts in your corner.

Do I have you pining for the muddy clarity of GDPR yet?

Gen Z College Students Weigh-in on Personal Data Collection — Privacy Advocates Should Worry

Some GenZers don’t mind giving up their personal data in exchange for the convenience of targeted ads and discounts; others are uneasy, but all are resigned to the inevitability of it. However, the language they use to describe their acquiescence to data collection should be troubling to privacy advocates.

Some GenZers don’t mind giving up their personal data in exchange for the convenience of targeted ads and discounts; others are uneasy, but all are resigned to the inevitability of it. However, the language they use to describe their acquiescence to data collection should be troubling to privacy advocates.

After reading “Sharing Data for Deals? More Like Watching It Go With a Sigh” (NYTimes 12/24/18), some students in the Consumer Analysis college course I teach expressed discomfort, even outrage at the extent of the data collected via their social media posts, geo-tracking on their mobile phones, shopper loyalty program and smart home devices. But they all accepted their conscious and unconscious data surrender as a fact of life.

The article reports on the study of 1,500 consumers by Professor Joseph Turow of the University of Pennsylvania who found that “people are uncomfortable with surveillance, but they don’t know what to do.” One student summed up our mass acquiescence, saying:

“I do not feel it is ethical for companies to distribute our activities to others. Despite my feelings on the situation, it will continue — so I must accept the reality of the situation,” said one.

Some don’t really mind having their personal data exploited for marketing purposes. While most of my students agreed that marketers gain the most from the exchange of data for convenience, one student embraced the inevitable data surrender as being more beneficial to consumers, because they can choose whether or not to act on the marketers’ targeted messages:

“… I feel as though consumers gain the most from this value exchange. Marketers can do pretty much whatever they want with the information that they collect, but they do not really ‘gain’ from this exchange, until people actually purchase their products, and a lot of effort is required to get them to do so. We are all educated consumers, so it is our responsibility to respond to these marketing attempts wisely. No one is forcing anyone to make a purchase they don’t want to, so even if this exchange allows marketers to play with people’s vulnerabilities, it is ultimately consumers’ choice on whether or not they want to buy something.”

The rationalization that the consumer is still in charge is a good argument for those opposed to limits on involuntary data collection. But more troubling is the belief that there is no potential for bad actors to exploit the personal data that’s collected. One student writes:

“Personally, I feel as if consumers benefit more from this exchange of data. Even though their information is constantly being monitored and collected, it is not being used to hurt them. Marketers are using the information to make people’s lives easier so that they spend more money on their products. There is no going backwards with technology, only forward. So, consumers need to be able to trust that marketers are using their information only to help them. While marketers are benefitting a lot from the money they are making, consumers lives are getting better and easier, day by day.”

Here’s another red flag for privacy advocates from a student who’s OK with smart devices collecting information from private conversations, but concerned only about how that information is stored:

“Articles from The New York Times, ‘Home Items are Getting Smarter and Creepier, Like It or Not’ (01/07/19), cited an example of these devices recording more information than we thought. The author stated that ‘background conversations may be stored with the voice recordings and resurface with hacking or as part of lawsuits or investigations,’ (The Associated Press). This finding shows that our speech is kept indefinitely, and the information is accessible upon force or request from a higher power. I believe that these smart devices should only keep the information that was processed through the user’s speech instead of the actual voice recording itself.”

But there’s hope for those who want more transparent privacy policies. Reacting to “How Smart TVs in Millions of Homes Track More Than What’s on Tonight” (NYTimes 07/05/18), one student wrote:

“Marketers are gaining money and information through various means and have the ability to do so without risk because consumers are not going to read 6,000-word privacy policies just to be able to work a television.”

Lessons From the Facebook Fiasco

The funniest and the most ironic part of this Facebook fiasco is that target marketing based on data actually worked. If it didn’t, no one would care about some data geeks hoarding data somewhere in the cloud. And any reader of a magazine called “Target Marketing” shouldn’t be surprised by any of this.

The funniest and the most ironic part of this Facebook fiasco is that target marketing based on data actually worked. If it didn’t, no one would care about some data geeks hoarding data somewhere in the cloud. And any reader of a magazine called “Target Marketing” shouldn’t be surprised by any of this.

Why should it be surprising that, with all of those behavioral and demographic data that Facebook collected, some analytics company could actually figure out who is more likely to vote for Trump? A mediocre-level analyst can do that with data far less immediate and complete than what were used in actuality.

In fact, the whole basis of the Facebook business model is that:

  • It is the largest billboard in the world; and
  • It can effectively deliver customized messages to each individual.

Facebook has been doing this kind of targeting with or without any third-party analytics vendor such as Cambridge Analytica. The fact that Facebook is expert in grabbing people’s attention (or their eyeballs) for elongated time makes it ever more powerful and effective than third parties; hence, all of the hoopla in the media.

The scarier part (to me, at least) is that a senator actually had to ask Mr. Zuckerberg about his company’s business model, to which he simply answered it shows targeted ads to its users. Seriously, how these fine gentlemen on Capital Hill will regulate any information business is beyond me. Maybe these senators should delegate that work to their grandchildren.

Because I — like readers of this fine publication — do target marketing for living, I wouldn’t blame Facebook for doing things that I would have done myself. And yet, this recent revelation of Facebook’s business with Cambridge Analytica doesn’t sit right with even the most avid practitioners of target marketing. It is not just the fact that it actually affected the presidential election, which is a personal matter for many. Even without any political ramification — which certainly is acting as a magnifying glass in this instance — something certainly went wrong here. Basically, sensitive data were mishandled, and there is no sign of data governance when it comes to sharing data with third-party companies. Considering the influential power of Facebook, no wonder everyone is talking about it as a scandal.

But here, let’s dig into this from a data player’s point of view.

PII – Handle With Care

Facebook is sitting on an amazing amount of personal data, as the users voluntarily share them. Just the profile page alone is a goldmine. Added to that, Facebook has data regarding what the users clicked, liked, shared, reviewed and bought. We are talking about all three major elements of data in target marketing — demographic, behavioral and attitudinal data (refer to “Big Data Must Get Smaller”) all in one place, with an amazing depth in each area. In the business of analytics, that is like having some kind of superpower.

In the early days of Facebook, I voluntarily shared the details of personal information, just to see how good the targeting would be. For the record, to this date, I’m not totally blown away by its targeting accuracy.

Sure, I put down my hobby as guitar playing, and Facebook would show me more guitar stuff. Anyone should be able to do that with such explicit data. But when I go to my Facebook wall, it still feels like I’m looking at a billboard, not a series of targeted messages. Especially the sponsored ads on the right side of the screen. Facebook has been showing me some SUVs (I’m not an SUV guy) and men’s apparel commercials (sure, I’m a man) for days. Meh. That looks like Facebook is just selling regular banner ads, targeted with some rudimentary selection logic using basic data.

Even during the last election cycle, with all of those hyper-political memes and reactions to them floating around, I’ve seen some “totally off the mark” political ads on my wall. What a shame, with all of that rich data in its hands.

So this Cambridge Analytica comes along, and promises the kinds of things that Facebook is supposed to be able to do with all its data for a bunch of politicians. And some bit the bait and paid a good amount of money for the vendor’s services.

Now, this third-party company got to have access to the Facebook user data or a pathway to collect more data on Facebook users. For that matter, any app that runs on Facebook — such as innocuous-looking personality tests — is specifically designed to harvest data. We all do it because it is fun to play, and the cost seems low. Not to offend anyone, all the apps normally require is signing on using Facebook ID. But that is all they really need.

Things get a little tricky there, though; so, who owns the data? The user, Facebook or the third-party vendor? It really depends on that user agreement that 99.99% of users didn’t bother to read. If I must provide an answer as a professional data player, I’d say “all three,” because data collection and refinement warrants some value. Saying a user has the sole ownership of data is like saying that a rice farmer has a right to every piece of sushi sold in restaurants indefinitely.

People who do target marketing for living, in this case or in general, are less scared of such data sharing. What would be the worst thing that could happen? That I get to see an ad of a political candidate who I can’t stand on my Facebook wall? That is, however, if the data are used for general targeting purposes only. Data breaches are indeed scary, because pretty much everything that you put in and you did are linked to your personally identifiable information (PII).

We know that no reputable data player would look up one person at a time by name and see what she is up to. In this case, the operative word is “reputable.” Even the folks who gave permission to Facebook to collect and use data wouldn’t agree that that third-party vendor was indeed reputable. Figuring that out is assumed to be the duty of Facebook, and it is sad that even it didn’t seem to know.

Facebook did not have a good handle on “who gets to use what data.” That is the most unsettling part for people who deal with data for living. Facebook is not exactly dealing with credit card or medical data there, but the sheer volume of data makes the matter as serious. Would it be harsh if I say that Facebook, in pursuit of increasing its revenue and shareholder value, just went for things that it shouldn’t have gone for? Where is the governance? All this mess, for what? Some “semi-accurate” targeting? (I’d love to see some reports on the backend.)

Data-Mining Friends, Too?

It is one thing that Facebook or its partners used data that I shared on Facebook in the form of profile and interests. It is quite another if some shady vendor downloaded the entire list of my friends and call it “its” data source.

That is just a sleazy practice. I’m pretty sure that I did not give permission to share the entire list of my friends with a company that conducts some goofy political spectrum test. No one would put that in an agreement in case just “1” person reads it. Because they themselves would know that that is a sleazy thing to do.

Data players must follow a very simple rule; if you don’t want someone to do certain things with your data, don’t do it yourself (refer to “Don’t Do It Just Because You Can”).

Don’t Be a Data Hoarder

In the business of targeting (or analytics for such targeting), more data don’t always guarantee accuracy. There are all kinds of data out there, and not all data are useful or effective in prediction (refer to “Not All Databases Are Created Equal”). That is why I have been writing repeatedly that one must set the project goal first, not just before some elaborate analytical exercise, but even before data collection.

Mindless hoarding often gets the collector in trouble like we are seeing here. Sometimes “more” data increase only trouble, not the targeting accuracy. Yes, the databases must be broad, accurate, recent and consistent to be useful. But too many data players became too greedy, and there are consequences of being greedy.

Maybe the notion of Big Data gave a wrong impression that big is always good. There are costs involved in dealing with really large data, and another lesson that we must learn here is that a collector can make people mad if “they” think that he is going after too much data.

If the goal is to obtain a “reasonable” level of accuracy in targeting, no, you don’t have to have every piece of data about the target. No analyst likes missing values, but there will be no complete database now or in the future, anyway. A job of analysts is to make the most of what they get, not asking for the entire universe. So, always consider the cost of hoarding too much information, including the social cost.

If all Cambridge Analytica wanted was to predict who was more likely to vote for Trump last year, there were many safer and simpler ways to go about doing that.

Facebook Is Too Powerful?

The ironic part of it all is that Facebook, thanks to its vast coverage, doesn’t require pinpoint targeting precision, anyway. It’s not like it’s going to spend over $1 per piece in direct mailing. Targeted messages are cheap on that platform, and the risk of being wrong is not that high (relatively speaking).

And it seems like Facebook knows it, too. Based on numerous articles that I read about this incident, its analytics is more about maintaining a captive audience by creating a very addictive platform. If the number of eyeballs and time spent on the page are what they are really pursuing, they seem to be doing a fine job there.

If the goal is about increasing targeting accuracy — while not pissing off a great number of people — then it is obvious that Facebook must tighten up its grip on data governance. Like most other data players like us have been doing all along.

Facebook will remain as a powerful force in the market. With or without precision targeting, it’s the biggest billboard in the world. Let’s just say that I didn’t sell off Facebook stocks because of all of this. But if Facebook really wants to benefit human collectives like it used to say in the beginning, lots of significant changes are warranted. And I think that subject is for other forums, not here.

Privacy or Trade Barrier? Searching for a New ‘Safe Harbor’

The Court of Justice of the European Union has ruled that the European Union-United States “Safe Harbor” Agreement, which allowed collection of E.U. citizen data by U.S. entities because the two governments had analogous levels of privacy protection, is no longer valid.

First, there is no legal advice in this blog post (there never is) … just a little bit of reporting.

The Court of Justice of the European Union on October 6 ruled that the European Union-United States “Safe Harbor” Agreement, operating since 2000, was no longer valid. The “Safe Harbor” had enabled cross-border data flows regarding EU citizens to the United States because the U.S. was deemed to have inadequate privacy protections under the EU Data Protection Directive of 1995 (which took effect in 1998). The “Safe Harbor” provided needed protection cover. That is no longer the case.

In its decision, the Court also ruled that individual data protection authorities in 28 EU member states have new powers to deem any cross-border data transfer mechanism as non-EU regulation compliant — even if the European Commission may feel otherwise.

According to a recent Webinar (October 9), the nullification of the Safe Harbor affects more than 4,000 U.S. companies alone that have relied on it. While the Court reportedly wants data to continue to flow between the world’s two largest markets, it sees an immediate need for a new level set of privacy protection in the United States, and is committed to providing guidance as soon as possible as to how such protections can be afforded and data flows and data processing reinstated. The rub is not with U.S. companies per se – the trouble originates with U.S. government surveillance and law enforcement agencies in the wake of Edward Snowden’s 2013 revelations.

As one Professor wrote:
The Court reiterates even more clearly that mass surveillance is inherently a problem, regardless of the safeguards in place to limit its abuse. Indeed, as noted already, the Court ruled that mass surveillance of the content of communications breaches the essence of the right to privacy and so cannot be justified at all. (Surveillance of content which is targeted on suspected criminal activities or security threats is clearly justifiable, however).
—A
rs Technica, Oct. 15, 2015

In the wake of the decision, privacy advocates reportedly have given three months for a new U.S. and EU “Safe Harbor 2.0” agreement. Otherwise, they will seek coordinated action by EU data protection commissioners against individual companies operating under the previous Safe Harbor, which again is immediately invalid. Alternatively, businesses are left to model contract clauses or binding agreements with national data protection authorities — not challenged by the court’s decision — to maintain (where present) or reinstate (where newly concluded) personal data flows outside the EU. Risk assessors must be busy.

U.S. and European governments have been working on a new Safe Harbor 2.0 for at least two years, according to Andrea Glorioso, counselor, digital economy/cyber, Delegation of the European Union to the United States. No one is certain when such a revised Safe Harbor agreement may be finalized, but, given the ramifications of the EU court’s decision, it’s in no one’s interest to let this carry on for long.

And a little bit of opinion: Mass surveillance by government and law enforcement — to combat crime and terrorism, for example — and responsible data collection and use by the private sector in the pursuit of economic growth are not the same subject, and should not be linked. Let’s hope a new Safe Harbor will differentiate the two — and not just for Europeans. It’s not as if American citizens are free from worry about what European governments may be up to, and that’s a concern that extends inside our own borders, too.

But Your Data Is Fine, Trust Me …

Data … that great big, hairy gorilla in marketing departments all across the globe. We have Legacy Data, Subscriber Data, Third-Party Data, Business Data, Personal Data, Master Data, Sales Data, Reference Data, Privacy Data, etc., etc., ad nauseum. Now, during the last few years, the latest and greatest—Big Data and its cousin SoMoBi (SocialMobileBig) data have entered the fray enough to make everyone’s head spin.

Data … that great big, hairy gorilla in marketing departments all across the globe. We have Legacy Data, Subscriber Data, Third-Party Data, Business Data, Personal Data, Master Data, Sales Data, Reference Data, Privacy Data, etc., etc., ad nauseum. Now, during the last few years, the latest and greatest—Big Data and its cousin SoMoBi (SocialMobileBig) data have entered the fray enough to make everyone’s head spin.

No matter what you want to call it though, it just boils down to simple information. Information all you marketers crave. Information about your customer, your prospects, your products, your competitors and the trends that will steer you to hitting those numbers in the next and future fiscal quarters.

There is just so much of it, you say? No one here knows what to do with it, I hear? Every department controls a piece of it and refuses to share, is the excuse?

Maybe true. But, with a little time, effort and—of course—some of those ever-scarce budget dollars, you can create an environment where the grain can be separated from the chaff to build a healthy and robust universal silo of data which will benefit and streamline the efforts of every area of your organization efficiently and profitably.

There is no cookie-cutter data model for the business needs of every organization, despite the host of plug-and-play database tools and marketing automation processes available today. The information that makes your business research and marketing program successful is likely to be much different from what works for even your closest competitor.

At the core, your primary contact data for customers and prospects needs to be acquired and maintained as strictly as possible. My good friend, Bernice Grossman, along with fellow direct marketing legend Ruth Stevens, have a whitepaper I always refer to when providing guidance to anyone striving to establish or reorganize the variety of information that quickly begins to accumulate from different sources, in multiple disparate formats. Written as a guide for B-to-B organizations, the reasons and methodologies hold true for B-to-C. Even with the changes in data availability and the explosive growth of social data availability in the industry during the last few years, the white paper addresses the core data requirements for contact and communication.

Outside of the core basics of data needed to contact, track and segment your data pool, determining exactly what it is that gives you the edge is Priority One in deciding what else you must have available to make decisions. In every conversation or discovery session around data and database design within a CRM, the persistent desire that comes up is wanting a “full 360-degree view of my customers.” While that is possible with simply the basic contact information you have as the core of your data, along with whatever historical transactions available to provide RFM, most users expect a much deeper dive. At the more extreme illustration of designing your data around the optimal user experience, you have this infographic from Visual.ly that has been making the social media rounds. While extensive, the many comments on the sites where it has been posted point to even more data sources being needed to be all-encompassing.

If you, and your business goals, are like most, your time and budget is more likely going to place your need somewhere between the most basic and the most extravagant of these two extremes.

Discovering your own sweet spot is where the best value proposition is to create and maintain profitability for your business. That is where I hope to focus in the posts that will follow on a regular basis. I will be sharing points of interest, ideas, solutions and strategies for identifying the most accurate and efficient steps to take in planning the housing and process flow of all the data you need for success … with a dose of irreverence sprinkled in liberally along the way.