Marketers Doing the Data Privacy Balancing Act Ask What ‘I Want My Privacy’ Means

It’s not just policymakers who are trying to figure out how to act on consumer sentiments toward data privacy. We all, overwhelmingly, want it — business and consumer.

data privacy
Credit: Pexels.com

It’s not just policymakers who are trying to figure out how to act on consumer sentiments toward data privacy. We all, overwhelmingly, want it — business and consumer.

We are all seeking a U.S. federal privacy law to “repair” what may be broken in Europe (hey, the toaster needs fixing), and to correct any perceived privacy shortcomings in California’s new law (scheduled to take effect in January). Will such a federal law pass this year?

One of the ongoing challenges for policy in this area is what’s been called the privacy paradox. The paradox? Privacy in the form of consumer attitudes, and privacy in the form of consumer demands and behaviors, rarely are in sync. Sometimes, they are polar opposites, simultaneously!

  • Should law be enacted on how we feel, or respectful of what we actually do?
  • How do we define privacy harms and focus regulation only what is harmful and to go light, very light, or even foster wholly beneficial uses?
  • Should private sector controls and public sector controls be differentiated?
  • Do existing laws and ethical codes of conduct apply, and how might they be modified for the digital age?

On top of this, consumer expectations with data and technology are not fixed. Their comfort levels with how information is used at least in the advertising sector change over time. In fact, some marketers can’t keep pace with consumer demands to be identified, recognized and rewarded across channels. Generations, too, have differences in attitudes and behaviors.

What’s creepy today may in fact be tomorrow’s consumer-demanded convenience.

Case in point: It used to be people complained about remarketing the ad following them around on the Net as they browsed. (All the same, remarketing works that’s why it was so pervasive.) Today, in role reversal, consumers sound off when the product they purchased is the same product they still see in the display ad. The consumer has little patience when brand data is locked in data silos: the transaction database doesn’t inform the programmatic media buy, in this scenario.

The marketing and advertising business have been trying to solve for the privacy paradox since the Direct Marketing Association assembled its first code of ethics in the 1960s and introduced the Mail Preference Service in 1971. (Today, the Mail Preference Service is now known as dmaChoice, and DMA is now part of the Data Marketing & Analytics division of the Association of National Advertisers.) During the 1970s, consumers could use MPS to both add their names to marketing lists, and to remove their names from marketing lists for direct mail. At that time, far more consumers sought to add their names. Later, MPS strictly devoted itself to offering consumers an industry-wide opt-out for national direct mail, with add-ons for sweepstakes and halting mail to the deceased.

During the ’70s, DMA also required its member mailers (and later telemarketers and emailers) to maintain their own in-house suppression lists. These ethics behaviors were codified, to some extent, when the U.S. government enabled the Do-Not-Call registry and enacted the CAN-SPAM Act to complement these efforts.

Fair Information Practice Principles A Framework That Still Works Wonders

So here we are in the digital age, where digital display and mobile advertising are among addressable media’s growing family. Again, the marketing community rose to the challenge enacting the Digital Advertising Alliance YourAdChoices program (disclaimer, a client) and offering consumers an opt-out program for data collection used for interest-based advertising for Web browsing (desktop and mobile) and mobile applications.

Over and over again, the pattern is the same: Give consumers notice, give consumers control, prevent unauthorized uses of marketing data, protect sensitive areas recognize advertising’s undeniable social and economic power, enable brands to connect to consumers through relevance and trust and act to prevent real harms, rather than micromanage minor annoyances. Allow marketing innovations that create diversity in content, competition and democratization of information. Let the private sector invest in data where no harms exist.

‘I own my data!’

Data ownership is a dicey concept. Isn’t there sweat equity when a business builds a physical or virtual storefront and you choose to interact with it? Is there not some expectation of data being contributed in fair exchange for the digital content we freely consume and the apps we download and enjoy? And once we elect to become a customer, isn’t it better for the brand to know you better, to serve you better? Shouldn’t loyalty over time be rewarded? That’s an intelligent data exchange, and the economy grows with it.

The demand for access to everything free, without ads, and without data exchange, without payment to creators is a demand for intellectual property theft. Sooner than later, the availability and diversity of that content would be gone. And so would democracy. If you put everything behind an ad-free paywall, then only the elites would have access.

‘But I pay for my Internet service. I pay for my phone service!’

Sure you do and that pays for the cell towers, and tech and Web infrastructure, union labor with some profit for the provider. But unless you’re also paying for subscriptions and content it’s advertising that is footing the bill for the music you listen to, the news you read, the apps you use, and so on. All the better when ads are relevant.

At the end of the day, the consumer is always right and privacy is personally defined.

I’m all for limits on what governments can do with data when it comes to surveillance, and how it goes about maintaining our safety and security (a paradox of its own).

On the private sector side, policymakers might best act to give a privacy floor (do no harm) and where economic benefits accrue (to serve consumers without harms) allow consumers freely accessible tools to set their own privacy walls, using browser settings, industry opt-outs, brand preference centers and other widely available no-cost filters. It’s a wise society that can encourage responsible data flows, while blocking altogether irresponsible data flows. Get it right, and we all participate in a thriving 21st Century Information Economy. Get it wrong, and Europe and China will set the global rules. With some luck and deliberation, we’ll get this right.

Data Privacy Policymaking Words of Warning of Europe

Two weeks back, two hearings in Congress were held about a possible forthcoming new federal data privacy law for the United States. Some of the testimony included fascinating insight.

Two weeks back, two hearings in Congress were held about a possible forthcoming new federal data privacy law for the United States. Some of the testimony included fascinating insight.

It’s been nearly nine months since the European Union’s (EU) General Data Protection Regulation (GDPR) took effect with its tentacle effects worldwide – and it is helpful to look at what has transcribed, and to avoid making GDPR’s mistakes. That’s what one of the witnesses, Roslyn Layton, visiting scholar, American Enterprise Institute, had to say to the House Committee on Energy and Commerce, Subcommittee on Consumer Protection and Commerce, in her statement titled “How the US Can Leapfrog the EU.”

GDPR’s Early Impacts Are Foreboding

From Dr. Layton’s testimony, I found these excerpts (footnotes removed) to be particularly insightful – and somewhat frightful, though some of it predictable. She examined GDPR’s early deleterious effects which we, in the United States and elsewhere, would be wise to reject:

GDPR Is Not about Privacy  It’s About Data Flows

“A popular misconception about the GDPR is that it protects privacy; it does not. In fact, the word ‘privacy’ does not even appear in the final text of the GDPR, except in a footnote. Rather, the GDPR is about data protection or, more correctly, data governance. Data privacy is about the use of data by people who are allowed to have it. Data protection, on the other hand, refers to technical systems that keep data out of the hands of people who should not have it. By its very name, the GDPR regulates the processing of personal data, not privacy.”

GDPR Has Only Concentrated Big Digital Since Taking Effect

“To analyze a policy like the GDPR, we must set aside the political pronouncements and evaluate its real-world effects. Since the implementation of the GDPR, Google, Facebook and Amazon have increased their market share in the EU.”

GDPR Has Decimated Small- and Mid-Sized Ad Tech

“One study suggests that small- and medium-sized ad tech competitors have lost up to one-third of their market position since the GDPR took effect. The GDPR does not bode well for cutting-edge firms, as scientists describe it as fundamentally incompatible with artificial intelligence and big data. This is indeed a perverse outcome for a regulation that promised to level the playing field.”

GDPR Raises Costs, Prohibitively Acting as a Trade Barrier

“To do business in the EU today, the average firm of 500 employees must spend about $3 million to comply with the GDPR. Thousands of US firms have decided it is not worthwhile and have exited. No longer visible in the EU are the Chicago Tribune and the hundreds of outlets from Tribune Publishing. This is concerning because the EU is the destination of about two-thirds of America’s exports of digital media, goods and services. Indeed, the GDPR can be examined as a trade barrier to keep small American firms out so that small European firms can get a foothold.”

GDPR Denies Valuable Content to European Citizens

“Of course, $3 million, or even $300 million, is nothing for Google, Facebook and Amazon (The Fortune 500 firms have reportedly earmarked $8 billion for GDPR upgrades.), but it would bankrupt many online enterprises in the US. Indeed, less than half of eligible firms are fully compliant with the GDPR; one-fifth say that full compliance is impossible. The direct welfare loss is estimated be about €260 per European citizen.”

What if the US Enacted GDPR Here … Oh, the Costs

“If a similar regulation were enacted in the US, total GDPR compliance costs for US firms alone would reach $150 billion; twice what the US spend on broadband network investment and one-third of annual e-commerce revenue in the US.”

Dr. Layton, in her testimony, also questioned the California Consumer Privacy Act, which may create even more enterprise requirements then GDPR. She suggested more pragmatic paths need to be forged.

A Better Way Privacy by Design

“Ideally, we need a technologically neutral national framework with a consistent application across enterprises. It should support consumers’ expectations to have same protections on all online entities. The law should make distinctions between personally identifiable information which deserves protection, but not require same high standard for public data, de-identified, and anonymized data which do not carry the same risks. Unlike the GDPR, the US policy should not make it more expensive to do business, reduce consumer freedom or inhibit innovation.”

Data ‘Seat Belts and Air Bags’ for Privacy

In a second hearing, before the Senate Committee on Commerce, Science and Transportation, Interactive Advertising Bureau (IAB) CEO Randall Rothenberg provided a spirited statement of data’s role in the U.S. economy and the benefits that continue to accrue. He, too, drew from an another industry’s history which he believes offers a helpful analogy and cooperative blueprint:

IAB CEO Randall Rothenberg | Credit: Photo: Chet Dalzell

Internet’s Profound Communication Power

“The Internet is perhaps the most powerful and empowering mode of communication and commerce ever invented. It is built on the exchange of data between individuals’ browsers and devices, and myriad server computers operated by hundreds of millions of businesses, educational institutions, governments, NGOs, and other individuals around the world.”

Advertising’s Essential Role Online Much of It Data-Driven

Advertising has served an essential role in the growth and sustainability of the digital ecosystem, almost from the moment the first Internet browsers were released to the public in the 1990s. In the decades since, data-driven advertising has powered the growth of e-commerce, the digital news industry, digital entertainment, and a burgeoning consumer-brand revolution by funding innovative tools and services for consumers and businesses to connect, communicate and trade.

The Indispensable Ingredient: Trust

“Central to companies’ data-fueled growth is trust. As in any relationship, from love to commerce, trust underlies the willingness of parties to exchange information with each other; and thus, their ability to create greater value for each other. The equation is simple: The economy depends on the Internet; the Internet runs on data; data requires trust. IAB strongly believes that legislative and regulatory mechanisms can be deployed in ways that will reinforce and enhance trust in the Internet ecosystem.”

Universal Truth: Consumer Data Is Good

“We recommend Congress start with a premise that for most of American history was self-evident, but today seems almost revolutionary: consumer data is a good thing. It is the raw material of such essential activities as epidemiology, journalism, marketing, business development, and every social science you can name.

The Auto Industry Offers Us a Proactive Model

“We believe our goals align with the Congress’ decision to take a proactive position on data privacy, rather than the reactive approach that has been adopted by Europe and some states. We believe we can work together as partners in this effort with you to advance consumer privacy. Our model is the partnership between government and industry that created the modern concept of automotive safety in the 1960s. Yes, the partnership began as a shotgun wedding. Yes, the auto industry resisted at first. But an undeniable consumer right to be safe on the highways met well-researched solutions, which the Congress embedded in well-crafted laws that were supported by the states.

Auto Safety and Digital Wellness

“The result has been millions of lives and billions of dollars saved. We believe the analogy holds well here. Americans have a right to be secure on the information superhighway. Well-researched solutions and well-crafted laws can assure their ‘digital wellness.’ We should be thorough, practical and collaborative. Our goal should be to find the three or five or 10 practices and mechanisms the seat belts and air bags of the Internet era  that companies can implement and consumers can easily adopt that will reinforce privacy, security and trust.”

Notice and Choice Bombardment Or Predictable Rules of the Road

“Together, based on our members’ experience, we can achieve this new paradigm by developing a federal privacy law that, instead of bombarding consumers with notices and choices, comprehensively provides clear, even-handed, consistent and predictable rules of the road that consumers, businesses and law enforcers can rely upon.

One Federal Standard in Harmony

“Without a consistent, preemptive federal privacy standard, the patchwork of state privacy laws will create consumer confusion, present significant challenges for businesses trying to comply with these laws, and ultimately fall short of consumers’ expectations about their digital privacy. We ask the Congress to harmonize privacy protections across the country through preemptive legislation that provides meaningful protections for consumers while allowing digital innovation to continue apace.”

It is worth reading the testimonies of the privacy advocates present at these two hearings, as well. These GDPR fans have many sympathetic voices in the media and Congress, and truly need to be part of any conversation where consensus ought to be built. It is my hope the right federal legislation will result. The early evidence from Europe where advocates won over reason portends the punitive risks of getting it wrong.