In the brave new digital world, where data has become the fuel for growth in almost every sector of business, data privacy is the elephant in the room.
Everyone realizes its importance, and some, like Apple and WhatsApp, have taken steps to make it a key feature of their products, but many still only pay lip service to addressing larger issues involved.
Now with the recent spat between the FBI and Apple over the San Bernardino bomber’s iPhone grabbing major headlines, the future of data privacy has come front and center once again.
Privacy: A Late Priority
The seismic shift to enterprise cloud-based solutions owes a large amount of its momentum to the agility and flexibility of the “as-a-service” model. With easy access to CRM data on Salesforce, marketing data on HubSpot, and web analytics on platforms like Piwik PRO — there isn’t much to hate about the many options out there.
The problem ironically for many companies is having too many ready-to-use applications at their disposal. Data, some of it duplicate, is scattered across multiple systems and departments and is difficult to track.
The result is data privacy often takes a back seat to efficiency, speed, and revenue potential. This is especially true in digital advertising and marketing, two areas where leveraging data has become a top priority and privacy concerns are often lost in the shuffle.
Case in point: a mere 2 percent of 500+ IT professionals who took part in a survey commissioned by Blancco Technology Group indicated marketers care most about data privacy. Management and IT departments fared better (though not overwhelmingly), but that may change in the near future. Here are three things driving the future of data privacy that marketers need to be aware of.
Data Privacy Regulation & Compliance
First and foremost, a wave of new and more explicit regulations will force companies to take data privacy more seriously.
The threat of fines combined with growing awareness and concern about personal privacy among consumers, and the possibility of losing their trust, are sure to have an effect.
The spectacular fall and imminent bankruptcy of British digital-advertising phenomenon Phorm, whose shady practices caused general outcry, is just one example of what can happen with a lack of regulation and restraint.
Last December saw a major overhaul in data-privacy legislation in the European Union. The new General Data-Protection Regulation (GDPR) includes provisions for:
- Erasing all personal data at a user’s request, otherwise known as the “right to be forgotten.”
- Notifying authorities of security breaches within 72 hours.
- Requiring a “genuine and free” consent from users for data collection and hard proof of this consent for future compliance audits.
- Fines of €20 million or 4% of global revenue, whichever is higher.
The new rules make exceptions for small- and medium-sized businesses, including a waiver on appointing a data-protection officer and reduced responsibility for notifications. They do, however, apply not only to all member states, but also to foreign companies operating within the European Union. This means their range and impact will be truly widespread.
Data Leakage: Regulation Out of Self-Interest
Controlling data is not only important to government bodies and individual users; companies have a vested self-interest in data privacy, and this may turn out to be an impetus for change.
The complex digital-advertising ecosystem runs on massive amounts of data, much of it collected with the help of tracking pixels (or tags) embedded in web pages and applications users interact with.
As brands seek to leverage that data to optimize their advertising and marketing campaigns, there is concern some of it may “leak out.” This can occur when third parties, usually advertisers, surreptitiously fire tags on ad networks or publisher websites, allowing them to rake in user information to their data management platform (DMP) and later take advantage of that data for other purposes. This kind of data leakage can be a serious problem.
In response, some publishers and ad networks, most notably Google, have forbidden DMPs from firing tags on publisher sites that use its Display Network, the exception to this being if the DMP is connected to the demand-side platform (DSP) making the transaction.
The other solution for publishers is to avoid selling inventory on open ad exchanges where they have limited control over who it is sold to. Instead, they should work through private marketplaces or sell directly to brands they trust.
What does this mean for data privacy?
With companies everywhere becoming more dependent on data in order to gain even the slightest edge, they are more likely than ever to take protective measures, putting them in a better position to guarantee privacy for users.
The Data Consolidation Imperative
There is another reason why the data-privacy situation will likely improve: As the Blancco survey shows, data generated across different departments of a company very often becomes “siloed.” Sometimes it is even duplicated. Advertisers don’t like this because it means that often a portion of their targeted ad campaigns are shown to the same audience unintentionally. Data duplication is also why some companies have a hard time complying with “right-to-be-forgotten” legislation.
However, marketers (those to whom data privacy didn’t seem very important) are recognizing what a barrier these silos present to their efforts to effectively target customers in a personalized way.
As a result, there is a greater imperative for merging data, integrating systems including CRM, marketing automation, e-commerce, and greater transparency company-wide. While the main goal of this move may be to improve ROI, its side-effect will make data-privacy compliance easier.
Technical Considerations and Implications
Moving towards more effective data control implies certain adjustments in processes as well as changes in the technology itself.
With the need for tracking data across various stages, from gathering to storage to actual usage, it becomes essential for companies to set up their systems with this data lifecycle in mind. This includes identifying what data may be shared with third parties and when, as well what measures need to be taken in order to account for its usage and eventual deletion.
One solution that companies are considering is building a private or hybrid cloud system to host their applications. In the past, this approach seemed to have too many disadvantages, however, new innovations like Docker for hosting apps and pushing updates have made it more feasible.
As mentioned above, the desire for more efficient exploitation is leading companies to merge data sets and make them more accessible using data management systems. This should help in the process of creating lifecycle roadmaps. It will, however, require careful planning in the area of permissions (who has access to what) and alerts (to identify possible data breaches so they can be reported and fixed quickly.)
All things considered, the issue of online data privacy is not likely to fade any time soon.
As a result, companies need to take a hard look at their current policies and practices and make provisions for future changes, keeping in mind their new solutions should be developed with security as a top priority.
This article originally appeared on Momentology.