It’s easy to raise alarms about the perils of any device with an iota of connectivity and its apps, and wonder what horrors of privacy invasion are possible. The hard part is to design happy endings between customers and data-collecting businesses.
Current technology has the capacity, if so used, to invade everybody’s privacy. Possibly, a huge amount of information is available about any person, through their electronic communcations from interactions with every thing including the kitchen sink.
Feasibly, this information can be interpreted by cross-referencing algorithms to explode the knowledge about any individual to unintended/unknown/unexpected business (or worse, government, legal firm or potential employer/lender/insurer).
And, no question, the temptation for a business to sell the information it collects to a paying party is as real as its accounts payable and demands of shareholders to see a positive bottom line.
The challenge for any business is to balance respecting privacy and providing customers with valuable, personalized services and products that can be derived from their personal data/preferences. Businesses should profit that offer products customers enjoy/find useful/need. Everybody wins. Everybody loses if the customer is shocked and appalled when they find out how much data snarfing and manipulation has been done to them, via an innocuous app to order cheese.
If there was an ultimate answer to questions about the business use of personal data, there’d be no reason to think or write about it. I’m writing about it. This means we are in the middle of an evolution of laws, attitudes and norms about digital data and privacy. Today’s answer may not address tomorrow’s technical capability.
Some principles that can be considered by customers, businesses and policy-makers:
1. Customers/users of any electronic functionality that has the capacity to collect data: This means everything: from the map on your cell phone, site to register to vote, liking a creator on social media, your dentist’s automatic reminders, to tapping your phone at a kiosk to pay for parking. The answer is yes. Everything, everywhere, every business. At least you might as well assume so, because it’s possible.
Be aware. There are data collectors everywhere. Some are nice and doing their duty to provide you with service. Some are not so nice and trying to take advantage of the situation.
Just as you are more vulnerable walking down an unfamiliar street, or choose the dubious street but know the risks, you take extra precautions travelling these avenues. Same for online. Trust what you know. Be cautious of what you don’t. When faced with ‘have to’, ask questions. When faced with options, take the time to select what works for you.
2. Businesses collecting and using data. As in, every business, everywhere, most of the time. Just because you can, should you? Collect a maximum of data, that is. And then, even if you come to some strategic approach to collection that fits with the firm’s values, what are appropriate uses for the collected data?
A few emerging principles1 of good data use by businesses:
- only collect what is necessary to provide the service offered. If the product is pet food, the gender and age of the human buyer isn’t required. It might be useful to the business to develop a demographic profile of its customers, but it isn’t required to suggest the best food for a young poodle. On the other hand, the gender of the customer would be critical information if the product was undergarments, and the breed of their pet, irrelevant.
- transparency. This means full disclosure on the data collected and what it will be used for. “Business purposes” doesn’t cut it as an explanation for data use. This could mean anything from filing taxes to targeted emails, to selling the data to pay the bills. ‘Making recommendations based on your preferences’ seems sincere. This is an age old helpful sales tactic, suggesting similar items.
- deleting accounts, aka the right to be forgotten. When the customer removes themselves from your platform, respect it. Don’t be the stalker than needs a restraining order when the consumer has selected: delete my profile, unsubscribe, or just inactivity. If there’s been no contact for months, no contact should be maintained.
- security. If confidential data is being collected, it is the business’ responsibility to protect it. Millions of leaked social security/insurance numbers, addresses or credit card numbers are not ok.
- here’s an emerging thought. If your sales people would be embarrassed to ask for the information while looking the customer in the eye, it isn’t appropriate to collect electronically.
3. Policy-makers. Governments, industry organizations, academics.
The job is difficult and requires balance to nurture free enterprise and supporting economic growth, while protect the rights of the individual. The tricky thing about digital data is that it’s hard to see.
Find ways to enforce privacy codes. It is difficult for the consumer to know what information has been collected about them and even harder for the consumer to know what use it might be put to. I believe businesses, at least in the past, may not know what information they’ve collected. Require businesses to explain what they collect and what they do with it. Make it manditory that the explanation is in plain sight.
And keep watching. The area is evolving, so evolve policies and regulations.
We’re all in this together, business, consumer, and governing body. We all have things to gain and lose. Cooperate and coordinate. We’ll all live happily, privately, ever after.
1 I’ve drawn these principles from the GDPR from Europe https://gdpr.eu/what-is-gdpr/ , Canadian Government https://www.priv.gc.ca/en/privacy-topics/business-privacy/safeguards-and-breaches/safeguarding-personal-information/gd_rd_201406/ , and my synopsis of many other readings and conversations about customer data use.
Thanks for header image to
It’s easy to raise alarms about the perils of any device with an iota of connectivity and its apps, and wonder what horrors of privacy invasion are possible. The hard part is to design happy endings between customers and data-collecting businesses.
Current technology has the capacity, if so used, to invade everybody’s privacy. Possibly, a huge amount of information is available about any person, through their electronic communcations from interactions with every thing including the kitchen sink.
Feasibly, this information can be interpreted by cross-referencing algorithms to explode the knowledge about any individual to unintended/unknown/unexpected business (or worse, government, legal firm or potential employer/lender/insurer).
And, no question, the temptation for a business to sell the information it collects to a paying party is as real as its accounts payable and demands of shareholders to see a positive bottom line.
The challenge for any business is to balance respecting privacy and providing customers with valuable, personalized services and products that can be derived from their personal data/preferences. Businesses should profit that offer products customers enjoy/find useful/need. Everybody wins. Everybody loses if the customer is shocked and appalled when they find out how much data snarfing and manipulation has been done to them, via an innocuous app to order cheese.
If there was an ultimate answer to questions about the business use of personal data, there’d be no reason to think or write about it. I’m writing about it. This means we are in the middle of an evolution of laws, attitudes and norms about digital data and privacy. Today’s answer may not address tomorrow’s technical capability.
Some principles that can be considered by customers, businesses and policy-makers:
1. Customers/users of any electronic functionality that has the capacity to collect data: This means everything: from the map on your cell phone, site to register to vote, liking a creator on social media, your dentist’s automatic reminders, to tapping your phone at a kiosk to pay for parking. The answer is yes. Everything, everywhere, every business. At least you might as well assume so, because it’s possible.
Be aware. There are data collectors everywhere. Some are nice and doing their duty to provide you with service. Some are not so nice and trying to take advantage of the situation.
Just as you are more vulnerable walking down an unfamiliar street, or choose the dubious street but know the risks, you take extra precautions travelling these avenues. Same for online. Trust what you know. Be cautious of what you don’t. When faced with ‘have to’, ask questions. When faced with options, take the time to select what works for you.
2. Businesses collecting and using data. As in, every business, everywhere, most of the time. Just because you can, should you? Collect a maximum of data, that is. And then, even if you come to some strategic approach to collection that fits with the firm’s values, what are appropriate uses for the collected data?
A few emerging principles1 of good data use by businesses:
- only collect what is necessary to provide the service offered. If the product is pet food, the gender and age of the human buyer isn’t required. It might be useful to the business to develop a demographic profile of its customers, but it isn’t required to suggest the best food for a young poodle. On the other hand, the gender of the customer would be critical information if the product was undergarments, and the breed of their pet, irrelevant.
- transparency. This means full disclosure on the data collected and what it will be used for. “Business purposes” doesn’t cut it as an explanation for data use. This could mean anything from filing taxes to targeted emails, to selling the data to pay the bills. ‘Making recommendations based on your preferences’ seems sincere. This is an age old helpful sales tactic, suggesting similar items.
- deleting accounts, aka the right to be forgotten. When the customer removes themselves from your platform, respect it. Don’t be the stalker than needs a restraining order when the consumer has selected: delete my profile, unsubscribe, or just inactivity. If there’s been no contact for months, no contact should be maintained.
- security. If confidential data is being collected, it is the business’ responsibility to protect it. Millions of leaked social security/insurance numbers, addresses or credit card numbers are not ok.
- here’s an emerging thought. If your sales people would be embarrassed to ask for the information while looking the customer in the eye, it isn’t appropriate to collect electronically.
3. Policy-makers. Governments, industry organizations, academics.
The job is difficult and requires balance to nurture free enterprise and supporting economic growth, while protect the rights of the individual. The tricky thing about digital data is that it’s hard to see.
Find ways to enforce privacy codes. It is difficult for the consumer to know what information has been collected about them and even harder for the consumer to know what use it might be put to. I believe businesses, at least in the past, may not know what information they’ve collected. Require businesses to explain what they collect and what they do with it. Make it manditory that the explanation is in plain sight.
And keep watching. The area is evolving, so evolve policies and regulations.
We’re all in this together, business, consumer, and governing body. We all have things to gain and lose. Cooperate and coordinate. We’ll all live happily, privately, ever after.
1 I’ve drawn these principles from the GDPR from Europe https://gdpr.eu/what-is-gdpr/ , Canadian Government https://www.priv.gc.ca/en/privacy-topics/business-privacy/safeguards-and-breaches/safeguarding-personal-information/gd_rd_201406/ , and my synopsis of many other readings and conversations about customer data use.
Header image photo by Petter Lagson on Unsplash.