With the delicate balance between customer data and privacy in the spotlight like never before, the potential emergence of new standards and business models, is something that every business needs to be prepared for.
There is a now tired adage that has been circling the internet for a few years now: “If you aren’t paying for the online service, then you’re the product, not the customer.”
Free online services generally earn their profit by shunting ads into your eyeballs. Their customers are in fact not the end consumer, but rather advertisers. But this is a simplified take on the arrangement. It is more accurate to see end users as both customers AND the product.
For the last 15 years, consumers have been largely okay with making the Malthusian bargain of giving up aspects of privacy for free apps and services. The consequence of this however has quickly spiralled beyond anyone’s expectation – except maybe the expectations of advertisers.
Over the last decade the big players such as Facebook and Google employed technologies including cross-site cookies, Single Sign On (SSO), Ad IDs, and Third Party Data Aggregation to give them an unprecedented 360-degree view of their users. They have leveraged this data to serve more targeted advertising. But there is now a growing friction in these companies’ business models where they serve two masters: namely end-consumers and advertisers.
Third Party App developers have had even less oversight. Stories abound of malicious “free” apps that shunt your data way beyond the app’s purpose to who knows where. For example, one apparently innocuous mobile torch app for Android phones, with over 50 million downloads, was discovered to be silently sending location and device data to advertisers.
Despite mobile manufacturers tightening their app stores, this process continues to happens. A popular barcode scanner was transformed into malware earlier this year and was able to hijack 10 million devices. Even some of the world’s biggest social media/messenger apps have architecture that could allow personal data to be possessed by parties the user is completely unaware of.
Fortunately, some signs point to the winds shifting to a desire for more personal privacy online. Public policy and sentiment has moved rapidly towards demanding more privacy over the last three years (though a notable exception is public support for contact tracing during the Covid pandemic).
According to a recent government study, almost 90% of Australians want more control over their personal data online and 70% state that their privacy is a major concern. Worldwide the sentiments are similar and legislators are responding. The EU’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA) are just two policies instituted in the last couple of years to help give consumers more agency over their data. Here in Australia, the federal government has been increasingly locking horns with social media companies regarding media publishing rights and moderated content.
So what comes next?
If the current trends continue – and it’s a very big IF – there is the potential for a fundamentally different digital ecosystem to emerge. Platforms that give agency to consumers and control over their data, enabling them to protect their privacy, could become major players in this evolving market.
Tim Berners-Lee, the ‘inventor of the internet’, has founded new company called Inrupt to create a new web standard that allows users to lock their data into “pods” and give them sovereignty over where and how it is shared. It is a compelling new concept that has aroused considerable interest among technologists and privacy experts.
What is the downside to these new privacy conscious platforms? People may have to pay for them. Even social media might eventually have a real cost, much like online media platforms have been moving to. In reality, though, we have already been paying a hidden cost for social media: selling out our privacy to advertisers.
For businesses who want to be on the right side of history when it comes to customer data and privacy, it has become critical not to have divided loyalties. The simple fact is customers pay you, and you work only for them. When it comes to customer data the ethical goal should be the reverse of free online apps and ecosystems. You want our customer data to work for them, not work for others.
If – as another tired adage goes – “data is the new oil”, then in the new, data and privacy conscious future, perhaps companies should profit from their own oil wells, not have them exploited by (often unknown) third parties.
By Hamish Browne, CTO, Wiise
This article was first published by B&T