Let's talk about data usage rights
3 ideas to consider as the US continues to skirt federal privacy regulation
On May 10, 2022, Connecticut joined an exclusive but growing club when it enacted its version of comprehensive consumer privacy legislation. Scheduled to go into effect in July 2023, the law follows in the footsteps of California, Colorado, Virginia, and Utah by giving Connecticut residents more control of their personal information, including the ability to opt out of their personal data being sold or processed, and placing restrictions on how companies collect personal data. It isn't as wide-ranging as the California Consumer Privacy Act; instead, it more closely follows the business-friendly models in Virginia and Colorado.
At the same time, the internet’s biggest platforms are increasingly competing for the mantle of staunchest consumer privacy protector. Apple has famously enacted a raft of privacy policies over the last few years that have significantly impacted not only how the internet works, but also the bottom lines of many significant players, including a $10 billion hit for Facebook parent Meta.
And this week, Google unveiled several privacy measures aimed at building trust and giving users more control over how the company uses their data and displays it through search. One feature will allow users to request the removal of their email and home addresses from search results. Another option called My Ad Center will give users more control of how they’re targeted with ads by letting them choose the topics they’re interested in and those they aren’t. These products are part of a new set of technologies Google calls “protected computing,” which involves processing more data on devices rather than in Google’s cloud servers. Any data that makes it to their servers will be largely anonymized.
“Protecting your privacy requires us to be rigorous in building products that are private by design,”
Jen Fitzpatrick, Google’s SVP for core systems and experiences
All of this amounts to a lot of disjointed action at a time when Congress is slow-walking a federal data privacy framework. Since we’re in the early stages of what may be a long haul before the US enacts a federal law (if ever), we believe the time is ripe to shift the conversation about privacy. We need to move past privacy as a concept and instead focus on data usage rights. The reason is simple: Privacy feels like an option, a nice-to-have. But data usage rights are a more honest way to characterize an asset that underpins the entire internet economy.
Ana had the pleasure of exploring data usage rights and other aspects of privacy in a recent She Said Privacy/He Said Security podcast with Jodi and Justin Daniels. We’ve already discussed various facets of consumer data privacy in previous Ones, but this podcast conversation highlighted three key themes that we believe are worth exploring further.
1. Data usage rights
For the entire history of the internet, consumers have had little to no control over how their data is used or monetized. These liberal privacy and data practices in the US led to incredible innovation, but the times have changed. Countries are increasingly enacting data privacy frameworks that give users more control of their data, beginning with Europe’s General Data Protection Regulation (GDPR), and consumer expectations for their data privacy are quickly evolving. As mentioned, framing the issue around data rights usage is a more honest acknowledgement of the value of data and how consumers should be rewarded for sharing it. Consumers should be able to say, “OK, you have my data and I’m fine with you using it to give me a discount, but I’m not OK with you selling it to a life insurance company, which could use that information to charge me higher rates for a policy.”
In the US, the federal government doesn’t give consumers the ability to opt out of that type of scenario, which is funny considering that government organizations may be one of the biggest offenders of sharing and selling personal information. It’s not like you can opt out of the Department of Motor Vehicles selling your driver’s license information, for example. We believe that the more we can make the consumer an active participant in the value exchange for their data, the better the conversations, products, and solutions we can have that would adequately address privacy. Until then, privacy is an amorphous concept that doesn't receive the urgency and significance that it deserves.
There are signs of progress. There are some fairly nascent efforts to build bona-fide value exchanges between companies and consumers. For example, there are emerging programs in which retail chains collect consumer loyalty data in exchange for more personalized offers to individual consumers, rather than the generic discounts offered to everyone. But it’s tricky: The sheer size of these datasets can make it difficult to calculate the value of an individual’s personal information. Yet the value of the entire dataset is extremely high, so this process of redistribution is ripe for innovation. Until then, the Googles, Facebooks, and Amazons of the world will continue amassing overwhelming amounts of user data from which only they can benefit economically and commercially. There is little incentive for these platforms to share more of that benefit with consumers—other than, say, letting people use Google Maps for free—until consumers gain greater awareness of their data usage rights.
2. A UN for data
In 2017, Denmark appointed the world’s first ambassador to Silicon Valley to represent the nation’s interests to the technology industry. The rationale was that the major tech players now have as much power as some governments—or, in many cases, much more. “These companies have moved from being companies with commercial interests to actually becoming de facto foreign policy actors,” said Casper Klynge, a career diplomat who served as Denmark's Tech Ambassador from 2017 to 2020. (He's now VP of European government affairs at Microsoft.)
This got us thinking about what we would need if we could re-architect the digital advertising system from scratch with privacy in mind. We would definitely need some form of governing body that could represent citizens’ data. Since data is in many ways global, some type of body — a United Nations for data, if you will — could act as a watchdog for consumer data across all media channels, not just digital, which is the dominant use case that everyone focuses on.
At the national level, we could have a cabinet-level data czar whose sole job is to focus on different uses of citizen data, supported by a significant budget, enforcement powers, and the organization needed to create processes and products for the management of consumer data. This could be a dream scenario from a consumer data privacy standpoint.
3. Beware of de facto identifiers
Consumers need more education about the best practices that will keep their private information private. Although most people are rightfully protective of personal information such as social security numbers, they should be equally as cautious about freely giving out their email addresses or phone numbers. Google your mobile phone number and see what happens.
Email addresses and phone numbers have become de-facto identifiers. And over the last decade, companies of all stripes have been asking us for those critical bits of information. Most of us never gave it much thought (unless we started receiving a ton of spam in our inboxes), but those addresses and phone numbers now act as the connecting keys for a lot of really sensitive personally identifiable information and anonymous databases.
Imagine filling out a silly online quiz that requires your email address to see the results. Maybe you were goofing around when describing your lifestyle, not knowing that exaggerating your penchant for Cuban cigars would lead to a denial of coverage years later by a life insurance company that happened to buy a dataset with information from that quiz.
That’s why we as consumers need to start practicing better email and phone number hygiene. It would also be helpful if companies like Google were to provide consumers with a better ability to obscure their email addresses from websites and other services, similar to Apple’s Hide My Email function.
It’s not just our email addresses and phone numbers we need to pay attention to. If you have a Facebook profile, your birthdate may also be viewable to a pretty wide audience.
These are just a few of the conversations we need to be having about consumer privacy as the US continues to skirt a federal framework. While the tech platforms will undoubtedly lobby Congress to make any pending regulations as business-friendly as possible, who will speak on behalf of the consumers whose privacy these rules are meant to protect?
How much do consumers really care about any of this, especially if regulatory action doesn’t address offline data collection?
Thanks for reading,
Ana, Maja, and the Sparrow team
Enjoyed this piece? Share it, like it, and send us comments (you can reply to this email).
Who we are: Sparrow Advisers
We’re a results oriented management consultancy bringing deep operational expertise to solve strategic and tactical objectives of companies in and around the ad tech and mar tech space.
Our unique perspective rooted deeply in AdTech, MarTech, SaaS, media, entertainment, commerce, software, technology, and services allows us to accelerate your business from strategy to day-to-day execution.
Founded in 2015 by Ana and Maja Milicevic, principals & industry veterans who combined their product, strategy, sales, marketing, and company scaling chops and built the type of consultancy they wish existed when they were in operational roles at industry-leading adtech, martech, and software companies. Now a global team, Sparrow Advisers help solve the most pressing commercial challenges and connect all the necessary dots across people, process, and technology to simplify paths to revenue from strategic vision down to execution. We believe that expertise with fast-changing, emerging technologies at the crossroads of media, technology, creativity, innovation, and commerce are a differentiator and that every company should have access to wise Sherpas who’ve solved complex cross-sectional problems before. Contact us here.