April 15, 2019

Why forward thinking companies are baking data protection into their business models


‘Privacy is no longer a social norm’ declared Mark Zuckerberg back in 2010. After Facebook’s Terrible 2018 and all the cascading PR disasters around the social network’s use of data since, you wonder if he regrets his words.

Back then he was setting the stage for future debates about how his company and others handle personal information. Data has famously become the oil of the digital era – and customer data is a valuable resource for every business. But as consumers become more aware of privacy and how tenuously its guarded, big tech companies are having to make clear whether they are data touts or data custodians – or both.

Are they tracking our every online gesture and selling that information to the highest bidder (answer: yes), or is a different business model possible, one where personal information is monetised in a way that leaves companies less open to breaches, damaged reputation, and lost sales?

Putting privacy on the corporate agenda

Data privacy and data ethics are very much on the radar this year with Big Four consulting firms EY and Accenture both issuing reports on the topic, while leading tech analysts Forrester and Gartner have said privacy needs to be a strategic priority in 2019.

As far back as 2017 both Apple and IBM kicked off marketing campaigns to position themselves as responsible data stewards. Apple launched a dedicated privacy website to amplify the features that differentiate it from competitors like Google, including algorithmic searching that gives users more control over what the company can see.

That same year IBM senior executives launched a charm offensive in Brussels to announce a new set of data principles and practices aimed at increasing trust (and minimising EU regulation) in Big Tech. It actually included a pledge never to turn client data over to government surveillance programmes in any country, as well as a commitment to ensure IBM clients will own the rights to their data, as well as any algorithmic AI/machine learning insight derived from it.

The message that’s emerging is that in a world where organisations store more information about us than ever before, protecting privacy can be competitive differentiator.

Changing the data model

Apple is being loudest on the issue. CEO Tim Cook said recently that Apple regards privacy as “a fundamental human right”, and was a rarity amongst business leaders in applauding the arrival of GDPR. He even went a step further, saying Apple supports ‘…a comprehensive federal privacy law in the United States.”

Competition plays a part in all of this and Cook is positioning Apple strongly against Facebook and Google for hoovering up personal data. But it was also a new kind of marketing pitch: in a world in which most economic value is going to be derived from intellectual property, we are going to protect that value.

How would this work in practice? Apple is pushing a technique known as differential privacy which allows its data scientists to analyse user behaviour, while preserving anonymity by mathematically masking the data before it leaves a user’s device.

As a B2B business IBM is now saying it won’t keep any proprietary data on its servers for more than a specified contract period, and that the informational value derived from Watson or AI tools would be owned by the clients themselves. For example, if a national health service gave IBM its health records for storage and analysis, it couldn’t then monetise information about, say, aggregate morbidity and mortality rates in certain post codes.

That’s a very different approach from Google’s or Facebook — whose business models are basically a delivery mechanism for highly-targeted advertising based on detailed behavioural information gleaned from end users.

A privacy bill of rights

Speaking in Brussels last October Apple’s Cook said personal data is being ‘… weaponised against us with military efficiency,’ with the profiles companies are building up of individuals amounting to surveillance. Apple, he said, treats customer data like “precious cargo”. Perhaps if the world’s first or second biggest company (by market capitalisation) can bake privacy into its core business model, others can too.

In the same speech he laid out a ‘privacy bill of rights’ for consumers that all organisations collecting personal data should follow:

  • One: the right to have data collection minimised. Companies should work to un-identify customer data, or avoid collecting it in the first place.
  • Two: the right to know. Consumers should know what data is being collected and why.
  • Three: the right to access. Acknowledge that data belongs to users, and make it easy for users to obtain, correct, or delete their personal data.
  • Four: the right to data security. Explicit acknowledgement that protecting personal data is foundational to trust.

Would adopting those principles diminish Big Tech’s economic and surveillance power? It’s still too early to say, but the idea of simply saying to customers “you own the data, and you own the insights” marks an important change.

A long list of data mega-breaches have made consumer much more aware of the value of their personal data and how tenuous the protections are around it. As a result, organisations can’t go on minimising people’s concerns. Ignoring privacy may just drive customers to competitors who show they respect it.

Share this: