Data from a 2017 Pew Research Center shows that nearly half of all Americans (49%) believe their personal data is less secure now than it was five years ago. With a slew of recent data breaches and a groundswell of pro-consumer privacy campaigns from some companies, it would not be surprising to find that percentage has grown over the past two years.
Yet the world continues down the path of becoming more and more connected. Gone are the days where our digital connection ends when we leave our desktop computer. From the watches we wear to the cars we drive, more data is being generated than ever before.
But where does this data live? How was it generated? Who has access to it? How well is it protected? And what happens to me if my data is exposed? These are the questions that ultimately keep consumers up at night.
Individuals must now understand - and successfully navigate - an increasingly complex ecosystem of T&C legalese, privacy policies, and permission settings in order to safeguard themselves from external threats without ruining their digital experiences.
Concerns over a lack of corporate responsibility also linger, as well as the realization that consumers may be unaware if their data has been compromised in the first place. This lack of transparency among consumers on how their data is being leveraged has facilitated a new wave of demands from the public for more effective legislation.
The current data regulation climate
Enter the General Data Protection Regulation (GDPR) in Europe. Data regulation before the rollout of the GDPR in May 2018 was largely reactive and lax at best, allowing companies to rely on passive opt-ins as the primary foundation of data collection and distribution processes.
The current US landscape is ambiguous, consisting of piecemeal initiatives and sector-specific laws that at times seem to complicate matters instead of helping. Regulations, policies and enforcement methods vary from state to state. Without a comprehensive federal response (yet), companies and consumers alike are left in a constant state of confusion and frustration.
Nevertheless, since the rollout of the GDPR, real changes have begun to take effect here in the US. Vermont took steps that require data brokers to register their names and practices with the state while California, who was the first to take the initiative on data regulation in 2003 with Senate Bill No. 1386, has passed the California Consumer Privacy Act.
In July of last year, the White House announced its intention to work with Congress on a “consumer privacy protection policy that is the appropriate balance between privacy and prosperity.” There has also been a noticeable uptick in data protection bills and hearings, coupled with public support from technology and marketing companies urging lawmakers to enact change.
The intersection of legislation and business models
Regulation impacts companies of all backgrounds and sizes, and the potential impact on data companies will be no exception. From walled gardens to independent location intelligence companies, every company providing a product or experience that depends on consumer data will need to reevaluate and adjust their current state of operations.
Take for example Google who, at its most recent I/O Conference, unapologetically admitted to using lots of consumer data to power AI and create incredible experiences for their products’ users. This is in complete contrast to Apple; whose approach was to strike fear in the hearts of consumers and shame other companies who generate and use data to provide its services.
Neither side is right or wrong; perspectives are mostly shaped by their primary business models. Apple - who generates most of its revenue from hardware sales - doesn’t want or need consumer data to sell more iPhones. Google - who still makes over 80% of its revenue from data-powered advertising - understands how powerful having droves of data can be and wants to apply that approach to every product they build. So, what will likely change?
Upcoming regulation will likely result in increased control over consumers’ data in three varieties: choice, usage and retention.
- Choice - Otherwise known as “opt-in,” expect legislation to force technology companies to be more transparent more frequently about what data consumers are agreeing to share with whom. One example is Apple’s proactive announcement that its iOS 13 update would include new privacy features, including a more detailed view of how apps have been using your location in the background. Note: Too many notifications could lead to “banner blindness” as has happened with GDPR “Accept Cookies” notifications across EU-based websites, negating the desired outcome.
- Usage - The fact that someone has granted permission to a service doesn’t mean they have specifically consented to that data being used in other places. This doesn’t just apply to data being brokered to third-parties; it may also mean data collected inside one product (say, WhatsApp) cannot be used to enrich others (like Instagram Ads) owned by the same company.
- Retention - Just because someone wants to use a device’s location services to get from Point A to Point B doesn’t mean they need that data trail stored in perpetuity. Google has recently introduced more privacy-specific features like Incognito Mode in Google Maps that allows consumers to opt into their data being used for a very short time.
It comes down to trust
With these three components in mind, companies will need to take proactive measures, as they always have, to continuously prove the value of their services in a way that translates to the consumer.
When it comes to data privacy, most individuals actually support the usage of their data to power better experiences. A poll conducted by The Manifest tells us that the majority of consumers (57%) are comfortable with the use of location data with 42% citing it makes things more convenient.
It’s not that the majority of individuals dispute the utility of their data being used. It’s that many want more control over and awareness of their data rights.
If the past has shown us anything, companies need stronger incentives and more accountability to secure and protect consumer data. New regulations will hopefully tackle both of these issues by placing a greater degree of scrutiny on the information exchange process and increase the trust in companies that continue to prove themselves.