Analytics & Data Community Insights Security & Privacy

Research Calls Into Question Our Ability to Consent to Data Collection

New research has shown that the general public’s lack of understanding about data and technology runs deeper than what our current privacy laws take into account. An “informed consent” standard, requiring companies to educate their customers to understand what it means to consent to data collection, will likely emerge to span the gap. But evolving the law would present a new set of brand challenges and legal obligations for technology companies, and could fundamentally alter how the market values any business’s data assets.

It is Not Consent if Uninformed

According to a recent Data Collection & Consent survey conducted by Publicis Sapient, where I work, as well as Google Cloud, most people (61%) know almost nothing about what companies do with their data. That calls into question their ability to consent to data collection. This data ignorance is not as pronounced for Millennials and Gen Z, who used computers and digital devices way back in their toddler years, but even those generation’s most tech-savvy members do not understand how their data is used. And older generations are mainly in the dark on the subject, feeling so overwhelmed that they tend to disengage from learning about their data altogether.

This digital ignorance and corresponding apathy is natural, but it presents a fundamental problem for data privacy legislation founded on the concept of consent. The research shows that when we consent to data collection, most of us have no idea what it means. To truly consent, we have to understand (or at least be given a chance to understand) that which we are permitting. This is no insignificant nuance. When prompted with a simplified explanation of what data is collected, and by which types of companies, members of all generations reported discomfort with mosttypes of data going to any kind of company, and with some companies receiving any types of data.

With every leap forward in technology, we should expect the gap between the public’s understanding of how their data is collected and the sophistication by which companies collect and use that data to increase. Now that every business is transforming into a digital business, that gap will only widen faster. Indeed, the practice of collecting information has become widespread enough that a new technology category called ‘Customer Data Platforms’ has emerged to describe systems and services that provide data collection, storage, mining, and activation functionality. Adopting these techniques has been further accelerated by the adoption of cloud computing, the rise of machine learning, and ways businesses are finding to make money with consumer data.

The more technologically-advanced companies will be hesitant to recognize or acknowledge that permission for data collection can only be truly granted if consumers have knowledge about the risks, benefits, and consequences. The same thing happened in the history of medicine. During the 1800s, the medical profession was divided on whether to disclose prognoses to a patient. Most physicians of the time argued against informing patients of their condition, claiming that they would not understand, even if it were explained. It took decades to recognize the potential of injury to an uninformed patient, and decades more to incorporate that concept into English Common Law, in the form of Negligence.

So here we go again. When it comes to data, whose obligation is it to inform the patient, and how can we tell that they understand?

Information is Power and with Great Power…

The public’s awareness of the competitive business advantage that customer data provides is on the rise, along with a growing concern about companies’ widespread data collection efforts. Individuals need to be handled differently according to their privacy sensitivity and their level of understanding about how data works. We need to mimic the conversation with your doctor, the one you are entitled to before you sign a release for a given treatment. That conversation is not one-size-fits-all, and its digital equivalent must be more than a mere pop-up.

Companies that take on the onus of gathering informed consent will benefit. Individuals who know more about what companies do with personal data tend to see the benefit of companies collecting theirs, the research shows. They connect the benefit to brand identity, and, more importantly, it can lead to brand loyalty. This presents an opportunity for companies willing to embrace transparency and take on the duty to educate their customers proactively.

The reverse behavior–that is, customers never sharing their data with brands they do not trust, is also widespread. While just 29% of Baby Boomers are “satisfied” with their privacy, 76% said they’d be more inclined to do business with a company if they are allowed to delete their data after sharing it, including things like location tracking and browsing history. The research suggests that the fear of missing out on data collection should drive companies to inform their customers about data collection and usage. If brands do not address their use of data head on, this problem won’t only lead to punishment from regulators; in addition, consumers will punish brands with their spending as they move to businesses they trust.

When we compared the business risks of missing out to the risks companies might face from data deletion, the former is considerably stronger. This is partially because most consumers do not delete their data when given the opportunity. Paradoxically, the very act of giving customers control increases brand trust, and data sharing. From a business perspective, a fear of being perceived as “creepy” should, therefore, outweigh the fear of potential data loss due to transparency or deletion. For brands to maintain relationships with their customers through data, they need to foster and nurture that trust.

Data valuation will lead to further government intervention

Businesses should know their customers, and in a digital world that is almost necessarily achieved through customer data. Every company should and will transform into a data collector, because of the value and efficiency customer data unlocks, and because the way we value companies is already becoming based on the data they collect.

As privacy law advances, we will see company valuations tied to the customer data that companies can retain. But companies will need to inform customers about the data they collect, proactively or otherwise, to lock in that information’s present value. Without that step, the data collected by companies about individuals is a potential liability waiting for the law to catch up. Proactive transparency to regulators will put enterprises in a much better position when the inevitable legislation passes. It will help prevent those who are proactive from being caught in the crosshairs of a to-be-announced new regulator.

To be sure, the government itself is coming into the customer data platform space. Data about people is now a matter of national security, economic growth, and individual rights. Federal legislation may soon emerge in the United States, as it has in the EU, or we may even see a U.S. Data Agency that will standardize data collection and audit companies’ customer data platforms. This is not without precedent. We can look to the SEC and FINRA as a potential model. Like the financial markets, the data market might lead to companies being required to register as a data collector or data broker and to certify the employees who are expected to handle customer data just as they would a certified broker or analyst.

Data is the currency of the information age, especially data collected about individuals. That means the responsibilities of all companies are shifting, but those who get it right will find great new opportunities.

Max Kirby is director of customer data platforming at Publicis Sapient.

Leave a Reply

Your email address will not be published. Required fields are marked *