The Real Implications of Data Privacy Laws and Regulations
When it comes to data privacy, many of the biggest Internet companies in the world have received lots of criticism over the past years. Massive fines have been issued, and legal proceedings and hearings have taken place.
The Pros and Cons of Consumer Data Privacy Regulations
Data privacy can be a tricky subject for digital companies and consumers. On one hand, everyone wants superior services and innovative products. Mining lots of consumer data makes it possible for next-generation technologies and data collection initiatives to thrive.
On the other hand, only the biggest companies have the best access to lots of consumer data. This gives them incredible power: they can accumulate valuable assets through consumer data they collect, own, and control – and can leverage that data for advertising, product and service optimization, improving the user experience, and so forth. This leaves the field wide open for companies to potentially abuse that power and exploit consumer data in unfair or coercive ways.
GDPR and CCPA Compliance: What Are the Implications?
People tend to pay closer attention to issues of consumer privacy this time of year because Data Privacy Day (known in Europe as Data Protection Day) is January 28. The designation is meant to raise awareness of the issue of data privacy; and specifically to highlight the General Data Protection Regulation (GDPR), which passed in 2016, as well as the California Consumer Privacy Act (CCPA), which passed in 2018.
Both laws were passed to regulate the technology industry and introduce some standards to strike a balance between innovation and protecting the best interests of consumers. At Verto Analytics, we’ve had a GDPR compliant operation and methodology since our founding in 2013. Last year, we ensured we are also CCPA compliant.
But how do these laws actually influence companies or consumers? And will regulation create an even playing field for smaller companies to compete with Internet giants?
The Best Business Model to Comply with Data Privacy Regulation
The companies that will win markets in an era of data privacy regulation are those that can:
- engage directly with consumers,
- ask for explicit opt-in from users, and
- interact with customers to handle better the conditions and implementation of various data storage, handling, and privacy-settings related configurations.
Companies that can accomplish these things will be in a good position to comply with regulation while continuing to collect data. (This, by the way, is the model that Verto Analytics follows.)
The End of Companies that Run on Third-Party Data
Who will the losers be in this era of data privacy regulation and compliance? The various third-party middle men.
In today’s world, first-party data is power. Any company with a business model centered around platforms that aggregate or source data from other platforms (i.e. from platforms they do not own or control) will suffer.
It’s just not so easy any more to move data around, nor can companies establish questionable arrangements to collect and use each other’s consumer data. Before GDPR and CCPA, startups enjoyed certain legal, technical, and operational freedoms. They used those freedoms to create data management platforms (DMPs). However, regulation has restricted the ability of such platforms to manage and move data. Those freedoms no longer exist.
In other words, the handling and use of third- party data will be more difficult, which means first-party data will rule the world in the future. You can already see this happening: pixels, cookies, SDKs, tagging, browser plug-ins and other such solutions are increasingly being blocked, regulated, and restricted. That said, the Internet giants that control first- party data are not affected that much, and therefore will be OK in this era of regulation.
How Will Regulation and Compliance Affect Market Research?
Verto Analytics also operates in market research, and regulation has caused some shifts there as well. Namely, any media measurement company that does not own its own audience (or “panels”) or relies on data from other platforms will likely not last long in this regulatory environment. It’s now much more difficult for market research companies to collaborate with the big Internet platforms for ad measurement. In addition, companies cannot easily use APIs or other tools to retrieve data from consumer-facing platforms. Without complete consumer consent, it’s not possible for market research companies to innovate or operate easily enough to compete.
How Verto Analytics Handles Consumer Data
Again, Verto Analytics has always followed a model that respects consumer data privacy. Here are our current guiding principles around consumer data privacy and regulatory compliance.
We clearly tell those who participate in our panels what we do, why, and what data we collect. We do not hide anything, and we do not hide ourselves behind or within any other brands (beyond our own).
We remain in active dialogue and relationship with our panelists. We have processes that allow for two-way communications, and we make it easy for panelists to get in touch with us. We have a team and procedures in place to help us respond to inquiries or questions. We also proactively reach out to panelists when we feel communication would be useful or necessary.
All Verto Analytics panelists always go through a three-step opt-in process before they participate in panels.
Any of our panelists can leave at any time, and we have made it easy for them to do so.
We only collect the data we need in our market research business. We actively filter sensitive data, anonymize and aggregate data, and follow other technical tasks to control the data we collect and use.
Rights for information
We let panelists access their own data if they want.
We are in a direct legal relationship with the panelists (in other words, our panelists legally constitute our first-party data). We do not count rely on or partner with anyone else to collect consumer data.
We will continue to adhere to these principles as we grow our business. Consumer data privacy is not a one-off event or a sprint; it is an ongoing marathon. At Verto, we do not want to just fulfill the minimum requirements; we want to actively push forward the discussions around data privacy and influence the thinking needed to achieve the optimal balance of consumer privacy, safeguards, and innovation.
If you want to learn more about our methodology or data privacy practices, please email me at hannu.verkasalo(at)vertoanalytics(dot)com.