Data privacy – especially the collection, storage, processing, handling, and use of personal data – has been dominating the headlines lately. Spurred by high profile cases such as the recent allegations around Cambridge Analytica and Facebook, the topic is also gaining momentum as the May 25 implementation date for the EU’s new General Data Protection Regulation (GDPR) approaches. The new GDPR presents some of the most drastic changes to data privacy laws in the EU, but will have global impact on how brands and advertisers interact with consumers.
Of course, this isn’t the first time that questions around data privacy have ruffled tech companies’ feathers. Seven years ago, CarrierIQ’s data-logging software was discovered publicly on iPhones. While they had been collecting technical data from mobile devices (both Androids and iOS handsets) in a legally viable way, the episode still proved to be a PR nightmare, for CarrierIQ as well as the device manufacturers involved, ranging from Apple to Samsung. And in the audience measurement space, major companies like comScore have continued to face challenges around ensuring that their consumer panels are legally compliant, and that panelist consent is explicitly collected.
3 ways to improve the data privacy situation for both consumers and tech companies
First, I want to clarify the benefits and value that big technology platforms, such as Facebook and Google, bring to the world of advertising. While many think otherwise, as a consumer, I don’t mind using an ad-supported service – meaning that I am served a few ads in exchange for a subsidized or free service – as long as those ads are well targeted and relevant to me. Sometimes that ad targeting may feel eerily prescient, but hey, that’s big data at work – server computers, algorithms, models.
An even better way to assess the situation is to accept that consumers stand to benefit from three improvements to the current technical and legal circumstances:
- Greater transparency – as consumers, we all need a better understanding of how technology platforms work, what data is collected, where it is stored, and how it is ultimately used by brands, advertisers, and others. The current status quo – a giant black box – fosters a generally negative public perception of how these technologies (and the companies that use them) work. Instead, we need the press, regulators, and tech companies themselves to operate more openly to clarify their policies and better inform both stakeholders and consumers about how and why they use consumer data.
- More control and discipline – rather than strict penalties that would adversely affect the industry’s innovation cycles, the industry needs to establish legal baselines around the trade of private data, applicable to both small and large businesses. It is said that regulators are always two steps behind the commercial players. Perhaps with the GDPR and other similar efforts, regulators are now just one step behind commercial innovation. In fact, carefully-considered regulation could make it even easier for the big tech companies to innovate faster and pursue data deals and acquisitions or partnerships that could provide more value to consumers. There is lots of uncertainty in the air at the moment, and a more proactive and constructive regulatory environment would help.
- More freedom for consumers – increased transparency and better regulations are great, but consumers need to have a greater say in how their data is used as well. When consumers want to access their data, close a given account, or understand how a certain feature works, they should have the right to request and receive exactly that. Consumers should also have a safe, coordinated channel to raise their voice and opinions on how they want their own data to help them in their everyday lives.
How Verto Defines and Protects Personal Data
Many of our employees, clients, and partners have asked me how Verto defines personal data in the first place. From a legal and technical point of view, any data record or a combination of records that can identify an individual consumer constitutes personal data. Obviously, things like email addresses, phone numbers, and home addresses are extremely strong forms of personally identifiable information (PIID). Even just one of these data points could potentially identify a consumer. However, other data records can also constitute personally identifiable information, even if they are not directly tied to a consumer, as is the case for names or ID codes. For example, location data record histories, IP addresses, or clickstream activities (page visits), can constitute personally identifiable information when a sufficient quantity of these records are collected from a single user. Therefore, all types of data, whether directly or directly linkable to a consumer, should be treated with care.
It is crucial for technology companies to explicitly state what forms of data is collected and why it is needed. Even though most big internet companies meet this requirement from a legal perspective, as a consumer, it’s not easy to understand what data they are gathering, how they’re gathering it, and why. While I am impressed and interested in the products that many of the big Internet companies have built and the value they have created for us as consumers, at the same time, the inner workings of the trade are not as easy to understand. I log into Facebook, I chat with my friends, and I share my life’s best moments in the network. As a result, I see specific ads as a result throughout my experiences – some very well targeted, down to the location. For most people, these come across as magical or scary moments, rather than a scientifically calculated or explicitly expected process.
Years ago, there was (and still is) great excitement about the possibilities of big data, and how it would be the one and only solution for the world’s problems. Some people laughed at me as I continued to advocate for the importance of smaller opt-in market research panels. For these people, panels were already a thing of the past: a relic of the days of pen-and-paper diaries and clunky online surveys. But it’s exactly these types of market research panels that Verto operates and uses in our research – of course using modern techniques of passive measurement – and we are dedicated to preserving and protecting the privacy of any consumer that chooses to participate. As a result, our methodology is based on the following consumer-centric principles:
- Explicit consent: Consumers join voluntarily, and complete a very rigorous onboarding process when they join our research panel community. As part of this onboarding, we explain what data we collect, why, and even share practical examples of our research, to make the end-to-end connection easier to understand.
- Benefits and incentives: We provide each of our panelists with direct benefits in return for their participation. These currently include cash payments, and we’ve just introduced an option to make charitable donations on our panelists’ behalf to an organization of their choice. We also offer our panelists access to other insights and opportunities as part of the research we conduct.
- A clear opt-out process: Consumers can opt to leave our panel at any point, and we make the exit process quick and straightforward.
- Direct communication: We are not a big, anonymous data aggregator – we work with our own panel brand, we position ourselves as market researchers, and we speak personally (literally, via emails and phone calls) with panelists – they’re respected members of our panel community, and one that impacts the future of technology and services.
The market research industry needs more consumer-centric ways to collect and process data, to validate market behaviors, and even to bridge different platforms and provide a single, comparable form of data. As a result, Verto believes that building consumer panels based on the principles stated above are the way for us to continue being successful in the market research industry, based on our experience to date. We know that consumer-centric data collection initiatives like ours will be also more critical in the future of programmatic advertising, in the data flows in data management platforms, and in overall industry innovation.
At Verto, we take consumer privacy very seriously, and we’ve gone to great lengths to ensure that our processes ensure the strictest data privacy compliance standards – both now and in the future. Our board and many of our investors have already applauded us for being the first media measurement company in Europe that was born “GDPR compliant,” and we look forward to living up to this mandate and setting an example for our peers. Even our U.S.-based clients have indicated a preference for working with GDPR-compliant vendors and methods, as they believe the U.S. will eventually take similar steps in their own legislation over the coming years. I am proud to be part of the team at Verto, riding on this wave of change in the global technology and media industry.