Expert Roundup: How Will Privacy Define the Near Term? Part II
As Covid-19 took over the collective mindset of the past year, several previously prominent topics shifted to the back burner. But now that there’s a light at the end of the pandemic tunnel, those previously resonant topics are re-emerging.
At the top of that list is privacy. 2019 and pre-pandemic 2020 were rocked by the tidal wave of privacy reform around digital advertising and data collection. And now that privacy is roaring back (though it never really went away), we’ve devoted March’s editorial theme to the topic.
As part of that thematic coverage, we’re back once again with a roundup of expert voices. What are practitioners and innovators in our community doing and saying about privacy?
Continuing from Part I last week, here are the rest of the insights we were able to gather from the community.
Amy Yeung, Chief Privacy Officer, Lotame, on data minimization and enrichment
As an industry, we’ve made great strides in advocating and educating about the importance of data privacy. New laws — like Virginia’s recently passed legislation — make good-intentioned and important attempts to protect consumers. But, in my view, we’re focused on the wrong things.
I am concerned that treating all privacy principles as equal — and equal in our business and data privacy analysis — means that we tie ourselves up into pretzels over process questions, without fully taking into consideration the substantive value of some of the answers. Take into consideration an extreme example: If a company isn’t ingesting data, there are minimal data privacy concerns, and consequently, no risk. We all recognize this is not a practical approach for brands and publishers who recognize the need to collect some data about their customers. But the decision is not binary — all or nothing — and the value of data minimization and its subsequent benefits downstream become diluted in the conversation of current and impending regulatory pressures. We need to reweigh the principles of data privacy and recognize that data minimization should be the most important priority when it comes to data protection and privacy.
The corollary of data enrichment sees similar values. When there is less data to connect, it is more difficult to attain a high level of enrichment. Certain key values such as names, phone numbers, and addresses will reopen the analysis. But pseudonymized and aggregated data can generally only be recombined and enriched in limited ways, and those are positive limiting factors that should be incorporated into the overall analysis of risk, despite the use of the word “enrichment.”
As is evident, an architected system (privacy by design) can provide some very real value to reviewing and reducing risk across the system. But certain tenets of the privacy principles, namely data minimization, can have a significant impact to the overall treatment of the data altogether. Focusing on this value proposition is what can help improve discernible value for our businesses and truly create trust with our consumers.
Neil Sweeney, Founder, Killi, on the consumer-first data-privacy future
Already Apple has begun limiting application tracking and will roll this out in its latest update, version 14.5. This update will prompt consumers to allow ‘App Name” to track / not track them on other applications in much the same way applications today ask whether they can collect location data. The fear around this change is real. All companies who rely on the mobile ID (and location) to run their businesses will be under pressure to find an alternative. Estimates range from 20-40% of users opting in to sharing their ID, but the exact percentage is irrelevant; the trend is more important. Tracking in mobile and location will be nearly impossible in the future, especially when considering the very quiet announcement from Google that as of March 29th, ALL applications in the Android Play store will have to remove background location unless required (meaning approved).
The takeaway: The days of passive location collection are over starting April 1.
The more significant adjustment for the market will be when Android eliminates its mobile identifier. Wait, what? The trend in the data space has been that Apple leads, and Google then follows. Apple reduces location, now Google. Apple removed the mobile identifier, now Google? It is already happening. Google decided to eliminate third-party cookies to make the
Google walled garden stronger and the open web less so. Why wouldn’t Google double down and eliminate the use of the Android ID outside of the Google ecosystem using the guise of consumer privacy as the rationale? Google doesn’t need the Android ID to run their business since everyone is already logged into their system. By turning off the Android ID, Google will slowly turn off the oxygen that everyone uses for marketing and tracking, forcing more brands to work with Google directly.
The industry can complain and stomp their feet that it’s not fair, but a good look in everyone’s mirror is also warranted. Everyone in the data, adtech, and martech ecosystem is responsible for the data mess we are all dealing with today. This mess started when we betrayed the consumer by collecting and selling their data unbeknownst to them, turning them into a human CDO that would make those in “The Big Short” blush. The problems in data today all come from the consumer’s disintermediation from what is rightfully theirs, their data. This industry owns this whether they want to admit to it or not. Privacy, consent, fidelity, transparency, fraud — all challenges in the market — would be eliminated if the industry started at the consumer and stayed there vs. implementing the rash of proprietary ID solutions today.
What’s the future?
- Expect the walled gardens to continue to roll up their drawbridges and cut off access to data
- The future of data is not a cookieless solution, a Universal ID, or a walled garden
- The future of data is the consumer
- The Constitution of the United States of America clearly states: nor shall private property be taken for public use without just compensation
- Data is the property of the consumer
- This is the trend the market needs to prepare for; the rest is just noise
Sav Khetan, VP of Product at Tealium, on the four constituents of data privacy
2020 was one of the most unexpected years in every aspect, largely due to the COVID-19 pandemic. As a result, regulators and lawmakers were not able to move on enforcement and execution of their data privacy goals.
However, they were not sitting idle, as 2020 was the year of new laws. There were a record number of laws introduced in 2020 both in the United States and the rest of the world. With 2021 starting off in a new tone under different leadership, this is looking like the year in which lawmakers and regulators will start to act on some of the goals of their
laws. Let’s look at the trends for 2021 from the four main constituents in the data privacy landscape.
● Regulators and lawmakers. The “GDPR” effect can be seen across the world with many countries stepping forward with their version of data protection and showing how their consumers’ rights are important to them. With major markets like Brazil, China, and India declaring that they will be implementing these regulations, smaller countries will have an incentive to follow suit and create a framework to emulate these regulations. Balancing national security and desired state access against the privacy of their citizens will be the primary items that the various bodies will need to balance in 2021. Additionally, the US will have to figure out data privacy at the federal and state level since many states are close to enacting and enforcing their own policies. This may become a huge mess for the administration as well as the constituents.
● Enterprises and corporate entities. For large and multinational companies, the kaleidoscope of privacy regulations across the globe is going to get more confusing. While the implementation of these policies will potentially become harder at the regional level due to the threat of fines, companies won’t be able to ignore and take this casually. A growing trend is for multinational corporations to implement the strictest rule (GDPR) across the board and keep themselves compliant and ready for whatever is coming. This trend is different across regions. Companies based in the U.S. are trying to leverage CCPA to collect more data whereas companies in Asia Pacific are defaulting to GDPR to leverage data sharing with the EU. As a result, the investment in privacy experts, tools, consultants, and practices will increase dramatically in 2021. This is already showing up in terms of large investments and valuations for privacy-focused companies and the continued growth of privacy specialists around the world. Right now, demand outweighs supply significantly.
● Technology and Data Vendors. Technology plays a critical part in implementing and enforcing data privacy across the board. The speed and rate of change of new tools, technologies, and solutions will only increase in 2021. From highly specialized tools focused on privacy (CMPs) to integrated privacy features in tech and data platforms, to reporting and auditing suites built to monitor privacy implementation, there will continue to be innovation, disruption, and evolution in this space. It can be both exciting and overwhelming because technology is trying to guess where the regulations are headed. However, with each lawsuit and fine, regulations get updated and some of these updates — such as data-sharing — have huge implications for data infrastructure. Data anonymization will see a big resurgence, changing how companies think of storing and leveraging their data.
● End users / citizens. One of the biggest constituents in this conversation is the end user or consumers. Depending on their location, consumers are heavily impacted by these changes. In the EU, citizens are already experiencing “consent fatigue” from the non-stop interruptions from consent managers to consume simple things such as news articles. This will drive behaviors that will force both tech companies and brands to rethink their implementations. In addition, with each lawsuit and high-profile decision, the use of “right to forget” and “right to erasure” will start to increase, having a significant impact on companies’ data strategies and data stores. If a large percentage of a company’s users request data deletion, the company could lose valuable data. As more markets start enforcing data privacy, citizens will gain more awareness and more tools to exercise their power.