The New Rules of Data Privacy

“For most of its existence, the data economy was structured around a “digital curtain” designed to obscure the industry’s practices from lawmakers and the public. Data was considered company property and a proprietary secret, even though the data originated from customers’ private behavior. That curtain has since been lifted and a convergence of consumer, government, and market forces are now giving users more control over the data they generate. Instead of serving as a resource that can be freely harvested, countries in every region of the world have begun to treat personal data as an asset owned by individuals and held in trust by firms. [..]

Giving individuals more control has the potential to curtail the sector’s worst excesses while generating a new wave of customer-driven innovation, as customers begin to express what sort of personalization and opportunity they want their data to enable. And while Adtech firms in particular will be hardest hit, any firm with substantial troves of customer data will have to make sweeping changes to its practices, particularly large firms such as financial institutions, healthcare firms, utilities, and major manufacturers and retailers. [..]

While consumers still seek the conveniences and benefits that flow from their data, they will be the ones to set the terms over what data they share and who they share it with. People want that protection, governments have their backs, and technology firms are already falling in line, with competition over data privacy now impacting financial bottom lines. [..]

Based on our experience, up to 90 percent of current IT budgets are spent simply trying to manage internal complexities, with precious little money actually spent on data innovation that improves either productivity or the customer experience. [..]

Our new rules of the data economy are fairly straightforward, all of them derived from the basic principle that personal data is an asset held by the people who generate it. But each rule entails the breaking of entrenched habits, routines and networks.

Rule 1: Trust over transactions.

This first rule is all about consent. Until now, companies have been gathering as much data as possible on their current and prospective customers’ preferences, habits, and identities, transaction by transaction — often without customers understanding what is happening. But with the shift towards customer control, data collected with meaningful consent will soon be the most valuable data of all, because that’s the only data companies will be permitted to act upon. [..]

Rule 2: Insight over identity.

Firms need to re-think not only how they acquire data from their customers but from each other as well. Currently, companies routinely transfer large amounts of personal identifiable information (PII) through a complex web of data agreements, compromising both privacy and security. But today’s technology — particularly federated learning and trust networks — makes it possible to acquire insight from data without acquiring or transferring the data itself. The co-design of algorithms and data can facilitate the process of insight extraction by structuring each to better meet the needs of the other. As a result, rather than moving data around, the algorithms exchange non-identifying statistics instead.

For instance, many of Google’s apps, such as the Swipe typing facility, improve phone performance by analyzing customer data directly on their mobile phones in order to extract performance statistics, and then use those statistics to return performance updates to the phone while safely leaving the PII on the customers’ phone. Another firm, Dspark, uses a similar solution for extracting insights from highly-valued but deeply-sensitive personal mobility data. DSpark cleans, aggregates and anonymizes over one billion mobility data points every day. It then turns that data into insights on everything from demographics to shopping, which it markets to other companies — all while never selling or transferring the data itself.

Rule 3: Flows over silos.

This last rule flows from the first two, and doubles as a new organizing principle for internal data teams. Once all your customer data has meaningful consent and you are acquiring insight without transferring data, CIOs and CDOs no longer need to work in silos, with one trying to keep data locked up while the other is trying to break it out. Instead, CIOs and CDOs can work together to facilitate the flow of insights, with a common objective of acquiring maximum insight from consented data for the customer’s benefit.

For instance, a bank’s mortgage unit can secure a customer’s consent to help the customer move into their new house by sharing the new address with service providers such as moving companies, utilities, and internet providers. The bank can then act as a middleman to secure personalized offers and services for customers, while also notifying providers of address changes and move-in dates. The end result is a data ecosystem that is trustworthy, secure, and under customer control. It adds value for customers by relieving them of a burdensome checklist of moving chores, and by delivering a customer experience that’s less about mortgage rates and more about welcoming them into their new home.”

Full article, H Rahnama and A Pentland. Harvard Business Review, 2022.2.25.