Facebook’s spectacular exposure of at least 87 million people’s personal data to Cambridge Analytica is just one drip in a deluge of data breaches and abuses of consumer trust and privacy.
At the same time, it’s no secret that access to personal data is the backbone of many business models in the mobile economy, especially marketers that live on it to perform sophisticated personalisation for example. Unsurpisingly consumers are becoming increasingly aware of their data, they want privacy, they want transparency, they want a better value-exchange.
We asked mobile players how the industry should respond to the Facebook debacle, how GDPR will affect their business and whether or not consumers understand its implications. Here’s what they said…
Yaron Morgenstern, CEO at Glassbox
As we share more data in the future, boundaries and ethics need to be clearly defined in order to build trust between brands and their customers. Companies need to assure customers that their data is respected and properly protected.
The recent privacy scandal is a timely reminder of the aims of the upcoming GDPR. The regulation provides legal protection and a ‘code of conduct’ for organisations to follow. First and foremost, companies should not think they own customer data. Customers loan their data for a certain purpose until that loan time ends – and the customer enforces the right to be forgotten.
If mobile businesses could find a way of informing me what is actually happening to my data, it would be a key differentiator that I would pay for. For example, somewhere in the thousands of paragraphs of T&Cs I accidentally allowed Facebook to skim location from a photo, but I don’t actually want them to.
GDPR mandates new levels of user control but I don’t think it will make a real difference until I can tick ‘yes’ to each use case for my data. My optimism for GDPR is that its core principle requires organisations to minimise processing, so with focus on this principle I hope the regulators succeed.
I believe that consumers are still inherently unaware of what data is being skimmed from their devices through apps. As consciousness increases so will the demand to reduce it. In a way GDPR is as much ahead of its time as it is too late, depending on your point of view.
Rob Clyde, Vice-Chair, ISACA
Within the mobile industry, as with other sectors that have been shaken in recent weeks, there is a lot of thought about two main things. The first thing people are asking is “What risks are my own organisation exposed to?” The second, “How can we minimise any future risks related to the use of data?”
Ultimately, an enterprise’s use of data boils down to a cultural point – are you in the type of organisation that will tolerate work that unfairly or unethically ignores people’s data privacy expectations (hopefully, no)? If so, such an attitude is an existential threat to your organization.
Research has shown consumers do, in fact, care about the data privacy stance of the brands they use. The mobile industry arguably has the most visible daily touch points with consumers, many of which generate sensitive data. How to treat the privacy of that data is a question that should be taking priority at the board tables – not just another “to-do” on a compliance officer’s list.
Digital identity is no longer a nice-to-have, but a need-to-have. We are glad to see that Facebook and Twitter are addressing the issues of trust and credibility this week by endorsing the Honest Ads Act to bring more transparency to social networks, but both companies have been around for over a decade, which prompts us to ask, is it almost too late?
Companies that make identity the cornerstone for how they operate and engage with their customers in the digital channel are the ones that will thrive, not just survive.
Graham Williams, CEO, Cloudbanter
Although tighter regulation and legislation have a role to play, giving mobile users greater control over what type of adverts they wish to see as well as the power to monetize their data will increase trust and co-operation between consumers, advertisers and the mobile industry.
There is, after all, a tangible benefit to mobile users when their data is used in the right way, for example, being alerted to offers or discounts from their favourite brands or location-based mobile ads which deliver real-time promotional content.
When it comes to data there are three main points to consider – transparency, choice and control. Specifically in mobile, there is a mismatch between consumers’ expectations and reality when it comes to choice. Most business processing is legitimate business activity, legal obligation or necessary to deliver the service on offer, which means that individuals are often misled into thinking they have to consent to everything when, in reality, the sharing of that data is a necessary requirement.
Organisations need to be clearer about what choices customers really have, and not pretend consumers are agreeing to something when there is ultimately no choice. When choice does come into the equation, a customer’s options should be easy to exercise.
CIO’s have a responsibility to consider whether the company is treating people fairly and not misleading consumers. Organisations must also make sure they make the value exchange clear so that people understand the trade-offs and are happy with them. Many people are willing to give up data for economic gain or convenience, but aren’t always aware of what the impact of that might mean.