The key to data privacy: Giving consumers control
Here is how we can achieve a perfect day in data privacy.
By Aubrey Turner, Executive Advisor, Ping Identity
Businesses’ appetite for gathering (and monetizing) personal data is increasingly at odds with consumers’ growing concerns about how that data is used. More than three-quarters of consumers now feel they will never be fully in control of their personal data online, and still blindly accept the fine print terms and conditions that allow businesses to profit from their data.
Data Privacy Day is an opportune time to renew the debate about reshaping data privacy laws that put consumers’ needs first. Americans would benefit greatly from a national consumer bill of rights of sorts, with protections similar to the European Union’s GDPR privacy laws, rather than the menagerie of state- and sector-specific laws that comprise U.S. data privacy regulations today. Unfortunately, too many U.S. businesses don’t fully reveal how customer data is being used, often exploiting gaps in existing regulations and public awareness.
If businesses want to earn consumer trust long-term, they need to make data privacy a consumer-first matter. With every daily digital interaction, there is a new opportunity to not only keep customers happy, respected and protected but help the business stay ahead of the competition by providing a digital experience that is both seamless and secure.
But what would a consumer data privacy bill of rights look like in the real world? How would their digital life unfold if businesses implemented privacy measures that consumers want?
First, consumers would clearly be able to see when their data is being collected and shared by a business when they interact. They can retrieve their personal data from every business, and easily revoke or set personal preferences for how it is used. No personal data is sold or shared between other entities without notifying consumers and gaining their consent.
On the businesses’ side, they will no longer voraciously collect every piece of personal data from a user, only to figure out how to monetize it later. Instead, they collect the bare minimum, provide consent and data management controls on the fly, and dispose of any collected data that is not used within a limited time period.
Adopting progressive profiling is one-way businesses can make this transition. Progressive profiling is a consumer-friendly, privacy-compliant way to collect personal day. It limits what data is collected about the consumer by gathering smaller amounts of information incrementally instead of all at once. Rather than inundate new users with questions and sign-up forms, businesses that adopt progressive profiling collect personal data gradually over time as a customer uses their product or service. It minimizes friction while delivering a happier customer experience. Businesses can also incentivize consumers to share more information as the relationship, and trust, between customer and brand grows.
Next, consumers will no longer feel like their smart speakers, smart TV, wearables and other digital devices with listening and monitoring capabilities are spying on them. Consumers will no longer experience the intrusive pop-up ads and emails for products or services that they just casually mentioned in conversation.
Consumers won’t receive any unsolicited emails and texts either. When making a one-time purchase from a business that they may never engage with again, they won’t receive any emails or texts from the business attempting to lure them back by offering deals and discounts.
On social media, consumers will now know what information about them is shared to tailor targeted ads and provide easy ways for them to update that information whenever they want. And when visiting websites for the first time, consumers aren’t forced to respond to any website requests for cookies. At the very least, when presented with a cookie banner, consumers can simply click a “reject all” button rather than having to check/uncheck a long list of preferences.
Data privacy policies will also be easy to understand. When businesses disclose their policies on the website, consumers no longer have to deal with terms of service agreements that are so complex that individuals simply give up and “accept all” without truly understanding the agreement.
Consumers can also do a quick review at any time via a credentialed, digital wallet to see which businesses have access to their data. The digital wallet can identify which businesses no longer serve the consumer and easily revoke access.
While the GDPR model may not fit perfectly within the U.S. system, we need some kind of comprehensive federal privacy law. A consumer data privacy bill of rights can free consumers from that helplessness they feel each time they are required to provide information to businesses, or when data is passively collected without transparency, fearful of how that data may be exploited.
Instead, businesses should realize that, as consumers become more aware of their data autonomy, enhanced data privacy can create a business advantage. If businesses want to earn consumer trust long-term, they need to make data privacy a matter of trust and choice. With every digital interaction, they gain a new opportunity not only to keep customers informed, empowered, and protected but also to help the business stay ahead of the competition.