Why Brands Must Do More to Protect Consumers' Personal Information
Consumers still need stronger protection against ‘surveillance capitalism’, the Ethical Tech Project writes in AdAge
Note: This editorial previously appeared in the May edition of AdAge
For some years now, we've been predicting a tipping point in consumer awareness that would motivate brands to adopt responsible data practices.
We have long understood that consumers deeply value their privacy. However, there was a nagging question about their seeming apathy toward the current state of data privacy—a feeling helplessness over how their data is used and even abused.
As we delved deeper, we realized that this apathy didn't mean a lack of concern; rather, it reflected the overwhelming burden placed on consumers to manage and protect their own data and hold brands accountable for data practices.
Consider the EU’s General Data Protection Regulation (GDPR), a landmark in data privacy and the dawn of a new era where consumer rights are respected, and businesses are committed to transparency. Five years on, it's clear that one of its central tenets—opt-in consent—does not equate to “informed” consent for consumers. How many people are willing to sift through pages of data agreements before consenting to how their data is manipulated? This approach is simply not right for most people.
Some argue that interest in data privacy varies by population segment—a tech-savvy, ad-blocking user might care, but not online shoppers or avid users of social media apps. Or that Gen-Zers and millennials care more than boomers. There is some truth to those statements, but not with the framing.
Everyone cares about data privacy—but care more or less depends on the type of data in question. Consumers might not mind sharing location data if they believe the value exchange is worth it, while others may recoil at how behavioral data is used to generate hyper-personalized ads.
Each consumer’s threshold is unique. Are you comfortable with your location data, behavioral patterns and purchasing behaviors being accessed? How about the way you drive, where you go and how you brake and accelerate?
Is car data the tipping point?
The New York Times recently highlighted how some car manufacturers are collecting and sharing driving data, including details of every trip, speed, acceleration and braking information. This data is sold to data brokers and has been used by auto insurers to, among other things, increase policy premiums. The crux of the issue is the lack of transparency about data-sharing practices. Drivers were in the dark about driving behavior being monitored. Some manufacturers such as General Motors which was called out in the article, had not sufficiently informed drivers about how their data was being used.
Within weeks of the Times article, GM stopped sharing data with the two data brokers involved in creating insurance risk profiles. The rapidity with which GM addressed its data-sharing practices was noteworthy—practically instantaneous.
Consumers are growing increasingly aware of how their data is used and surprised at the pervasiveness. And it’s not just auto data.
Take the backlash against Amazon subsidiary, Ring, and its smart doorbells. The discovery that Ring was sharing user video footage with police without explicit user consent was tinder for increased transparency and user control over their data. Ring responded by changing its policies on data sharing with law enforcement.
Regulatory enforcement continues to highlight egregious cases and is a catalyst for further awareness of data privacy issues among individuals. The rhetoric among regulators in the U.S. is that advertising is “surveillance capitalism,” and at times it certainly feels like it.
As part of a crackdown on mass data collectors, The Federal Trade Commission last month issued a warning to businesses in the data trade: “Browsing and location data are sensitive. Full stop.” The FTC’s broadened definition of sensitive information is aimed at curbing the widespread and intrusive practices taking hold in the martech and ad tech ecosystems.
The new standard
In the digital age, we've somewhat resigned ourselves to the idea that our data is collected and shared as part of how the internet works. We trade bits of our data for the benefits of custom experiences, attractive discounts and personalized content. But at a certain point, we need to draw a line. Maybe it’s automotive data, maybe it’s health or other personal data. Will revelations about surveillance, such as those reported in the New York Times regarding automotive data, spark a collective realization that we've reached our limit?
The question on everyone's mind should be: Is nothing sacred anymore? In a world where individuals have varying thresholds for when they care about data privacy, there is only one option: choice. Data dignity demands that brands provide people with transparency on their data practices, and choice and control over how that data is used.
In the words of Steve Jobs in 2010, “Privacy means people know what they're signing up for, in plain English and repeatedly. People are smart and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you're going to do with their data.”
What We’re Reading on Ethical Tech This Week
Every week, we round up the latest in Ethical Tech. Subscribe now and also get our monthly digest, the Ethical Tech News Roundup!
Statescoop - One governor’s veto won’t stop the momentum on data rights for all
Governor Phil Scott’s veto of a key privacy bill in Vermont stands out because it challenges the growing movement towards stronger state-level data protection laws.
SCMagazine - Vermont data privacy legislation rejected by governor
What does Vermont’s surprising veto mean for the future of data privacy protections across the country?
Forbes - Four Ways Data Privacy Laws Are Reshaping Business Practices
How are new data privacy laws transforming the way businesses handle your personal information?
The Record - FTC files complaint against TikTok for alleged data privacy practices
The FTC’s complaint against TikTok is a striking development that underscores growing concerns over how social media giants manage and protect user data.
Forbes - GDPR violation and trends
Rising GDPR fines and violations reveal a compelling trend where companies are being forced to drastically rethink their data protection and compliance strategies.
Lexology - American privacy rights act on the move with significant amendments
How are global data privacy regulations changing the way companies protect your personal information?
The Record - Privacy authorities in Canada and UK announce joint probe of 23andMe data breach
The 23andMe data breach, now under investigation in Canada and the UK, highlights critical vulnerabilities in the protection of sensitive genetic information.
Bloomberg - Hackers Auction Off Stolen LendingTree Consumers’ Data
Hackers are selling data about consumers of the LendingTree subsidiary QuoteWizard after the company detected unauthorized access on a cloud database hosted by Snowflake, but the size and scope of the leak is still being investigated.
The Hacker News - Meta Pauses AI Training on EU User Data Amid Privacy Concerns
Meta’s decision to halt AI training using EU user data underscores the growing impact of stringent global data privacy regulations on tech giants’ operations.
The Verge - Meta suspends halts AI training amid privacy concerns
Meta’s new AI assistant is facing privacy objections in Europe, highlighting the ongoing tension between innovation and stringent data protection laws.
The Guardian - ‘Alarm bells should be going off’ as mental health counselling app expands into Australia, critics say
What does the possible investigation into BetterHelp say about the difficulties of safeguarding your personal data in online therapy?
Silicon Angles - Adancing Data Governance in Financial Services
AWS’s innovative approach to data governance in the financial services sector promises to significantly enhance the security and management of sensitive financial data, potentially setting new industry standards.
Conversations in Ethical Tech
In this episode, JJ and Maritza explore the concept of dark patterns, meaning deceptive design practices that manipulate users into taking actions they didn't intend to.
How does the choice architecture of the tech products you use impact your personal privacy and data protection?
How can good product design and business outcomes be balanced against avoiding deceptive practices?
Learn a few common-sense suggestions that you can take as a developer, leader, or consumer, including providing feedback to companies, filing complaints with regulatory bodies, and raising awareness about dark patterns.