Major data breaches are a growing concern for consumers and businesses alike. Events such as the Cambridge Analytica scandal have catapulted the issue from specialist technology press to national front pages, whilst the introduction of regulations like the GDPR – and the consequent raft of messages consumers have received from businesses – have meant that questions over corporate access to, processing and protection of personal data are now at the forefront of public consciousness.
In many ways, this is hugely positive. Individuals are far more empowered than they used to be in terms of understanding what their personal data actually constitutes, and why organisations might need – or want – access to it. Yet in the raging debate about companies’ use of personal data for profit, many people still think there are only two choices: hand over all your personal data, or stop using online services like Facebook or Google Maps completely.
But this puts the burden of responsibility on consumers, who may not have the resources or information available to make the right decision. It is also a rather ‘all or nothing’ model, which assumes that businesses absolutely need to collect reams of personal information, and that customers need to put up with this if they want to access certain products or services.
Instead, companies handling personal data need to take proactive steps to develop better, safer products. And they could find inspiration in an unlikely corner: the soft drinks industry.
Removing the culprit
Concerns linking soft drinks with obesity and other health problems have, rather like corporate data breaches, made the transition from a specialist subject to a mainstream talking-point in recent years. And, as with businesses responsible for processing personal data, soft drinks organisations have been restricted and regulated as a result. Today, the UK is one of the dozens of countries that have slapped a tax on sugary drinks, with the Soft Drinks Industry Levy coming into force in 2018.
Drinks reformulations with reduced levels of sugar have swiftly followed – but in the Netherlands, Coca-Cola has gone one step further. In 2017, the company pulled normal Sprite from the market, replacing it with the no-sugar Sprite Zero. Order a Sprite in Holland, you will be served the sugar and calorie-free version by default. It has become the “regular” Sprite.
According to the soft drinks giant, Sprite had been performing well – but by making the sugar-free product the default choice, it was able to take a proactive step to protect its customers without forcing them to make what could otherwise be a confusing choice.
Taking the same step for data
Let’s turn back, then, to the issue of corporate data breaches.
Just like soft drinks firms assuring their customers that their health matters and that their products can be part of a healthy lifestyle, so organisations processing personal data are facing increasing pressure to assure their customers that their privacy matters, and that their data is only being harnessed for necessary purposes, and protected appropriately. And, just as in the soft drinks industry, legislative and regulatory changes have sought to give such organisations a healthy nudge in the right direction. However, as we have seen, legislation is not a magic bullet. Consider Europe after new data and privacy protections (grouped under GDPR) went into effect in 2018. According to the International Association of Privacy Professionals, almost 100,000 privacy complaints have been filed but only a few have led to meaningful penalties.
Even when there are stricter rules in place, these can still fail to change consumer behavior or address the loopholes that allow companies to conduct business as usual. The ubiquity of data consent forms on websites, or confirmatory emails sent out after a purchase, arguably encourage a click-and-ignore mentality. People just want to make those pesky pop-ups disappear as quickly as possible; they aren’t being empowered to proactively choose a company with a customer-centric, thoughtful approach to data protection.
One argument goes that consumers can actively choose not to use the services of companies that exploit their data, or fail to protect it properly. But, as with sugary drinks, maybe they shouldn’t have to make that choice themselves. Rather, organisations need to be proactive in offering a ‘healthier’ alternative.
What does this look like in practice? Proactive organisations are moving away from heavy reliance on personal data to develop insights and market analysis, and instead looking towards alternative data – that is, data retrieved from non-traditional sources such as satellites, point-of-sale transactions and wearable technology. Crucially, alternative data is anonymised and therefore contains no personally identifiable information, meaning it can be harnessed without concerns over data privacy and regulation.
Alternative data can be collected and analysed incredibly frequently – weekly, daily or even minute-by-minute, depending on the data type. This makes it far more dynamic and potentially richer than traditional sources of data. Combined with other information sources, it can ultimately provide highly intelligent and multifaceted insights, and more dense and precise analysis on anything from customer behaviours to market trends.
In turn, this means that organisations can stop over-collecting personal data from their customers, and genuinely follow through on their promises to value consumer privacy. Just as it has become untenable for soft drinks manufacturers to claim they care about customers’ health whilst selling beverages loaded with unnecessary sugar, so it is becoming ever harder for businesses to claim that they put customers’ data privacy first whilst simultaneously collecting vast swathes of personal information and hoarding it.
As the culture around sugar changed, instead of trying to defend their key sales driver, the soda companies innovated and looked for new opportunities. They reformulated, they introduced smaller packages and they made it easier for consumers to embrace a healthier lifestyle. As a result, Coca-Cola’s revenues have stayed sweet even if their drinks haven’t. Now, as the culture around data changes too, businesses need to take a similar ‘evolve or die’ approach. Just as the zero-sugar version has become the default Sprite in the Netherlands, could a ‘zero-personal data’ model become the norm for other businesses?
Hamza Khan, CEO and Founder, Suburbia