Skip to main content

Personal privacy and security: Why I’m thankful for the GDPR

(Image credit: Image source: Shutterstock/Wright Studio)

I want you to read this, not as an employee who is trying to find out more information for your business about the EU’s General Data Protection Regulation (GDPR), but rather as yourself, an individual; all ‘corporate agenda’ aside.

Is your ‘business hat’ off? Good, then read on:

Personal privacy and security. These are, without doubt, the two most salient reasons why I, and you, should be/am thankful a legislation like the GDPR has been brought into law across Europe and the United Kingdom.

The advancements in data gathering and tracking over the last 10 to 20 years have given businesses like Google and Facebook unprecedented access to our deepest, most personal details. In fact, not only have the last 20 years seen companies get to know us better than we know ourselves, they have also managed to capitalise on our inner most thoughts and turn them into commodities. 

As The Economist reported last year, data is this century’s oil, i.e. the most valuable resource businesses have to make money from. And who could blame them? Technology and the digital economy are what make today’s world go round. We, as both consumers and businesses, love it. 

From a consumer’s perspective, the digital economy has opened up a world of ‘free’ services that gives people access to unlimited amounts of information, entertainment and communication, and from a business’ perspective, we are able to engage and delight customers in ways that were previously unimaginable, imbuing our final product (whatever service or good that may be) with layer upon layer of added value. Customer retention? No problem; customer lifecycle management? Too easy; bespoke solutions? Our standard approach. All of these things are great, if we’re honest about how we’re using them. 

Personal space

It’s tricky, businesses have increasingly started feeling less like businesses. Facebook doesn’t feel like a product, it more resembles a digital playground where individuals chat, argue, comment, ‘like’, or emoji one another. It’s our personal album, our public journal. However one uses Facebook it’s up to the individual to make the most of it, and because one is made to feel like one is in control, the product feels like it’s yours. You made your Facebook, not Mark, it isn’t something that’s ‘out-there’ on the internet, it’s something that’s in here: an extension of you, you trust it, and the more love you give it the more love it gives back.

This Tamagotchiesque relationship has spread itself across almost all businesses and product categories thanks to the triumvirate of data collection, artificial intelligence (AI) and the Internet of Thing (IoT). From now on, anything and everything, from your fridge to your toaster, your car and your air conditioner has the ability to connect to the internet, collect data on your usage and feed that data back to various sophisticated algorithms that use machine learning to enhance your experience of that product; or collect enough meaningful data to provide companies with insights on what other products or services you might want or need. This digital data feedback loop is often referred to as the ‘data-network effect’: the more you use a product or service, the more data that can be collected, the more data that’s collect, the better or ‘smarter’ that service or product becomes, the better a service or product becomes, the more you use it.

From a marketer’s perspective (full disclosure: I am a marketer) this data-network effect is a dream come true. Not only is one able to drill down into customer analytics like never before, but the job of being a marketer has become easier, more precise. There’s no more guessing, hoping, tirelessly trying to put one’s self in the shoes of the customer, worried that one’s latest offering, advert, message or product isn’t the right one for them, the all-powerful customer. With the power of data, customers essentially make their own products, and it is here where the lines begin to blur.

I’ll tell you what I want, what I really, really want

No two people are alike, and it seems we are now entering a world where no two products are alike either. Hyper-personalisation is the new kid on the block and if a product doesn’t walk, talk, look and think like we do then it has no chance of getting our attention.

In it of itself, personalisation isn’t a bad thing. Having products and services that bring us joy, make us productive and understand exactly what it is we want out of them is wonderful. In fact, these qualities almost describe the ideal relationship. However, just like real relationships – you know? The ones between human beings – what we want or what we need isn’t always what we choose or – more often than not – what’s actually good for us. Just as a partner or friend can use their intimate experience and knowledge of us to manipulate us into staying in a toxic relationship, so too can a company use our most personal data to manipulate us into using unnecessary, harmful and distracting products. Of such concern is this technological hijacking of the mind, that new companies are being developed with the specific goal of curbing the abuse of data and technology, and making digital spaces, services and products more open, transparent and ultimately more useful and controllable. Time Well Spent, is one such company that comes to mind. Founded by Tristan Harris, former Design Ethicist at Google, their mission is as follows:

“There’s an invisible problem that’s affecting all of society. Facebook, Twitter, Instagram, Google have produced amazing products that have benefited the world enormously. But these companies are also caught in a zero-sum race for our finite attention, which they need to make money. Constantly forced to outperform their competitors, they must use increasingly persuasive techniques to keep us glued. They point AI-driven news feeds, content, and notifications at our minds, continually learning how to hook us more deeply – from our own behaviour.”

It’s a small world

As great as it feels having every product and service meet every one of our idiosyncrasies, it’s also quite limiting. The strategic use of our data in making products and services we love ultimately ends up creating a utility bubble where discovery and discomfort are strictly out of bounds. Yet, discovery and discomfort are integral to our development and learning as individuals and social actors, i.e. citizens.

Think for a moment of the black hole of lost time social media has become (as the above statement from Time Well Spends highlights). In order to keep you coming back for more, Facebook – the one Mark Zuckerberg invented, not you – serves content, be that comments, ‘likes’, news (fake and real), that further entrenches users in their own biases and worldviews. By intelligently aggregating all of your previous comments, likes, posts and any other activity on the site – in collaboration with AI – Facebook is able to serve you content it knows will keep you on their site longer. If getting angry at the liberal deep-state machine or the Milo Yiannopoulos alt-right is what keeps you there for just a minute longer, then that’s what you’ll be shown; if kittens and adorable babies are more your thing, do not fear, there’s plenty for you here.

One could be forgiven for writing this off as an inherent vice of social media, and to some extent one would be right; people’s understanding and usage of these networking channels is still in its infancy and our better angels have yet to kick in and save us from all the online bullying and addict-like behaviour that goes on. However, the new wave of ‘connected devices’, i.e. the toasters and fridges I was referring to earlier, have changed this proposition significantly. Soon, much sooner than most of us might expect, consumers will be leaving digital footprints wherever they go: mobile devices have let loose the Internet. One only needs to look at the innovative (read sneaky) ways in which retailers use customers’ web and mobile phone data to perfectly tailor offers, ads, and to a great extent manipulate their purchasing behaviour to see how the social media principle of ‘grabbing attention at all cost’ can be mapped onto the physical world. From keeping you hooked on their websites to keeping you inside their stores, retailers use a variety of tools – fine-tuned from the data they collect on you – to keep your dwell time long and your likelihood of purchasing high. Something like in-store geo-tracking, i.e. using your phone to track your movements inside a department store in order to see where you spend the most time, and even push notifications, such as offers or exclusive deals to encourage you to purchase that which you’ve been standing in front of, hesitantly, for the past fifteen minutes, is a perfect example of this. The better technology and digital platforms integrate with our day-to-day life, the easier it will be for businesses to replicate the Facebook model across all industries.

Can I get a G.D.P.R? 

Hopefully by now it’s become obvious why a legislation like the GDPR is needed. To think that it’s not is to defend the right of businesses to use mine and yours’ detailed personal data in opportunistic and opaque ways. There is nothing anti-business or anti-marketing in the GDPR, in fact, it should – as has been pointed out by others – be seen as an opportunity for businesses to clean up their data and build more honest, less coercive relationships with their customers. By all means, track their movements and give them bespoke offerings, but be transparent with your customers and let them know you’re doing what you’re doing because you’ve based it on their behaviour and you know it will work on them.

And finally, the in-built security requirements in the GDPR, i.e. ‘data protection by design,’ are incredibly important when one considers the vast amounts of information businesses have on consumers and the increasing number of cyber-security attacks we have seen in recent years (Equifax, NHS, Yahoo, TalkTalk, and many more). If the fear of a €20 million (£17.8m) fine means patches are up today, firewalls are in place and businesses are encrypting their data in transit and at rest then I say fair game, old sport, fair game.

Yes, all of us on here are business people, but we’re also just people people, consumers. Achieving GDPR compliance won’t be easy and there is still much that is not known in terms of how it will impact the way businesses operate post May 2018: we have to prepare for the worst. However, we owe it to ourselves and each other as individuals to uphold and properly implement a legislation that’s ultimate aim is to protect our personal security and privacy. That’s why I’m thankful for the GDPR.

Camilo Lascano Tribin, Marketing Communications & Content Manager, Advantage (opens in new tab)
Image source: Shutterstock/Wright Studio

Camilo Lascano Tribin is Marketing Communications & Content Manager at Advantage, a Microsoft Gold Partner based in London. Camilo writes on various IT and SME topics, including cyber security, ERP/CRM software and government regulations affecting small-to-medium sized business in the U.K.