Data privacy: Will the industry emerge stronger following the Facebook fallout?
New regulation will push transparency to be normalized so advertisers must communicate simply and openly about how audience data is used.
Facebook has undergone a tumultuous period of self-examination in 2018 with the departure of the founders of WhatsApp and Instagram just part of a series of crises besetting the tech giant. Facebook’s founder, Mark Zuckerberg appeared in front of European and US legislators three times to defend the company’s policies on privacy amid growing backlash against how it collects data. Four in five Americans now believe the big tech companies should all be regulated, and privacy experts at Amazon, Apple, Google and Twitter when quizzed by US senators dramatically agreed.
Despite the lack of a federal data privacy law, steps are being taken to bolster consumer privacy and data handling with the introduction of the California Consumer Privacy Act, which is due to be implemented from January 2020. Moreover, a paper published by Virginia Senator Mark Warner outlined a blueprint for the regulation of media giants. However, the European directive – the GDPR – seems to have set the bar for gold standard.
Zuckerberg reiterated in August that Facebook will roll out privacy controls demanded by EU regulators to users globally because “good regulation” would increase user trust in how tech giants use their data.
So will the industry emerge stronger following the Facebook fallout?
1. Regulation will fuel industry progress
“I don’t think [the question is] whether or not there should be regulation […] Some sort of regulation is important and inevitable.” – Mark Zuckerberg
Too frequently, advertisers dismiss legislation as superfluous red tape, but Zuckerberg’s discussion with the EU parliament acknowledged its necessity. Take, for example, the problem of data silos; as the number of digital channels has risen, so has the volume of disparate data stores that advertisers are struggling to manage and connect — making it impossible to gain a 360-degree picture of individuals and deliver personalized online experiences. Under laws, such as the GDPR, complying with new consumer rights – such as Subject Access Requests (SARs) – will require fast access to individual-level insight. It is necessary to consolidate data and create easily accessible unified profiles: not just to remain compliant, but to deliver timely, relevant and personalized messaging.
2. Every company has a duty to secure data
“Keeping people safe will always be more important than maximizing profits.”
Speaking to the EU parliament, Zuckerberg highlighted a central priority that is often overlooked: consumer security. Due to a growing focus on returns, many advertisers have forgotten that safeguarding data is more important than chasing revenue; at least it should be if they want to retain trust and loyalty, and stay within the law. This isn’t the first time Zuckerberg has underlined the obligations businesses have to consumers. In a statement posted ahead of the Congress testimony, and reminiscent of Uncle Ben’s “with great power…” speech to Spiderman, he declared: “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.”
All advertisers must accept their duty to secure consumer data in compliance with regulations; it is vital data is kept relevant, up to date, and safely stored for no longer than necessary – also applicable to third-party vendors and partners. Companies must demonstrate measures are in place to prevent breaches: there is no excuse for lack of preparation.
3. Consumers must be given more control
“We’re committed to rolling out the controls, and the affirmative consent […] required in GDPR, we’re doing that around the world.”
Empowering consumers is the primary theme for multiple new laws, from the CONSENT Act — unveiled on Capitol Hill — to the EU’s GDPR. It seems Zuckerberg agrees greater control is good: during the session with Congress, he revealed plans for global adoption of GDPR consent rules, which stipulate businesses must ask for and receive clear permission to use data for set purposes.
This positive stance isn’t unanimous yet, but it’s one the industry would be wise to embrace. According to a 2017 study, just 9 percent of consumers feel in control of online data collection and 80 percent are worried about what information advertisers gather. By allowing individuals to decide how they share data, advertisers can significantly improve consumer confidence and relationships.
4. Accountability doesn’t end at your front door
“We need to take a more proactive view in policing the ecosystem, and making sure that all these members of the ecosystem are using tools in a way that’s good for the community.”
Zuckerberg’s testimony at Congress placed emphasis on joint accountability. If recent events have taught advertisers anything, it’s that even responsible companies can fall into hot water if external vendors mishandle data. The GDPR places the onus on businesses to verify that third-party data processing is compliant. By making these checks a legal requirement, the regulation enforces action to maximize data security.
Cleaning up the industry requires a unified effort, which includes monitoring how data is used, even after it’s passed on to somebody else.
5. Protecting data privacy
“Long privacy policies are very confusing. And if you make it long and spell out all the detail, then you’re probably going to reduce the percent of people who read it and make it accessible to them.”
It is important to note Zuckerberg’s admission that creating privacy policies consumers will understand and read can be difficult. So far, it’s been assumed that information about data implementation will cause consumers to switch off. But the GDPR is having a profound impact: data privacy is no longer something that can be ignored and consumers are actively interested in data usage.
Moving forward, advertisers must communicate simply and openly with their audiences about how, why, where and when data is used. In short, transparency will be normalized — which is, of course, a positive development. In an industry where multiple isolated systems and complex data processes often cause misunderstanding, putting a spotlight on data privacy is just the ticket to win audience trust and keep personalization rolling.