“Over time that awareness of wrongdoing builds up. You feel compelled to talk about it. The more you talk about the more you’re ignored… until eventually you realize these things need to be determined by the public, not by someone hired by the government.” Edward Snowden, interview for The Guardian, 2013.
Edward Snowden, the system administrator who leaked classified information from the NSA to journalists, risked his freedom, living in exile since U.S. federal prosecutors charged him for espionage. But Snowden’s whistle-blowing highlights the key issue in the debate about consent – the role that the public, rather than brands or individuals, should play in determining how their data is treated.
Brands have become skilled at acquiring customer data, but now must discover the best ways of managing privacy permissions in order to justify collecting, holding, and using it. Impact from the first major public attempts at privacy oversight is being felt, as regulators have begun to establish guidelines for clear communication of intent. In 2011, under the E.U. directive for cookie usage on websites, brands were required to establish visitor consent to store any information on a computer or web-related device. Fast-forward to 2018 and a new European initiative, GDPR, refined that consent to insist that online consent forms be written in jargon-free language, and easy for consumers to find and understand..
Tracking consent is difficult because so many digital channels have created multiple mechanisms for direct communication. There are different ways for brands to directly address a customers, meaning there are countless touchpoints at which a customer might have given (or withheld) consent.
Personal profiles are built from data, and the more data becomes nebulous (not mention voluminous), permissions underlying that data become hard to track. Information experts like Helen Nissenbaum, Professor of Information Science at Cornell Tech, cautions that tracking consent requires insight into information flow. Nissenbaum’s book, Privacy in Context, highlighted the significance of information flow for privacy and ethics, in the face of technological advances and cultural trends.
Here are a few practical ideas that marketers must consider in the context of these concerns:
- Brands need a protocol audit trail (PAT) – an easy to understand framework to identify where data enters into consent decisions. For example, marketers need to track whether the data involve is encrypted, and whether data containing personally identifiable information has been successfully anonymized
- Brands must consistently demonstrate how they administer protocols that relate to consumer digital rights. Brands may need to show that they are good stewards of data. One solution is creating a Human-In-the-Loop process – a machine learning model that requires human interaction –to review how decision making is made when data is ingested
- Brands must be proactive in educating consumers about their rights. This means seeking ongoing discussions with legislative influencers. The New York Times reported that congressional representative Ro Khanna created a list of Internet Bill of Rights, meant to protect consumers from unwarranted data collection and to provide a right to be informed regarding a change of control over data. The list was developed in discussion with leading technologists. Developing a dialog helps brands understand and respond to customer needs.
Marketers should notice how major technology companies are choosing to step up their advocacy for data protection. For example, Microsoft CEO Satya Nardella has said that his company will not over-monetize data at the expense of consumers.
In addition, marketers should assume that consumers and industry awareness will continue to increase in the months and years ahead, led by legislation which specifically addresses consumer rights. For example, there is already the California Consumer Privacy Act (CCPA), signed into law by Governor Jerry Brown this past June. Meanwhile some cyber experts are advocating a U.S. version of GDPR.
By examining information flow within an organization, marketers will stay ahead of consumer privacy concerns. What’s more, such efforts will show their willingness to enter a discussion that certainly belongs in the public square.