Join today’s leading executives online at the Data Summit on March 9th. Register here.
This article was contributed by Daniel Barber, CEO and cofounder of DataGrail.
After years of consumers happily surfing the web and using apps with reckless abandon, data privacy became a “thing” in 2021. Thanks in part to Apple’s efforts to provide consumers with greater knowledge about and a greater say in how their data is used, people got a wake-up call when their favorite apps and websites started asking them to agree to cookies or to make their privacy preferences known — a reminder that companies track their online behaviors.
But it wasn’t just consumers who were forced to think about data privacy. Many companies had to reconsider (or consider for the first time) their data privacy practices. Some even had to pay up on account of their practices — like TikTok’s $92 million settlement of a class action lawsuit brought by users alleging misuse of data, or Amazon’s record $886.6 million fine from the EU for GDPR violations.
In short, data privacy became a topic of concern for consumers and businesses alike. So, what will 2022 hold? A truly transformative year is on the horizon.
As consumers gain data privacy awareness, they’ll take action
As consumers become more educated on their data privacy rights, more will become interested in learning exactly what kinds of information companies keep on them and how their data is handled. In just the first year of California’s CCPA, B2C companies received approximately 137 data subject access requests (DSARs) per million identities. At that time, California was the only state with a privacy law on the books. Virginia and Colorado added laws this year, and more states are trying to push privacy legislation forward. This will translate to an exponential increase in DSARs and do not sell requests (DNS) in the future as consumers learn about data privacy and feel empowered to dictate how their information is handled.
Because companies do not yet have the systems in place to untangle the mess of personal data residing across their many, many systems and applications, consumers are likely to have really frustrating experiences trying to learn about how their information is being used. In some cases, they won’t be able to find out all of the data being collected — or, on the opposite end of the spectrum, they may be startled by just how much companies know about them when their inquiries are fulfilled.
As consumers come to understand the privacy practices of the companies they interact with, they may opt to abandon certain apps. We’ve seen this already when WhatsApp changed its privacy policy in ways that made users uncomfortable. They moved over to Signal, which was much more transparent about its data privacy practices.
App tracking transparency causes companies to hit the panic button
Europe’s General Data Protection Regulation (GDPR) set the data privacy wheels in motion all the way back in 2016. This allowed ample time for companies to figure out systems and policies (as enforcement did not begin until mid-2018), yet as companies often do, many dragged their feet or thought they could walk the line without facing repercussions. That’s no longer the case, as the E.U. levied more than $1.14 billion in fines in the third quarter of 2021 alone. This is nearly 20x the combined total of Q1 and Q2, and 3x the total amount of fines across the entirety of 2020. Although tech giants like Google and Amazon may grab the majority of news headlines for infractions, plus eye-popping dollar figures, a far greater number of fines are being directed at SMBs. This trend is expected to continue for the foreseeable future, causing headaches for any company that hopes to avoid the stamp of a violation that breaches consumer trust. It’s still too early to assess penalties for laws like CCPA, but expect them to follow suit.
On top of the threat of steep fines, companies also have to contend with issues like Apple’s App Tracking Transparency and Google’s decision to get rid of cookies. With no cohesive national data privacy policy deployed in the United States, private companies are stepping in to dictate new privacy practices, which is cause for many organizations to panic. They are struggling to make the shift to a privacy-first stance. According to recent research, the unique number of apps in usage per company is up about 30% year over year. The average small business uses 102 different apps, while each mid-market business uses an average of 137 apps. Enterprises have, on average, 288 different SaaS apps in usage across their businesses. This kind of investment and application interdependence makes it even more difficult for companies to even consider streamlining, let alone fundamentally changing, their data privacy practices.
With the spigot of accessible user data being turned down, as millions of consumers opt not to be tracked, third-party data brokers are filling the data void with digital fingerprinting practices. Digital fingerprinting methods identify enough characteristics of a consumer’s device that a profile can be generated and used for ad targeting. Sometimes these profiles are even more complete than what could be created from customers who agreed to share their data with apps and services. Interestingly, digital fingerprinting is virtually invisible, highly effective, and consumers have no way to stop it.
Expect these practices to become much more prevalent in 2022 as digital fingerprinting becomes even more sophisticated — or put another way, companies can decide if they will do right by consumers’ data privacy preferences. Workarounds are inevitable.
Zero-party data for greater personalization
Zero-party data is emerging as a possible solution that keeps consumers happy, companies satisfied, and regulators at bay. Zero-party data is a practice in which companies ask customers questions to provide a highly tailored, personalized experience. Think of the questions a sales associate might ask if you were doing some in-person shopping or maybe working with a stylist. Consider the data you provide companies like Netflix or Amazon to get better recommendations for what to watch or buy. Consumers willingly and intentionally offer up even the most minute details in order to have the best possible experience.
With zero-party data, personal information is culled directly by the site or app with which a person is engaging -– and it stays there, at least until it’s been “anonymized” or the consumer agrees to its sale. The process is more transparent and delivers something positive and desired to customers. Yet, the company still gets the information it wants to build relationships, better serve customers, and sell more product. But make no mistake, zero-party data doesn’t mean less data (in reality, even more data is being collected), nor does it mean that data isn’t sold or shared. It just means that consumers knowingly offered up their information to a brand. Still, this is a big differentiator. It puts consumers directly in control of the information they choose to share in exchange for a better experience (yet in many cases they have no say in how long their data is retained). Because of this, it will become a favored approach to data privacy, at least in the near term as companies work out some of their data privacy management kinks and new innovations begin to surface.
If just one of these predictions comes true over the next year, data privacy will be in a very different place than it is today. Consumers will have far greater control over what companies are allowed to know and how they can use this personal information. This will inevitably change how marketing is done, but it will also enable companies to form new types of relationships with consumers built on trust and transparency.
Daniel Barber is CEO & cofounder of DataGrail.
