Join Transform 2021 for the most important themes in enterprise AI & Data. Learn more.
Apple and Facebook have entered an all-out Cold War in the name of consumer data privacy.
The battle started when Apple announced it will soon require users to opt in to personal data tracking. Facebook, which makes money from that tracking, took out full-page ads in major newspapers condemning the move. Apple CEO Tim Cook fired back in a recent speech, rebuking companies that gather as much data as possible and warning of dangerous consequences.
Both companies have put a stake in the ground, and the impact will be felt across the tech and business worlds. Meanwhile, conversations about data privacy are going mainstream. WhatsApp users expressed outrage when they had to accept new privacy terms or lose the app, and data privacy bills are gaining momentum in state legislatures.
All of this means time is up for the companies that have sat on the sidelines of this debate until now. Every tech company has access to user data, and each one now must decide which side of the data privacy war they’re on: the one that collects and exploits consumer data, or the one that respects and protects data and the users it belongs to. Prioritizing consumer data privacy doesn’t always mean a company must overhaul its policies. Rather, it’s about communicating those policies to consumers in a way they can understand and holding internal teams accountable to them.
Privacy policies should pass the user test, not the lawyer test
Every company that collects and shares consumer data needs a version of its privacy policy that users, not corporate lawyers, can understand. It seems simple, but privacy policies are often so long and stacked with legal jargon that users scroll through without absorbing a word.
A digestible privacy policy should articulate what data the company believes it owns and what belongs to the consumer. It should be clear, jargon-free and understandable without a dictionary. Women’s health app Clue does this well, outlining exactly what data it collects from users and why. Especially when users are sharing data as sensitive as health information, this transparent communication fosters consumer trust. Last year, 91% of companies with very mature privacy practices – which include transparency – saw increased user trust and loyalty.
Another benefit of a user-friendly privacy policy is that it can help a company’s leaders decide whether to change their data privacy practices. If leaders aren’t comfortable telling consumers what the company is doing with their data, it’s time to rethink those practices.
Data privacy “road signs” can help users navigate
In addition to a user-friendly privacy policy, companies should give consumers privacy “road signs” to help them navigate the confusing landscape of data collection and make informed decisions about what data they’re willing to share.
There’s a misconception that Facebook is under scrutiny for using consumers’ data to target ads, but in fact it’s because the company historically hasn’t given its users any of this signage. Its mass collection of user data without explanation of how or why has hurt consumers’ trust in its brand.
Data privacy road signs go beyond a bare-bones privacy policy, giving users context that helps them decide what data they’re comfortable sharing. For example, a company can tell users what it doesn’t do with their data. When it comes to an abstract, complex topic like data privacy, people are often better at understanding what they’re not comfortable with. An organization like Signal does that work for users by outlining that it can’t access their messages and “does not sell, rent, or monetize your personal data or content in any way — ever.”
Good privacy signage also tells users what kinds of partners and third parties a company shares data with and why. Twilio clearly communicates that it shares some user data with other companies to improve users’ call quality. These clear guidelines build user trust and are a compelling reason for consumers to choose one product over another that offers less clear data privacy signage.
Make data privacy part of company culture
Companies should communicate their data privacy practices early and often to users, but upholding those practices is an inside job. Leaders can take steps to ensure their company culture encourages employees to act as respectful data custodians.
One of those steps is rewarding employees or teams who do their jobs well with the least consumer data. For example, leaders can invite a team that exceeded its goals while reducing data access to share how they did it and what they learned at an all-hands meeting. A company can also implement tokenization, which swaps out sensitive data with digital “tokens” — like poker chips or arcade tokens — that would be useless if intercepted or leaked. The data itself moves into a private vault that the company can’t access.
These changes foster a culture that depends less on data access and encourages creativity. Finally, leaders can designate an executive privacy sponsor who advocates for user data privacy and holds leadership accountable to follow company privacy guidelines.
Apple and Facebook have thrown down the data privacy gauntlet, and it’s time for all companies to pick a side. In the coming years, consumers will flock to companies that respect and protect their data. Those that are transparent and encourage good internal data privacy practices will gain more trusting and loyal users and in turn, stronger businesses.
Frederick “Flee” Lee is Chief Security Officer at payroll and benefits service provider Gusto.