Commonly in the business world, a wealth of opposition is expressed whenever new regulations are passed that affect the status quo in any industry. In the late 1990s, HIPAA reached across our industry and those of our healthcare clients; the Telephone Consumer Protection Act (“TCPA”) did the same in the early 2000s – bringing with it the National Do Not Call Registry; and while neither client e-mail alerts, nor webinars, nor blogs existed in the early 20th century, there was quite the hullabaloo created by the establishment of the Federal Trade Commission.
Today, the industry is faced with another regulatory re-tooling. This time it is working to comply with the European General Data Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”), the New York Stop Hacks and Improve Electronic Data Security Act (“SHIELD”), and a new host of proposed similar local, state, national, and international laws governing the way in which businesses collect, process, and use consumer data. Regardless of the source or jurisdiction, these laws are attempting to solidify the notion that consumer data never really “belongs” to anyone other than the individual to whom it relates. Correspondingly, each consumer data set must be treated with respect according to the direction of the individual consumer.
This principle may seem pretty logical, and it is. However, it is a novel perspective in tech and data business circles. In the data industry, businesses have long thought that customers gave their data and digital privacy away whenever they opened a free e-mail or social media account, ordered something online, or simply clicked through popups to read a news article. This is almost entirely due to the boilerplate click-through agreements and privacy policies presented to customers as they arrive at websites and show interest in the content offered there. This position will be (and is being) repudiated by consumers and government officials alike. For businesses whose model is based on selling access to consumers’ data obtained in this way, this represents a strong disruption, but a necessary one.
Only those that embrace their new responsibilities by engaging their customers successfully and marshalling consumer data in accordance with applicable law will prosper. CCPA and SHIELD place a greater burden on businesses than GDPR in terms of the types of data required to be disclosed at consumers’ requests, and also by providing consumers with direct means of determining the access to and use of data they will allow. These laws are already changing the way digital advertising is conducted, and inevitably lead to better quality data at advertisers’ disposal. As such, there is an impending corollary improvement in ad effectiveness and consumer experience for responsible brands
With the market and regulations in flux, companies would do well to focus on reaching out to individual consumers to obtain each one’s active consent to use their data. Of course, the amount of data points the company has at its disposal may decrease, but what remains should be relatively risk-free and will relate to consumers who want what companies are selling.