Treating data privacy regulations as a hindrance is a sure way to incur the wrath of governments and consumers. Why?
Following the passing of the General Data Protection Regulation (GDPR) in the EU we have seen similar regulations coming into force in Singapore, Malaysia and Thailand. In Indonesia and Philippines personal data is comprehensively covered in various personal data and privacy laws. Privacy regulation is definitely on the rise.
Developers not only need to be concerned about users’ privacy for their own applications, but they will need to be cognizant of privacy policies for services they integrate with and share information with as well. Additionally, remote-working increases data privacy and security risks, especially in highly regulated industries. Data access controls and authentication forms will play a critical part in mitigating these risks.
As concerns over data privacy will impact software solutions in 2021, here are some reasons why businesses should prioritize consumer data privacy both on their own platforms and in solutions managed by vendors.
- Consumers are now more aware of surveillance practices
For many tech companies, user data is a key source of revenue. Nowhere is this truer than with companies that offer their products for “free”—they actually depend on advertising revenue to prop up their bottom lines. Increasingly, savvy consumers are now scrutinizing cookie policies on websites, Google’s proposed browser tracking known as Federated Learning of Cohorts (FLoC) was broached as more consumers reject cookies.
- Derivatives of business actions are creating privacy issues
You have probably heard this saying: “If you’re not paying for it, you are the product.” Businesses driven by an online advertising model have stretched this maxim even further: “If you’re not paying for it, you, your friends, and your family are the products.”
Many leading technology companies relentlessly monitor the actions, clicks, and conversations of their users with the primary motive of uncovering personal habits and interests. This data is neatly pressed into ‘actionable market segments’, packaged and sold off to the highest bidding advertisers, so that they may target their messages to the consumers likely to buy.
User tracking to serve ads has turned into ‘adjunct surveillance’, a term describing companies that collect data without consumer knowledge. This trend started with B2C services, but it is alarming to see it has carried over to the B2B world, especially given how essential SaaS solutions are for working remotely during the pandemic.
According to Zoho data, 62% of companies studied did not inform customers that they allowed tracking code from third-party services on their websites, despite the majority claiming to have well-defined consumer data-privacy policies that are strictly applied.
The writing in on the wall
Increasingly, regulators are waking up and taking action. Governments in Europe, India and elsewhere are demanding change since they understand that many of today’s tech-business models depend on the violation of consumer privacy.
More and more, the burden of protecting consumer privacy is falling back on to the shoulders of businesses, which must now make consumer privacy their responsibility; not just because governments are forcing them to, but because it is the right thing to do for their customers and therefore for themselves.
How can your organization make privacy a core responsibility and priority?
- The first step is to examine your processes for data collection. Adopt a policy of asking for the least amount of user information, gathering only what is needed to do business. For example, if you only need a customer’s email to conduct a transaction, do not ask for their home address, telephone number, and date of birth as well.
- Next, if you do collect customer information, let them know what you have on them. Most people are shocked when they uncover the amount of information social media and other companies have gathered about them. Be open and transparent with customers so there are no surprises down the road.
- Treat data privacy regulation as a cost of doing business as though it were some burdensome audit process they must comply with. Here is an analogy. In the past, a company facing new environmental regulations in one region would simply move its operations, or waste, to another region with weaker regulations and trash the environment there. Such practices are no longer acceptable: today’s savvy consumers simply will not stand for it. Similarly, companies that skimp on privacy protections—or honor them only where they are mandated—are destined to be shunned in the long run.
- Re-evaluate your privacy policies. Today, most are written by lawyers with the intent to obfuscate and confuse. Consequently, most consumers just click the ‘agree’ button without even knowing what they have haplessly agreed to. Do not be the company with that privacy policy. Make your policy so plain and simple that even a 5th-grader will know what data you are collecting. Who knows? It may actually be a 5th-grader that is your user today, and possible a patron tomorrow. Also, examine the privacy policies of your key vendors: your data is only as secure as the weakest link/vendor. With more businesses turning to SaaS vendors for business solutions, it is important to ensure that your vendor values the privacy of your business data. This ensures that third parties will not be able to track users’ actions or have any access to customers’ data.
Finally, if your business is ever breached, tell your users right away that their data has been compromised. Consumers today tend to find this out in the news. Your users deserve to know the truth, and they deserve to hear it directly from you, not from their newsfeeds.
An approach to privacy stems from a corporate moral footing. When it is a reaction to regulation, it will always fall short. Consumers are demanding full accountability and, increasingly, will reward those companies that make data privacy a central tenet of their business strategy.