Data privacy isn’t top of mind for most marketers, but several converging trends should bring the subject to the attention of business leaders everywhere in the near future.
The first trend is the rapidly shifting global regulatory environment that promises to get quite a bit more stringent. In October 2015, the European Court of Justice invalidated the Safe Harbor Privacy Principles that governed data transfer between the EU and the US, and negotiations to replace that law have been quite contentious. Additionally, the EU’s emerging General Data Protection Regulation (GDPR) takes as a basic principle that individuals have fundamental rights and freedoms regarding control of and consent over their data.
Neither of these regulatory matters have been resolved, but it’s clear that that far more restrictive data privacy laws will be in place soon that major global brands will need to adhere to.
You may be thinking, what does European data privacy laws have to do with me here in Singapore? Good question. I’m raising the subject because any commercial enterprise that does business with a single European citizen or business will be subject to these laws, which will – sooner rather than later – significantly raise the bar for the types of data privacy protections and technologies organisations will need to put in place.
Even if your company doesn’t do any business in Europe, you can be sure many of your competitors will soon be proactively upgrading their data privacy efforts.
The second emerging trend is the Internet of Things (IoT).
Gartner, Inc. forecasts that the IoT – the fast-emerging world of smart cars, smart homes, smart cities, cloud-connected healthcare devices and processor-enabled appliances – will bring 6.4 billion connected things into use worldwide in 2016, up 30% from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new things will get connected every day. This astonishingly rapid pace of change will pose enormous challenges to businesses and the public sector in terms of securely connecting devices, cloud services and things to individual customers and citizens.
(Accenture: The combination of the Industrial Internet and IoT devices could add more than $14 trillion to the global economy by 2030.)
IoT means more data sources, more data volume, and a greater ability for organisations to take advantage of big-data insights to personalize services and customer interactions. However, this can also threaten people’s sense of privacy. As marketers, you can expect customers and prospects to become increasingly aware of what might be perceived as invasive practices that rely on personal data profiles.
When it comes to the IoT, it’s not just the legal or ethical ramifications of web and mobile apps scraping personal information. It’s also about the sheer number of data sources, the inability to limit collection, and the inability to obtain user consent to data sharing over and over again.
For instance, you can’t expect someone to keep clicking “I agree” every time their smart shoes wants to record a heel strike, or every time your smart bed senses you getting up in the night. People will have to get ahead of the curve – and they might actually want to share that data, but only with appropriate parties. For instance, the data from the smartwatch you use to track heart rate while you exercise, that’s something you might want to share with personal trainers, doctors, or third-party marathon training apps. Similarly with your financial data, you might want to provide full access to your accountant during tax season and be able to revoke access once the filing is complete.
This kind of consent-based data security hasn’t been possible with the conventional identity management technologies that organisations use to power access management and sign-on privileges, but that’s changing. With identity platforms built on the User-Managed Access standard, it is now possible for organisations to create exactly these kinds of proactive, consent-based data sharing scenarios.
These technologies are drawing a lot of attention in the EU data regulation discussion because they promise to greatly help organisations comply with the emerging regulations. For marketers, these technologies can provide ways to build in human decision points, opportunities to grant consent, that will help to avoid stepping over real or perceived lines to steer clear of the “creepiness” factor.
There are also real business benefits to using the new consent tools beyond simple regulatory compliance. Coping with regulation – privacy or otherwise – is seen primarily as a cost center for most organisations.
An exception might be banks and other financial services organisations that, wisely, compete to demonstrate robust dedication to customer privacy. As IoT devices and technologies take on a greater role in public and private life, the business value of demonstrating this kind of commitment to building trusted relationships between users, devices, and connected things will quickly grow across all kinds of business sectors – from media and communications to healthcare, retail, cloud services and many others.
Regardless of where the data privacy legal arguments end up, it goes without question that any enterprise planning on fully participating in the IoT economy will need to present customers with options to proactively delegate, and revoke, data access to others.
Organisations clinging to legacy identity and data privacy infrastructure will be at a serious disadvantage to competitors that are designing-in privacy in ways that increase utility and convenience. Organisations that get this right will drive the pace of change in the emerging IoT era.
This is a sponsored post by ForgeRock Identity Platform.