When digital platforms and services are provided to you for “free” you are the product. This value exchange – products and services for user data – is becoming better understood by consumers, but perhaps not as clearly as many in the technology sector imagine.
The recent revelations involving Facebook and Cambridge Analytica have shown there are clear expectations around privacy and the use of data. There are also consequences for failing to meet those expectations.
Cambridge Analytica is now a casualty of the scandal. The firm shut down this month arguing they have been “vilified” by the media for practice which was a “standard component” of digital advertising.
Revealing, again, its lack of understanding of consumers expectations around data and privacy. Facebook too is dealing with the fallout. According to Recode, the social media giant is now the least trusted major tech company in America.
Now that the dust has settled, and we have a little distance from the initial reporting, we can start to take stock of what it means.
The Cambridge Analytica scandal appears likely to be a watershed moment for data and privacy. The data firm harvested Facebook user data and, most notably, used it to influence American voters during the 2016 American presidential election.
Its work almost certainly contributed to the election of the first “social media president”, Donald Trump. Cambridge Analytica and team Trump outmanoeuvred the Clinton camp and used data to tap into an audience, largely through social media.
Nick Smith, managing director ANZ at Informatica, recognised team Trump’s use of data early. The day after Trump’s surprise victory, Smith argued the election campaign was “a perfect case study in understanding and persuading your target market”.
“Yesterday’s surprise result proves what we have been saying all along here at Informatica – that data is the new control point across all walks of life,” Smith said.
Eventually others realised too, and both the Trump team and Cambridge Analytica received praise for their innovative, data driven campaign. It appeared to be a step up from the 2012 Obama re-election campaign’s use Facebook data.
But over a year later, when it was revealed how the data had been collected and used, both Trump and Cambridge Analytica quickly drew the ire of consumers.
A point of difference
Both Obama and Trump campaigns used Facebook data accessed through users downloading apps. This included access to data on users’ Facebook friends – a Facebook feature that existed between 2010 and 2015. However the Obama campaign’s Facebook data came via its own app – Obama for America, while Cambridge Analytica’s data was allegedly bought from a developer who had harvested user profiles under the guise of academic research through a personality app.
Unlike users of the Obama app, users of the Cambridge Analytica app had no idea their data would be used for a political campaign.
How the data was accessed and then used – Cambridge Analytica’s data use was arguably unethical and fuelled a toxic political climate in America – are both key points of difference. Both points tie back to user expectations on the collection and use of their data.
When Cambridge Analytica’s actions and Facebook’s data breach were uncovered, the fall out was considerable. Despite data beaches becoming more commonplace in an increasingly digital world, this one cut through.
The scandal cost Cambridge Analytica its business, a move that won’t spare its directors from UK’s privacy watchdog. Facebook is also under investigation for its role in the scandal. The social media giant has quickly tightened its data policies and now faces increased scrutiny amid strengthening data regulations.
The message here is: It matters how you collect, secure and use people’s data. The use of digital products and services is not a forfeiture of privacy or data control. People expect to know how data is collected and used in a firm. The upcoming General Data Protection Regulation (GDPR) means this expectation will soon become a fundamental right. Now the question is how do organisations respond?
Meeting consumer and regulatory standards of data governance takes organisation wide commitment. It is no longer the sole responsibility of CDOs and it’s incumbent on firms to improve their data policies, according to Informatica’s Smith. He argues data must now be seen as a strategic asset and awareness starts at the top.
“Key executives need to understand data and stay engaged with the journey of governance. Everyone needs a common language,” Smith told Which-50.
That’s the message from regulators too.
“Privacy has to be a high order concern for your organisations,” said Angelene Falk, the acting Australian Information Commissioner and acting Privacy Commissioner at an industry briefing on Privacy and GDPR. “It needs to be on the agenda of the CEO.”
Indeed Australia’s own privacy laws, like GDPR, require a “privacy by design” approach to compliance and the watchdog recommends organisations create a culture of privacy and strong data governance. This approach in Australia has been bolstered by more regulation – the new Notifiable Data Breach Scheme and the upcoming Australian Government Agencies Privacy Code for the public sector.
But data governance should not be viewed as a compliance burden, it makes business sense too. Accessing data, understanding its use and potential all translate to improved operations and better customer experiences. Similarly, data security fosters consumer trust. In this regard compliance becomes an opportunity.
Regulators, consumers and businesses themselves have all raised the bar for data management and privacy. As digital technology becomes more ingrained in our lives that standard is reasonable. So whether in response to either the stick or the carrot, data governance is everyone’s job.
About the author
Joseph Brookes is a writer for the Which-50 Digital Intelligence Unit, of which Informatica is a Corporate Member. Our members provide their insights and expertise for the benefit of the Which-50 community. Membership fees apply.