Data collection — from your credit score to your current location to your go-to pizza delivery preferences — is both an expected part of modern life and the most effective way for companies to gain an understanding of its consumers. While we’ve come to expect that our smartphone knows our destination even before we’ve left the house or that those shoes we were browsing during our lunch hour will follow us online for days or even weeks, popping up in sidebar ads and in our social media feeds, what many of us don’t realize is how and why companies collect this information.
But with data privacy regulations such as the General Data Protection Regulation (GDPR) already in place in Europe and U.S.-based regulations like the California Consumer Privacy Act (CCPA) on the horizon, it’s not an exaggeration to say we are approaching a precipice when it comes to data privacy. These regulations are changing the way consumers and companies think about data privacy and bringing a new understanding to the concepts of transparency, accountability, and — most importantly — trust.
What the Consumer Doesn’t Know (or Read) Can Hurt the Company
Whether you are upgrading the software on a device, filling out paperwork at your doctor’s office, or signing up for a new credit card, almost everyone is guilty of quickly clicking “yes” or “agree” when met with a cumbersome “user agreement.” These agreements, by design, always include barely readable fonts, hard to understand legalese, and an option for a quick scroll so that you can start using the product as quickly as possible.
The reality is that most people don’t understand what exactly they are agreeing to when they click that box. And that lack of understanding can often lead to a reckoning down the road. Just ask Facebook. While the Cambridge Analytica scandal did involve inadequacies in safeguarding user data, many people were even more shocked to learn that they agreed to overly-broad terms and conditions that made their personal information vulnerable in the first place.
And this isn’t a problem exclusive to younger companies like Facebook. Many companies require users to sign a “Terms of Agreement” and assume consumers understand data collection is a part of these agreements. But the truth is that most consumers have no idea what they are signing up for when they sign those waivers.
As more data privacy regulations are set to take hold in the United States, companies and advertisers will need to find clear and concise ways to explain their data management practices, as well as streamline how they request, record, and manage data privacy and consent.
Opt-in vs. Opt-out
And once that agreement is signed, at least in the United States, the only way to stop data collection is by “opting-out,” i.e. unsubscribing or stopping websites from collecting cookies. This default system puts the onus on the consumer to understand how their data is being collected and then take action to prevent it. But even once you’ve decided to opt-out, it’s likely at least some of your personal data has already been collected, including the fact that you’ve “opted-out.” Even if you consider yourself extremely diligent about privacy protections — always turning off location settings on your phone, monitoring privacy settings, or even using a browser extension to protect your privacy — it’s almost certain that your data has been collected, stored, and used without your knowledge. CCPA has the potential to change this because under the new legislation companies will attract class action lawsuits if a users’ data isn’t removed across all platforms once they’ve elected to opt-out. But for now, your data is fair game, sometimes even after you’ve opted-out.
GDPR, on the other hand, represents a seismic shift in how data collection and privacy is viewed by both consumers and companies. Whenever you enter an app or a website for the first time, you must “opt-in” to allow the company to collect and use your data. In fact, you can’t access the website or service unless you’ve clicked “yes or “no,” but instead of agreeing to terms of service, Europeans now agree to allow their data to be collected.
Think of opt-in vs. opt-out as being on two sides of a gate: in the United States you start out inside the gate and can opt-out or leave whenever you like. In Europe, you need an “opt-in” key to unlock the gate and step inside.
Transparency Builds Trust
Recent consumer data breaches and general misunderstandings about consent can leave consumers feeling reluctant to share their data, whether they are opting-in or opting-out. The question is, how can companies build trust and help consumers gain a better understanding of data privacy?
If we look at what some companies in Europe are doing to comply with GDPR, it’s obvious that transparency is the key. And transparency quickly leads to trust. This means explaining terms of service in short, easy to understand language or even videos or infographics to keep the modern user engaged and informed.
For example, the Guardian has some short text with images explaining why your data is valuable to the company, how the money used from advertisements is used, and where you can find the detailed user agreement. It also has this short 1:35 video that goes into additional detail about how consumer data is used.
The more transparent a company is about how and why it collects consumer data, the more innate trust is built with the consumer.
As more data privacy regulations are set to take hold in the United States, companies and advertisers will need to find clear and concise ways to explain their data management practices, as well as streamline how they request, record, and manage data privacy and consent. Trust and transparency will be core objectives when collecting data, especially as consumers become savvier about consent and privacy options.
Whether a consumer opts-in or opts-out, once that action is taken, they expect it to be respected and carried forward by the company. But managing all of that data can be challenging for even the most sophisticated companies. By employing privacy technologies such as HealthVerity Consent, which provides a single platform to consolidate, connect, and log consumer data privacy preferences (‘consent’), companies can ensure the safety of consumer data. This information is also deidentified, allowing consumers an extra layer of protection toward their privacy.
For example, when purchasing a life insurance policy, your health records might need to be shared between your doctor’s office and your insurance company. This process typically entails many different types of paperwork that must be processed and records that must be transferred between these two entities. With an opt-in to share your records for this specific task, your doctor can attach your opt-in consent to your digital records to share with your life insurance company, lowering the cost to process the request and, over time, lowering your premiums.
The balance of power when it comes to data privacy continues to shift, with consumers more empowered than ever before to take control over their data privacy. Through platforms such as HealthVerity Consent, trust can be built and data can be protected. Companies must look beyond data management platforms to ensure they are building goodwill among users by making data privacy policies easier to read and understand. It can’t only be about checking the proverbial box of providing small print legalese in order to get the consumer to check the literal tick box allowing their data to be collected.
Whether consumers are deciding to opt-in or opt-out, it all comes down to trust.