When data and privacy collide
Data is king, but the recent Facebook scandal is a reminder that people are — rightfully — demanding more transparency and control over how their data is collected and used
An inflection point on data and privacy has been crossed.
In 2015, Cambridge Analytica, under the guise of academic research, created a Facebook survey app to study the psychological profiles of its users. Hundreds of thousands of people downloaded the survey app and gave permission to have their data collected; 50 million of their friends did not explicitly give consent to Cambridge Analytica, but had their data shared as well. This data was used to create psychographic profiles that in turn were used to serve personalized political ads to Facebook users. The impact of these ads swaying both Brexit and the election of Donald Trump are the subject of investigations. In the wake of this news, Facebook has lost more than $60 billion in market cap.
Customer and employee expectations around data were already expected to fundamentally change in 2018, when any organization employing or selling to EU citizens irrespective of its nationality or location will need to overhaul its data handling and processing. Now the details of end user agreements and privacy settings in apps that are generally ignored are having their moment in the spotlight. For the first time, the general public is starting to understand the power of data. As individuals take greater control over their data, growing demand for new products and services to help and extend this will need to be met.
As a result, building and maintaining the trust of customers will grow in both importance and in difficulty. Empathy and service design will become required tools used to create data experiences that customers trust.
What is going on
The hunger for and availability of data has become insatiable, fueled by digital interaction and the rapid rise of artificial intelligence (AI), especially over the past 18 months.
Organizations as diverse as government departments, healthcare providers, utilities providers, supermarkets and social platforms now regularly gather information about individuals — how much they spend, where they go, what they eat or the state of their health. And for years, individuals have acquiesced — handing over information casually in exchange for services.
However, this is now set to change.
With little idea of what personal data organizations hold on them, how it is gathered, stored and used, individuals’ growing concerns about privacy and security have been exacerbated by incidents of data security breech like Equifax’s and reported of identity thefts. With little understanding of how best to respond to customers and employees’ concerns, organizations have relied on out-dated legislation and many have buried their heads in the gathering of data without adequately addressing how best to use it.
In response, legislators have begun paving the way for a brave new data world.
In Europe, the EU’s General Data Protection Regulation (GDPR) which comes into effect shortly will require organizations to overhaul how they process and handle data. Its primary aims are to give control back to citizens and residents over their own personal data — introducing the “right to be forgotten,” for example — and to simplify the regulatory environment for international businesses. But this won’t just impact on those based or operating within EU member states. Instead, it will affect any organization either employing or selling to EU citizens irrespective of where that organization’s nationality or location.
Also in Europe, the EU’s updating of its Payment Services Director (PSD2) will herald the arrival of so-called “Open Banking” when it comes into effect in 2018. PSD2 is intended to stimulate innovation in financial services and will enable customers to access — and organizations including non-banks to provide — a range of new consumer-focused financial services based on new and different ways of using their data. Open Banking is also a growing phenomenon in other regions, but the potential impact of its ‘open business’ approach will extend beyond financial services into many other market sectors.
Open Banking is not just a European phenomenon, however. Financial institutions such as Citi in the US and Fidor, a German online bank, and Bunq, a Dutch mobile bank, have also begun using their APIs to open up their data, processes and other functionality to an ecosystem of customers, employees, third-party developers, vendors and other partners.
Meanwhile, a host of new start-ups — such as Chekk.me — are now emerging, offering to empower users to control their data and manage their digital identity.
The upshot of these latest development is an imminent fundamental shift in power from data gather to data generator. Moving forward, individuals will have more visibility of how their data is being gathered and used, more opportunity to take control of and even monetize their own data, and more opportunity to opt out.
Early signs of this are already evident. For example, Datacoup is the world’s first personal data marketplace — providing individuals with a way of monetizing their own data. Meanwhile, a growing number of US web users are moving away from online shopping due to privacy and security fears.
This fundamental shift presents profound challenges for organizations.
For example, as organizations become increasingly reliant on data for shaping the creation of new products and services, how should they respond when certain groups within their target audience opt out of sharing that data and what impact will this have on the development of new products and services?
Then there is the issue of how best to store, manage and deploy the growing volume of data now available. New technologies such as AI and machine learning can help organizations analyze, interpret and apply but their potential depends on how the data they are applied to is organized. Learning algorithms can only learn from cleaned-up data if organized in a way that enables them to look through it, understand it, process it and learn from it.
Already, data has profound and lasting implications for every organization’s competitive strategy. Yet, most organizations’ mastery of data is immature and anything but customer-centric. Few, meanwhile, have a coherent strategy for how data will fuel innovation and or open up access to new customers. This is another major challenge that must be addressed.
The division between those organizations adept and inept at making the most of their data is already plain to see.
Misguided marketing, badly-fitted personalization, lack of continuity in digital, lack of archaeological records and inability to filter data (for example, by emotion) are just a few of the characteristics of the inept.
In contrast, consider how Google has evolved beyond simply using the data it collects for more targeted advertising to now using it into an array of new services such as language translation, visual recognition or personality assessment based on analysis of an individual’s writings. Or the success of Netflix and Amazon in creating content and offerings based on users’ behavioral data. And Spotify’s success in using data to help users’ discovery of new music. Tesla, meanwhile, is optimizing its self-driving algorithms and updating software the autonomous car safety features it is developing by analyzing more than 1.3bn miles-worth of driving data.
Meanwhile, the potential to get greater value and use from data is set to grow exponentially. The value of European personal data alone could be as much as 1tn Euros per year by 2020, according to the EU.
Looking forward
The data landscape is changing fast, and going further.
For proof, look no further than Datum, a data marketplace powered by blockhain. In the light of this, organizations should be planning their response and future strategies now. And as a discipline centered on people, design will be well-positioned to address the challenges involved.
Design thinking and service design will help companies make data usable by employees, customers and partners and fuel innovation, opening access to new customers. User experience is critical, for example, so organizations will need to balance being data-centered with being human-centered to best respond to customers and employees. A shift in mind-set will be needed to balance the traditional focus on data security and privacy with an equal emphasis on accessibility.
Convergence of data science and service design is already underway. Fjord already offers clients an established Data+Design proposition. IDEO recently acquired Chicago-based data science company Datascope. Both are evidence of the strategic role designers can and will play to help solve many of the data issues organizations will face.
Organizations will need to reassess their structures, systems and processes and where appropriate restructure, re-tool and re-skill accordingly.
For example, to create smart and loveable services, organizations will need to ensure data is tightly linked with their product development process. To evolve appropriate strategies for how data will fuel innovation and open up access to new customers, design capability will need to be up weighted — in particular, by bringing together designers and technologists to be better able harness data to create new personalized, contextual services that win customers’ hearts and shares of markets.
An organization’s data and analytics functions will need to become a key contributor to the development and execution of any business strategy. This means supplying insights into key areas such as employees and customers, unmet market opportunities and emerging trends. This will require data-centric governance models and business strategies that empower CDOs and also technical architecture that is more flexible to make access to data easier.
Organizations will need to respond to customers’ growing demands for transparency and control over their data. They will need to be more open about how they collect and store data because they could be asked for it at any time and because not being transparent will invite scrutiny about security. And they will need to create new products and services to meet customer and employee demands to access and use their data in a growing variety of ways. A new generation of products and services designed to manage their data more effectively.
This is already evident in financial services where HSBC has created an app — initially for its 17 million UK customers, eventually for any bank customer — which shows an individual their bank accounts, credits cards, mortgages and loans from 21 different banks in one place. HSBC is the first major bank to launch such an app though several other apps including Yolt, OnTrees and Money Dashboard already offer cross-banking insights.
But the “open” revolution won’t just be restricted to financial services as a shift to “Open Business” spreads to other sectors. Any service that relies on an exchange of money between an organization and an individual will be impacted by the “openness” shift. For example, price comparison sites can check whether customers have the best deals on their insurance and utilities, in real time. If they don’t, open access to payment and authentication makes instant switching a reality.
In telecoms, for example, Telefonica is now working on a platform called Aura which is a personal data space to hold all transactions that a customer has had with the company. If the customer wanted to show their telephone payment schedule to a credit scoring company, for example, they would be able to do so. The company’s Chief Executive Officer José María Álvarez-Pallete has stated his belief that customers should control their own data and be able to take it on leaving the service provider.
Looking ahead, with access to data on how you spend your money, a food retailer could recognize your gym membership and provide offers on healthy food to fuel your fitness drive. When a loyalty service can ‘see’ the retailers where you’ve been spending your money, what place for the traditional loyalty card? Instead, the service could recognize when you’ve spent at participating retailers and credit your account accordingly.
Organizations will also need to act to address customers’ and employee’s concerns about security and privacy of data. As fear of and focus on surveillance culture increases, such concerns will grow making it more and more important for organizations with whom they choose to share their data to build and maintain their trust.
Moving forward, individuals will expect security and demand greater transparency. But organizations will need to strike the right balance between security, privacy and accessibility. Security and accessibility are often seen as polar opposites on a spectrum, but usability and good design can help solve security problems. A fresh emphasis will be needed to ensure data access by customers (and employees, too) is elegant, simple and instinctive.
So what can you do?
Be transparent to build trust — Honesty and transparency should be the only policies as customer and employee expectations around data further evolve. Be clear about how data is gathered, how it is used, and what meaningful things can be extracted from it. Make that data transparent and editable by customers. Empowering individuals to manage their own data will make them feel in control and that you are a responsible steward of their data. Moving forward the big issue will be the risk of losing customers’ trust.
Get your data in order — Some organizations have been working for many years to get their data in a state conducive for extracting the insights to drive innovative services. Organizations have work to do if they’re to remain competitive with the changing data landscape, and they need to start now. Treat data as a strategic asset if you don’t already. Make it available and usable by relevant employees and customers. Make it available to partners via APIs.
Merge your data and design disciplines — To get the most out of data, organizations need experts within their design teams to extract the insights that will drive smart and loveable services. Leverage best design practice to help address data accessibility, privacy and security issues. Human beings are the weakest link in security, good design can help address this cross-industry issue.
Design for unexpected connections — As organizations get access to new sets of data, they will be able to arrive at insights that could surprise consumers. Designers will need to acknowledge such insights could cause confusion, and sometimes fear, in consumers. And they’ll need to accommodate this when designing services to provide reassurance and build trust.
