Everything about using data has changed. Are you ready?

Let’s get this out of the way up front: the era of everyone but me having access to my data is over.

Regulations and public perception world-wide have rapidly swung to giving individuals control over who has personal data and how that data is used. I wrote in late 2021 that we were headed towards this fundamental shift and that it would mean driving use of data via consent. Two years later this vision is reality and now all organizations must move with urgency. The good news is that consent-driven data-use creates both stronger end-user engagement and more value for the platforms where those users are engaged, so long as it’s anchored in a few key concepts.

From a User Experience perspective, consent only works if it’s honored and enforced at all times, which means automating transparency that what’s promised to end-users is what is actually done. Trust is a series of kept promises, and if I know how data about me is used, and that my preferences are always respected, I’m more likely to adopt & trust an app or service. Similarly, end-users must understand the outcomes they get from choosing to share data. If I know that in exchange for specific data about me I get something quantifiable (like personalized advice or a streamlined experience across applications) then I’m more likely to stay engaged and keep sharing.

From a Data Platform perspective, it’s critical that end-users agree to clear and personalized terms for how and why data is used on the platform and shared off the platform. If great engagement leads to more data, and more valuable data, then it starts by building trust and avoiding surprise when data is used to (e.g.) train an algorithm or drive marketing. This, of course, applies on the back-end as well, where risk is rapidly accrued from the complexity of B2B contracts that require (e.g.) different third-party data-sets not be used for training algorithms, or specific reporting back to businesses about their users. Transparency and proof that third-party data is handled correctly for any given regulation or contract is the difference between closing deals and responding to lawsuits.

To be clear, the legal actions are coming fast. The FTC Health Breach Enforcements that started this year are accelerating, the definition has been expanded to mean unauthorized use and sharing, and the FTC is hiring by the hundreds to enforce Affirmative Express Consent. The EU Data Act will require all device manufacturers to be a trusted steward of data which can only be unlocked by user-consent. In California, SB-362 is gaining momentum and is the blueprint for how all data brokers may be required to respond to user preference. The EU Court of Justice stated emphatically this summer that data-sharing between applications must be driven by user-consent, forcing massive investment by Meta into a consent portal. The UK’s Information Commissioner’s Office levied heavy fines against social media companies that didn’t correctly acquire and enforce parental consent for children. Nearly every discussion about the future of GenerativeAI involves safe & correct use of personal data.

Whether driven by regulations or business opportunity, all platforms today must automate data practices that put users and partners at the center. The challenge is that asking for user consent is much easier than actually automating enforcement at-scale, and most approaches to enforcing consent and contractual obligations do not create transparency. My colleagues and I were writing about this two years ago because it’s at the core of what we started building five years ago at Tranquil Data. We had a singular vision then, and today we have the only automated end-to-end solution. We saw the regulations and business drivers coming, and designed from a fundamentally new perspective that puts scalable automation, consent, transparency, and audit at the heart of data platforms. Everything about data use has changed; it’s time to get tranquil with your data.