That’s my data you’re fondling

CO 1069-164-26

TechCentral published an article by Richard Mullins, titled “Data, the hidden treasure in publishing” which raises a number of important issues. The premise of the article and the challenge facing publishers is nicely summarised in these two paragraphs in the article:

Their biggest hope of making money lies in unlocking the value of the reams of data they collect about their audience. This data is the most valuable commodity they are sitting on, yet it can be as hard to access as veins of gold buried deep below the surface of the earth. Over the years, publishers have built their online operations in a fragmented and ad hoc manner, adding in new technologies, tools and channels as they have needed to.

and

Yet the opportunity for publishers to package all their information and resell it to digital marketers is one they cannot afford to ignore any longer. It is the greatest value they have to sell their advertisers and they need to start thinking of how they are going to deliver the value and monetise the gold they are sitting on.

Mullins talks about this data as if publishers have acquired it and are free to do as they wish, if only they develop the infrastructure to exploit it more effectively. He highlights a need we’re seeing in various industries – the need to make better use of data stored in silos in the organisation to market the organisation’s products and services more effectively. At first glance this makes a lot of sense but this approach to the data begins to smell a little funky when you take a few steps back and consider whose data we’re talking about here.

Choice

The Protection of Personal Information Bill’s 5th working draft recognises 3 principles as the basis for the legislation:

  • section 14 of the Constitution of the Republic of South Africa, 1996, provides that everyone has the right to privacy;
  • the right to privacy includes a right to protection against the unlawful collection, retention, dissemination and use of personal information;
  • the State must respect, protect, promote and fulfil the rights in the Bill of Rights;

The Bill goes on to record a number of rights “data subjects” (defined as the “person to whom personal information relates”) enjoy. These rights are designed to give data subjects more meaningful control over their personal information (privacy under Protection of Personal Information Bill is not about secrecy, its about informational self-determination). Included in the Bill are provisions which deal specifically with direct marketing as a use of this personal information. “Unlocking the value of the reams of data” the publishers have collected is a euphemism for marketing using that personal information or even selling that data. Both activities will be regulated in Protection of Personal Information Bill and direct marketing is already regulated, in varying degrees, by a combination of the Consumer Protection Act, the Electronic Communications and Transactions Act and industry codes of conduct.

The trend reflected by these industry codes of conduct and Protection of Personal Information Bill is towards a requirement that marketers obtain specific and informed consent from consumers before processing that data (the definition of “processing” isn’t settled in Protection of Personal Information Bill but the current options cover virtually any use of the data from collection to aggregation to making more direct uses of it). The sort of consent contemplated by Protection of Personal Information Bill is fairly specific. At the very least a customer must have given informed consent in the context of a sale of a product or service to receive marketing information pertaining to the marketer’s “own similar products or services”. There are also restrictions on how marketers can source the personal information they wish to collect. Generally speaking they should obtain the personal information directly from the data subject.

While publishers may see the personal information they possess as a goldmine to be exploited, most (if not all) that personal information pertains to consumers whose consent the publisher may well require before it can do any of that exploiting. There are a number of ways to secure that consent, both before and after the personal information is collected, and the appropriate methods will very much depend on the publishers’ specific circumstances.

Data portability

Leaving aside consent requirements, a related issue which will likely come to the forefront of the debate is data ownership and data portability. The one area where we will see this issue arise is, interestingly enough, in online banking. I spoke to Christo Davel from 22seven about a week and a half ago (you can read our report titled “Your 22seven risks and where banks draw the line” for more about 22seven and related issues) and he raised data portability as a key issue going forward. 22seven collates information about its users’ transactions, potentially from a variety of banks, in order to conduct the analyses it conducts and render its services. The banks objecting to their customers using 22seven seemed to ignore the fact that the transactional information under their care belongs to their customers. If their customers want to disclose their data to 22seven or other providers then the banks should make reasonable efforts to alert customers to the risks, limit access insofar as is required to reasonably protect their infrastructure and otherwise permit customers to take their data out. This is one area where Google has innovated with the Data Liberation initiative.

the Data Liberation Front

Data portability could create some fairly interesting situations for providers. One relates to competition between similar providers and how users wanting to move their data from one provider to another could affect ordinary competition. If users are given the ability to export their lists of contacts, connections, preferences and so on and import those data into a competing provider’s platform, what would the constraints be on providers as between each other. At what point would a provider be competing unlawfully?

Humanise the data

Returning to Mullins’ point about publishers and their untapped and data silos, publishers shouldn’t lose sight of whose data they are mining and the consents they may well require before passing it around their various operating divisions and partners.

That said, better use of that data can be in consumers’ interests too (if the appropriate consents are obtained). Google has been arguing for years that knowing more about potential customers gives marketers the ability to present them with more relevant advertising. Facebook customises ads on the fly as you update your status and connect to people and Pages. As Mullins put it –

The publisher can help an advertiser to remarket to and re-target that customer who has, for example searched for LCD TVs online, read reviews and clicked on an ad; and is clearly in the market for a new television.

The middle ground is respecting consumers’ rights and working within the parameters established by the law and prevailing legal frameworks with a view to presenting customers with marketing material they want.