With endless concerns surrounding data privacy and safety, companies today are faced with a new dilemma surrounding experience personalization. While customers might expect their data to be collected and used to enhance their experiences, they don’t want to be spied on in order for it to be obtained. Leveraging available data without being perceived as an entity that is spying on individuals is, and has always been, a tricky balance to manage. What is each customer’s threshold or tolerance? How do you determine what is enhancing the experience and what is overstepping? How do you prevent eroding or destroying the trust you’ve earned? The answer for many is to simply ask customers directly. But the elegance of that solution is wrapped in the complexity of a radically transparent approach to data collection and usage that just happens to fit perfectly with one of the central tenets of privacy legislation.
Recent privacy legislation aims, among other goals, to extend data protection rights to individuals by giving them control of their personal data. GDPR and the California Consumer Privacy Act were enacted with this very purpose in mind after years of questionable behavior by thousands of companies doing business online. The impact of such legislation on businesses has been significant and will, hopefully, lead to a lasting improvement in the way customer data is collected, protected, and used. As a recent article on The Guardian noted, “If individuals begin to take advantage of GDPR in large numbers, by withholding consent for certain uses of data, requesting access to their personal information from data brokers, or deleting their information from sites altogether, it could have a seismic effect on the data industry.”
From the perspective of a business, the textbook challenge of data privacy is utilizing personal data while respecting the individual's right to privacy and managing their evolving privacy preferences. But hidden within that sentiment is a critical disconnect: most businesses today understand data privacy as a constraint. They comply because they have a desire to protect the data as a corporate asset and to be frank, most businesses do not want customers to actively control their own data. They simply don’t want to get fined or suffer a loss of reputation. While GDPR was tabled to protect the people, a company’s primary desire in compliance is to continue to leverage the data they have collected. Protecting the “people behind the data” is not the real consideration we’d like it to be.
Perhaps a solution to the conundrum of “know me, without spying on me” can be found by augmenting the concept of collect and protect with a third tier: communicate. If companies can open a meaningful two-way dialogue with their customers that evolves over time, the lines between knowing and spying become less blurry. Not in simply reporting back on which data is being used for what, but in opening up a discourse with customers about what that data could and should be used for and ultimately how they will benefit.
Gaming platform Twitch is successfully using this concept to better engage with its millennial audience. By communicating more frequently and effectively, viewers have not only agreed to share their data on an ongoing basis, but they’ve actually encouraged Twitch to collect more. Twitch has purposefully and deliberately shaped their viewers’ expectations about the nature of their data usage with ongoing transparency and communication. The result? Viewers have encouraged Twitch to share that information with sponsors and advertisers because they believe that their experience would be enhanced across the board as a result of such data sharing.
With this approach, concerns about compliance and issues of command and control are reduced or removed altogether. Communication not only eases the constraints of privacy legislation, it opens up an entirely new opportunity for companies to both drive revenue and transform relationships with their customers.