Obligation or opportunity—Data privacy approach closely linked to business outlook

Privacy controls today are continuing to erode. 20 per cent of APAC consumers are willing to share their personal details in return for free products or services; on the other hand, 40 per cent have experienced incidents in which their data was accessed without prior consent. 

While this data stream is providing businesses with unprecedented opportunities to monetise data and understand consumer behaviour, the erosion of personal privacy is accompanied by a growing lack of consumer trust. If businesses cannot be trusted to manage consumer information, the consequences can be dire, as seen in the recent WhatsApp saga. 

Organisations’ need to survive and stay competitive in this changing landscape does not trump consumer rights to protect their personal data. Because consumers are the rightful owners of their personal data, businesses that collect their data must act as responsible stewards of this data. 

With consumer trust at the heart of their operational model, businesses need to take the lead in advocating for better data practices—by overhauling data approaches, investing in better data management tools, and educating consumers on their data rights.

With great data comes great responsibility

Many companies face tension between generating revenue and protecting consumer privacy. Business investments in big data—especially personal data collected from the web and other Internet of Things (IoT) endpoints—typically pay off when companies successfully ‘monetise’ this data. 

Even though data privacy and monetisation appear to be fundamentally at odds, it is possible for businesses to walk the ethical line between the commercial use and protection of consumer data. This requires conscious and dedicated efforts to prioritise consumer data privacy over revenue generation—especially in situations where one or the other must be compromised—and educate consumers to better manage their own data. 

The monetary view of consumer data is a common starting point for many companies that run on business models geared towards this purpose, with data privacy included only as an afterthought. Companies optimise value from consumers based on information about their characteristics and behaviour—either using methods such as direct marketing and personalised services, or by selling consumer data to third-party businesses for additional revenue. With social interactions remaining primarily online for the foreseeable future, online platforms such as social media and digital banking provide a wealth of information for businesses to leverage. 

Yet, businesses are also facing stronger pressures from governments and watchdog groups to boost users’ privacy rights and can no longer afford to relegate data privacy to a secondary consideration. The European Union privacy watchdog European Data Protection Supervisor recently backed the bloc’s push to curb the power of US tech giants with new tough rules and additional safeguards. 

The consequences of failing to protect consumer data privacy could include tighter regulatory controls, negative press, and—worst of all—loss of consumer trust. Because the ability to generate sales and therefore revenue depends on a company’s reputation, protecting consumer privacy is critical to helping businesses stay competitive. 

Prioritising privacy

To survive and thrive in this digital economy, companies need to pivot toward a privacy-centric business model. With the more recent emergence of companies that take privacy as a starting point and operate business models structured from the get-go to acknowledge and safeguard consumer privacy, the competition is stiff. Businesses that are late to the game are most at risk of losing out to competitors that have better privacy protection measures in place.

Following WhatsApp’s policy change announcement, the mass exodus of users to Telegram and Signal demonstrated that many consumers will not hesitate to take their business elsewhere when faced with perceived threats to their personal privacy. Higher standards for data governance are now an imperative rather than an option, as businesses are driven to re-think the concept of ‘privacy by design’.

Ideally, privacy would be considered at the start of any new data management system, since it cannot easily be included as an afterthought. The requisite levels of personal data protection must be incorporated early to ensure that it is configured into all steps of the development and supply chain — starting with design, through to the business and utilisation model. 

For instance, the GDPR poses a significant challenge to APAC organisations because it required significantly higher levels of compliance compared to local requirements in existing legislative, regulatory or guidance material. A key principle of data privacy protection is to keep data only for as long as required, since data is often integrated across multiple systems. Since most systems were not developed with GDPR compliance in mind, data retention structures are often embedded into business-critical applications, making remediation efforts extremely costly and complex.

 Establishing clear frameworks and comprehensive data strategies to govern the collection and storage of data sets requires designating specific functions to store, process and analyse personal information, and to determine how these actions are authorised. 

Generally, accounting, sales, human resources and IT departments tend to handle more sensitive data. Part of ensuring these departments have the best data practices involves streamlining data flows – collecting only necessary data fields, minimising access to essential job functions, and using only third-party data processors and software development kits that demonstrate sufficient guarantees of meeting consumer privacy requirements.

Empowering consumers

In tandem with business and regulatory shifts, consumers should also learn to exercise greater ownership over their personal data. Businesses can encourage and empower consumers by taking steps to educate them about data privacy measures. 

Organisations could support their marketing efforts with overt details on how personal data is collected and applied, offer consumers privacy health checks, and provide them with guidance on ways to enhance personal data protection. Taking a proactive approach and communicating clearly to consumers about how their data and identities are being protected will help businesses to build long-term digital trust.

Ultimately, as companies reach the logical conclusion that safeguarding data privacy is part and parcel of bolstering their business and commercial interests, a new norm will emerge with higher standards around personal data protection. While it will be an uphill task for businesses that need to rise to this challenge, consumers can be assured that only the fittest will survive.