New regulations on data security in Europe are a step in the right direction to protecting consumers, but more important is how companies respond.
ADVERTISEMENTBy Elias Baltassis
One of the ironies of the digital age is that consumers, while expressing serious and growing concern about data privacy, willingly provide all sorts of information about themselves every time they use a credit card, a mobile payment app, or when they surf the Web or access any of the millions of web-based apps now available.
They know they’re revealing valuable information—and it worries them. But they’re counting on the companies at the other end of the transaction, perhaps naively, to protect them. Smart companies won’t let them down.
The EU’s new General Data Protection Regulation (GDPR), which takes effect next month, creates new hurdles for data aggregators and new escape hatches for consumers. The regulation requires that consumers consent to data sharing and stipulates that they have the “right to be forgotten” (that is, the right and ability to delete any record of their digital existence). Despite these new protections, however, the regulation won’t change the basic give-and-take relationship between consumers and companies. Consumers will still give information and companies will still take it.
The legal and technical details of the GDPR, therefore, are important. More important, however, is how companies respond.
Companies that wish to become trusted data stewards must go beyond mandatory regulatory compliance to ensure that consumer information is handled and used appropriately. Doing the right things now will do far more for their relationship with customers than issuing apologies later. This will require companies to embrace the fact that consumer attitudes about privacy vary widely, depending on the type of data at issue and the type of company involved. Companies then have to take visible steps to earn and maintain consumers’ trust.
As a starting point, it’s important to understand exactly how things work today. As a former U.S. Federal Communication Commission official succinctly explained in a recent blog post: “Web giants like Facebook and Google collect and sell huge amounts of consumer data. Indeed, that is the essence of their business models.
“… the reason consumers do not pay monthly subscription fees for Facebook and Google is because they instead ‘pay’ by giving up their personal information…. When a consumer uses a social media login to access a third-party application, he or she grants permission for all activities on that application to be shared with the respective social media platform.”
That’s how it works; but it doesn’t mean consumers are comfortable with the arrangement.
It’s against this backdrop that The Boston Consulting Group (BCG) has been surveying consumers in France, Germany, Italy, Spain, the United Kingdom and the United States on digital privacy. These “Big Data and Analytics Surveys,” conducted well before the recent revelations about Facebook’s controversial data-sharing practices, were extremely revealing.
There are two popular schools of thought about digital privacy: 1) that privacy is dead and consumers will get used to it; and 2) that it’s only old people who are worried, the kids don’t care. We found the conventional wisdom wrong on both counts: Not only are we not getting used to it, but concern is growing—and not just among the elderly and Baby Boomers: 80% of young people also are concerned.
Not surprisingly, perhaps, we found that not all data are equal; some generate more concern than others. For example, more than 80% of respondents in the five EU countries said both their general financial data and payment card data should be considered private. Seven out of ten EU respondents thought information about their children, spouses, health status and taxes also should be private. They were somewhat less sensitive about information regarding their location, the phone numbers they call, their internet use and their email—though half of all respondents did express concern about email privacy and a larger majority about their online “surfing” history.
Respondents were not only concerned about the security of specific types of data, but about the companies involved. Consumers were most concerned, we found, about online companies (including social media, search engines and online retailers), financial firms (credit card companies and banks), and government agencies: the precise entities that visibly collect consumer data and handle the type of information that can be used for profiling.
Do they trust companies to use data properly? The regrettable answer is no. Depending on the country, nearly half (48%, in Italy) to two-thirds (62%, in France) of the consumers we surveyed said they don’t believe companies are honest about how they use consumer data. Moreover, less than a fourth of our survey respondents—and far fewer in France (14%) and Germany (18%)—said they trust companies to do the right thing with data.
With all this in mind, what do consumers want?
More than 60% told us they want to have a choice to opt in or opt out of data use—and they want their consent to be required. In this regard, the GDPR is an important step in the right direction.
But addressing the issue of consent via regulation amounts to treating a symptom rather than the disease. What consumers really want most is for companies to be more open and transparent about their data use. They want to be able to trust the companies with which they interact; they want no more surprises.
Elias Baltassis leads big data and advanced analytics in The Boston Consulting Group’s Financial Institutions and Insurance practices.
ADVERTISEMENTOpinions expressed in View articles are not those of euronews.