Data is said to be the new oil. As a result, businesses collect data and commoditize it for various use cases. As data has begun to proliferate in abundance with the advent of the latest mobile technology, such as smartphones and tablets, businesses collect data to the tune of quintillions of bytes generated by billions of consumers worldwide. Data is always waiting to be collected, warehoused, cleansed, organized, analyzed, visualized, and used for a more refined targeting of each smartphone owner.
Some of the most successful publicly listed IT businesses have made a business model of collecting and commoditizing consumer data. In this article, we dive deep into what types of businesses collect data, why they do it, what is it used for, and how do businesses collect data. In this article we will explore the numerous data privacy regulations businesses must adhere to when collecting data and what rights and powers consumers have to protect their data.
Different types of data: How do businesses collect data?
There is a treasure trove of online data generated by consumers. As businesses collect data, they are increasingly hungry to extract as much of that consumer-generated data as possible and analyze it. As a result, companies are building sophisticated tools such as algorithms and combining that with the advent of big data and artificial intelligence to curate highly customized marketing catered to consumers’ preferences. This phenomenon led to the Harvard Business Review publishing an article calling a data scientist the “Sexiest Job of the 21st Century[MF1] .” And that was a decade ago! Today businesses collect data that fall into four main areas. These include:
Personal data – This is any information that includes data that can personally identify an individual and non-personally identifiable data. Data that can personally identify an individual can include gender, address, phone number, social security number, date of birth, etc. Data that fall into non-personally identifying data have web tracking technology that gathers internet search and browser history, IP address that identifies the consumers’ location, and information about the device, such as the type of laptop, tablet, or smartphone used.
Data on user engagement – this category of data collected is the details of how customers use and interact with a company’s various platforms, such as its website, smartphone apps, social media channels, email outreach, customer support portals, and paid advertising.
Behavioral Analytics – data collected to build a behavioral profile of consumers include how often customers shop, the purchases they’ve made, how often and in what ways they use certain products, what pages of a website they often browse, and how long they remain on that page. Detailed qualitative data is also collected that track the movement of a mouse on a laptop/desktop or the scrolling of the page and eyeball tracker on mobile webpage visits.
Attitudinal study of consumers – this data set builds a profile on consumers’ perception of a business’s brand, their favorability and overall customer satisfaction scoring, how desirably a customer views a business’s products and how the company fits into the consumers’ purchasing habits, and criterion.
Why do businesses collect data?
There are many reasons why businesses collect data of consumers. Some of these include:
Customer experience – behavioral data on the customer truly does impact business strategy. If the data suggests that certain business strategies on products or the sourcing of specific supply chains do not fit well with consumer preferences and timelines, those areas of operations and product mix are modified for a better fit for the customer.
Targeted marketing – Businesses can better target their audience based on the likes and preferences data collected on consumers. Analyzing consumer data and better understanding the contexts and consumer journeys that drive spending allow businesses to target only those customers who prefer to engage with that business.
To build a more clear profile of the customer – Some businesses already have a certain amount of data about their customers. They look to add additional layers of that data about the customer to have a more wholesome profile of the customer for a better customer experience and safety precautions. A perfect example of this may be a bank app looking to supplement biometric data about its customers to protect the customer account better so that only that person is accessing the data regardless of location or device used.
Pure profit motivation – not all data collection efforts are well-intentioned. Some data collectors are in it only for the money. A new industry known as data brokers is collecting and compiling large, vast amounts of data, often without the customers’ knowledge or consent, simply to sell it for a profit.
How is data collected by businesses?
There is a myriad of ways businesses collect data about customers. Some businesses ask their customers for the data directly. Others gather that information indirectly on consumers that may be existing or potential customers. Many companies simply append supplementary data onto their own data sets to enhance consumer profiles.
For starters, businesses build their database on customers when they signup for their services. That profile is expanded as the customer uses the company’s products, visits other products on their website, follows and comments on the company’s social media sites, and calls in or chats about any inquiries or complaints.
This data is enhanced by other information collected, such as the type of device used to access the website, and inferences are made regarding how and when the customer accesses and uses their product. Additional insight is driven by the type of conversations the customer had with the company’s various departments, such as when did the customer talk to the support team, was the customer ever routed to the sales team, or if there has ever been a request for product enhancements shared by the client.
What data privacy regulations must businesses adhere to when collecting data?
Smartphones and mobile technology are used for every day human interaction and so much more. Although regulators and lawmakers have been behind the curve in adjusting to this new reality of businesses collecting data and understanding how it is used, there is new vigor with four major privacy laws protecting consumer data.
General Data Protection Requirements (GDPR) – issued by the European Union for all businesses targeting the collection of personal data of EU citizens, the regulation sets forth specific guidelines about how data can be collected, where it is stored, and how it is used and shared. There are steep penalties for violators, as much as 4% of annual revenue.
California Consumer Privacy Act – similar to the GDPR but requires consumers to opt out of any effort to collect data by businesses.
Colorado Privacy Act – Scheduled to come into effect on July 1, 2023, CPA is very similar to the California Consumer Privacy Act in that it requires the consumer to opt out of any data collection efforts by businesses.
Virginia Consumer Data Protection Act – This is Virginia’s version of the California Consumer Privacy Act, which requires consumers to opt out of any effort to collect data by businesses. It also requires companies only to collect data needed for their business and inform the consumer of their rights around this law and the different recourse they have. The law will come into effect on January 1, 2023.
How to protect your data?
In an Ipsos poll conducted in 2022[MF2] , 70% of consumers in the US think it has become more difficult to control who has access to their data. Only a third of respondents believed that businesses collecting that data have appropriate controls in place to protect that data. According to that same poll, Ipsos presented six security safeguards around data protection and asked the respondent how many of those safeguards they had implemented. Only a sixth of those questioned had implemented those safeguards. Less than half the respondents had implemented three or fewer safeguards.
The survey found a correlation between those who had the fewest safeguards implemented and how despondent they felt about the ability of regulators and companies to protect their data. More than 70% of those surveyed wanted their online presence to remain anonymous or wanted the ability to erase whatever online data had been collected about them. Nearly 80% of those who participated in the poll wanted a permission-based system for collecting and accessing their data.
All in all, the findings of the survey point to the fact that consumers are concerned about their data being collected but don’t understand how to protect their privacy. Below are some safeguards that privacy experts advise consumers should implement to protect their data and their privacy.
- Advertising and tracking app blockers – many websites you visit have trackers that track every move made while on their website. These trackers can collect IP addresses to locate you, which device and browser you used to access the website, what pages were visited, and how long you stayed on a particular page. Some trackers even track your activity once you leave the site, tracking activity across the internet to build an entire profile of your online habits, search inquiries, and preferences. Consumers are advised to install browser extensions blocking those ads and tracking technologies.
- VPN is an encrypted virtual tunnel between the user and the internet. All data goes through this virtual tunnel, masking the user’s IP address. Using a VPN means no one can see what you are visiting online as it is encrypted, and since the IP address is masked, your location is also indecipherable.
- When the product is free – you’re the product. Social media and hundreds of apps and tools are free to use and share your data. These platforms and apps collect your data to accurately target you for advertisements or to outright sell the information such apps have collected about you. Privacy experts have recommended to avoid free apps and platforms where possible.
- You don’t always have to use your actual information. That’s not to say one should use fake information on their tax returns. Instead, you don’t need to sign up for the latest cheese or razor blade subscription with your data. Using phony information for such services can safeguard your privacy.
Conclusion
As of fiscal yearend 2021, Google had more than $257.6 billion in annual revenue[MF3] , up by more than 41% from the year before. The company’s market capitalization is over $1.2 trillion[MF4] . More than 80% of that revenue is from advertisements. Meta, the parent company of viral social media platforms such as Facebook and Instagram, had annual revenue of nearly $118 billion for yearend 2021, an increase of 37% from yearend 2020[MF5] . The current market capitalization of the company is over $300 billion[MF6] .
These companies have established trillion-dollar business empires built on collecting and harvesting consumer data and then micro-targeting marketing and advertisements on behalf of their customers. This is the birth of surveillance capitalism, with its widespread data collection and the commoditization of that data in the name of capitalism. This is due to the fact that there is a profit-making motive that arises from the advertising industry seeing endless possibilities from the use of specific personal data points generated from almost every human action possible and then gathered to target consumer behavior with immense accuracy.
Regulators and lawmakers are finally waking up to the power of big tech and looking to enact safeguards to protect consumers’ privacy and data. However, the practice that businesses collect data and the for-profit model that the practice has spawned will not go away. The process will continue to proliferate, albeit with the guardrails of regulation. These companies will continue to operate and flourish around the law with even newer and more clever ways to hook consumers to the latest technological innovation and extract even more data.
Consumers must understand and stay aware of the latest data collection practices that businesses employ and the impact their actions and the use of technology have on the data they are disclosing.
[MF1]https://hbr.org/2012/10/data-scientist-the-sexiest-job-of-the-21st-century
[MF2]https://www.ipsos.com/en-us/news-polls/data-privacy-2022
[MF3]https://www.globaldata.com/data-insights/internet-services-technology-media-and-telecom/googles-revenue/#:~:text=Google’s%20Revenue%20(2002%2D2021%2C%20%24%20billion)&text=Google%2C%20the%20search%20engine%20giant,revenues%20in%202021%20from%20advertisements.
[MF4]https://www.google.com/finance/quote/GOOGL:NASDAQ?sa=X&ved=2ahUKEwiNnIysiPL7AhUF7KQKHdhuDPIQ3ecFegQIKBAj
[MF5]https://investor.fb.com/investor-news/press-release-details/2022/Meta-Reports-Fourth-Quarter-and-Full-Year-2021-Results/default.aspx
