Yesterday morning, many of us in the United States awoke to some troubling news: the European Court of Justice (ECJ) had ruled that the Safe Harbor agreement is no longer valid. Security & risk (S&R) and data management folks kicked into high gear. Customer insights and digital marketing teams...? Well, the news slipped past mostly unnoticed. That's a mistake.
Let's start with a primer on Safe Harbor. If you're a multinational company doing business in Europe, Safe Harbor is the agreement under which you've been allowed to bring European customers' data back into your servers in the US for purposes of targeting, analytics, campaign management, etc. If you work with a US-based database MSP, digital or CRM agency to manage customer data, they've likely been relying on the same agreement. It's a nearly 20-year old agreement that was put in place to bridge the gap between Europe's strict data protection laws and America's relative dearth of them.
Now, that agreement has been deemed invalid, which means that every company serving European customers needs to reexamine its data practices. Of course, this is primarily the purview of our technology management peers. But customer insights professionals need to partner closely with them on two fronts:
Speak up about your third-party data sharing practices. This includes sharing between business partners (for example, passing customer data to a firm that administers your loyalty program or manages warranties), sharing CRM data with digital marketing vendors, and even using third-party tracker on your website that collect IP addresses. Any third party data sharing could come under scrutiny from the European Data Protection Authority, so you'll want to have a consent-based model for collecting and sharing that data soon.
Upcoming changes to privacy regulation in the EU as well as rising business awareness that effective data privacy means competitive differentiation in the market makes privacy a business priority today. And this is not only relevant for tech giants: protecting both customer and employee privacy is a business priority for companies of all sizes and across industries.
But where do you start? Many companies start by hiring a chief privacy officer. Some have built brand-new privacy teams that manage privacy for the whole firm, while others prefer a decentralized model where responsibilities are shared across teams. What are the pros and cons of each approach? Which organizational structure would better meet the needs of your firm?
And when your privacy organization is in place, how do you establish smooth collaboration with other teams like marketing and digital, for example? Too often we hear that privacy teams do not have the visibility that they need into the data-driven initiatives happening within the company. When this happens, privacy organizations are less effective and the business risks failing its customers, undermining their expectation for privacy.
During the session, we recapped the highlights—and lowlights—of privacy in 2014, discussed some of the major trends and issues in the space, and made some predictions for 2015 and beyond.
What stood out for me, as a customer insights (CI) professional, is how critical our teams are to the work of privacy and how much we must guide the process of contextual privacy. There is a lot of work to be done to build stronger organization-wide consensus around better privacy. Like they were the nexus point between business technology and marketing teams, CI pros are now the nexus between security, legal, and marketing teams.
I’ve linked the full session below. Please enjoy, and please consider getting involved in Data Privacy Day 2016 - the effort could use more marketers and business leaders.
Notes from the TechAmerica Europe seminar in Brussels, March 27, 2013
This may not be the most timely event write-up ever produced, but in light of all the discussions I’ve had on the same themes during the past few weeks, I thought I’d share my notes anyway.
The purpose of the event was to peel away some of the hype layers around the “big data” discussion, and — from a European perspective — take a look at the opportunities as well as challenges brought by the increasing amounts of data that is available, and the technologies that enable its exploitation. As was to be expected, an ever-present subtext was the potential of having laws and regulations put in place which — while well-intentioned — can ultimately stifle innovation and even act against consumer interests. And speaking of innovation: Another theme running through several of the discussions was the seeming lack of technology-driven innovation in Europe, in particular when considered in the context of an economic environment in dire need of every stimulus it can get.
The scene was set by John Boswell, senior VP, chief legal officer, and corporate secretary at SAS, who provided a neat summary of the technology developments (cheap storage, unprecedented access to compute power, pervasive connectivity) giving rise to countless opportunities related to the availability, sharing and exploitation of ever-increasing amounts of data. He also outlined the threats posed to companies, governments, and individuals by those who with more sinister intent when it comes to data exploitation, be it for ideological, financial, or political reasons. Clearly, those threats require mitigation, but John also made the point that “regulatory overlays” can also hinder progress, through limiting or even preventing altogether the free flow of data.
Recently I attended one of the day-long events in Munich that Google offers as part of its atmosphere on tour road show that visits 24 cities globally in 2012. The event series is aimed at enterprise customers and aims to get them interested in Google’s enterprise solutions, including Google Apps, search, analytics and mapping services, as well as the Chrome Book and Chrome Box devices.
Google Enterprise as a division has been around for some time, but it is only fairly recently that Google started to push the enterprise solutions more actively into the market through marketing initiatives. The cloud-delivery model clearly plays a central role for Google’s enterprise pitch (my colleague Stefan Ried also held a presentation on the potential of cloud computing at the event).
Still, the event itself was a touch light on details and remained pretty high level throughout. Whilst nobody expects Google to communicate a detailed five-year plan, it would have been useful to get more insights into Google’s vision for the enterprise and how it intends to cater to these needs. Thankfully, prior to the official event, Google shared some valuable details of this vision with us. The four main themes that stuck out for us are: