I spent a jam-packed day with security software and services provider AVG last week, checking out their 2013 product line-up for free antivirus and paid premium products, and participating in roundtable discussions with press, analysts, and AVG executives about consumer security, mobile, privacy and policy. Here are my reactions to what AVG is doing:
LIKE: Consumer data (yes, I’m biased here, being the data nerd). AVG has lots of it and it’s all free. This is awesome because it’s a great resource not just for the industry but for other parties to use in education and awareness program design. They’ve done studies across 11 countries for their Digital Diaries studies, surveying parents and kids of different age brackets from 0 to 17 to understand online behaviors and attitudes. Here’s a data nugget that caught my attention: by the time they are two years old, 81% of children have some kind of digital footprint (online photographs, personal data, email and/or social networking accounts). 81%!
Eighteen months ago, when I started down the path of what would become our body of Personal Identity Management (PIDM) research, there were only a few customer intelligence professionals who gave much credence to the picture we were painting. What a difference a year makes. Today, privacy, data governance, consumer empowerment, and understanding "the creepy factor" are core to the conversations I have with CI pros in both marketer and vendor organizations.
At the center of those conversations is often the question, "Who are the players in tomorrow's consumer data ecosystem?" We've just published a report, Making Sense of a Fractured Consumer Data Ecosystem, that reviews the strengths and weaknesses of four existing vendor categories plus three emergent business models. These include:
Consumer data giants: Companies, like Acxiom, Epsilon, Experian, and Infogroup, that have an opportunity to become consumer-friendly data managers but are at greatest regulatory risk
Reputation management providers: Companies, like Intelius and Reputation.com, that could help consumers manage data access but need to focus on their B2C business models to do so
Online services giants: Companies, like Google, MSN, and Yahoo, that already have access to highly personal data but serve too many masters
Yesterday, the White House released a long-awaited set of recommendations that are focused on helping individuals take greater control of how their data is collected and used for online marketing purposes. It includes what's being referred to as a "Consumer Privacy Bill of Rights."
The language is vague. The timeline to completion is long. The guidelines, for now, are "opt-in" for organizations. All true.
But folks? The glory days of scraping and selling and repurposing customer data are over. The Oval Office has spoken on the issue of privacy and personal data, and its bill of rights is crystal clear: Tell me what you’re collecting, how you’re using it, protect it well, give me a copy, and give me a chance to correct it, delete it, or opt out entirely.
Google has handled its privacy debate by being disarmingly clear with a little note left on the fridge the other week.
We’re tidying up and love data too much to not want to connect it better.
Like it or lump it.
It’s their right - they are after all a private company and not the public service we somehow feel them to be. Google wants to “create a beautifully simple, intuitive user experience” and its data consolidation is what will help it do this. Facebook makes one product called Facebook while Google up until now has chosen to run many nom de plumes, betas, and side initiatives. I’d like to see a more capable ‘joined up’ Google sparring with Apple and Facebook on who can do the coolest and most useful things for people using data. In truth, the Google engineering team must be relieved to ditch the sticking plasters and chewing gum connecting the hitherto disparate data sets they manage.
Now, as a customer intelligence analyst, I preach a “consolidated view of the customer” to clients nearly every day. I advise retailers, CPGs, and others that creating an optimal experience for customers is nearly impossible without having a clear understanding of their needs and preferences, across all channels and lines of business. But what Google’s doing extends well past traditional “single view” and into “personal data locker” territory.
On the face of it, Google claims that it’s making these changes for the same reason: to improve the user experience. But to remain profitable and keep providing free services to several hundred million users, Google will also use its vastly increased insight about users to sell better targeted (read: more expensive) ads to advertisers.
Over the weekend, one of the most reputable online retailers in the US, Zappos, broke the news that its database was hacked and that the information for about 24 million user accounts was breached.
How do stories like this affect consumers’ attitude toward online privacy? In our August 2011 Community Speaks Qualitative Insights report, “Consumer And Online Privacy: How Much Information Is Too Much?” (available for Community Speaks subscribers only), we found that online privacy is one of the most concerning topics in online users’ minds. Two-thirds of US online consumers report being very concerned about the recording and collection of their personal details by websites.
Most marketers and customer intelligence (CI) pros tend to lump together most types of customer data. Sure, things like passwords and social security numbers are considered more "sensitive," but for the most part, the systems that protect all the data -- and the privacy policies that communicate their capture and governance -- are largely the same.
Individuals see different types of data differently -- they're most worried about what we consider individual identity data, and far less concerned about the capture and use of their behavioral data.
Most consumers are willing to share their data in exchange for value. But, what they consider "valuable" is very age-dependent -- in other words, the same consumer isn't equally motivated by discounts and cash rewards.
The ad network ecosystem will ultimately be forced the pull back the curtain of Oz to reveal to customers the machines and levers behind targeting technology. As illustrated in my paper, the predominant approaches are full targeting vesus opt out, but this is not enough choice. Segmentation strategies and targeting techniques used by ad tools are hidden within engines and will need to be surfaced to customers so that they may verify, modify, and importantly play with them.
This isn’t easy, however, as the mathematical vernacular of targeting technology with confusing terms such as graphs, nodes, and vectors are unintelligible to most. Metaphors will be needed to distill the complexity for customers. One of the approaches to take will be similar to how optometrists work by showing the customer different "lenses" (perceptions) held about them and subsequently allowing them to choose. These "lenses" may not just be rich segmentation concepts but will include social and individual assumptions too.
Where does this transparency and explanation rationale take us?
Carrier IQ software, which consists of embedded software on mobile devices and server-side analytics applications, enables mobile operators and device OEMs to understand in detail a wide range of performance and usage characteristics of mobile services and devices. These include both network-facing services such as core voice and data offerings, as well as non-network-facing capabilities such as music players, cameras and other side loaded media, in order to assist with product and service development and roll-out [emphasis added].
Customer Intelligence is not a spying operation. The promise of CI is not reductively commercial. Instead, proper CI practices help businesses – with their customers' consent – to understand the preferences and needs of their customers. Firms also use CI processes and technologies to determine and enforce an optimal and respectful relationship with customers.
What lessons does the Carrier IQ incident highlight?
CI pros have an ethical responsibility to customers.CI pros are customer advocates after all. They cannot truly represent customers unless they also help their employers understand appropriate boundaries for data capture. Helping customers also helps businesses, protecting firms from the risk of public outrage and litigation. CI pros: Help your employers understand when data capture goes too far.
It has been a few years since Forrester delved deeply into the issues surrounding consumer privacy, and in that time, an awful lot has changed:
Facebook Connect, Google ID, Yahoo Identity, and Sign In With Twitter have emerged as a wholenew way of being recognized across a myriad of websites across the Net. As little as a decade ago, most adults online couldn’t have imagined the convenience of single sign-on.
At the same time, data capture methods have not only proliferated, they’ve become exceptionally sophisticated. Tactics like Flash-based cookies and deep packet sniffing surreptitiously collect behavioral data about online consumers, while loyalty and membership cards provide more insight into consumers’ purchasing habits at the line item level than ever before.
All that extra data is hard to protect without big changes to governance policies and technology stacks, and when data breaches happen, they're public and ugly.
Finally, legislators have forged ahead with regulations to protect consumer data. Europe's answer is the Data Protection Directive – a regulatory framework that governs the capture, management and use of consumer data, while in the US, congressional leaders, egged on by consumer advocacy groups, are introducing bills designed to limit data capture and to provide remediation in cases of data and security breach.