Is Facebook Listening? (And So What If They Are.)

From time to time, an anecdote comes across our desks that, as researchers, we find hard to leave alone. A few months ago, one of these opportunities appeared, and we thought it might be interesting to lift the hood, and show you how we dig into tough research hypotheses and decide if and when to write about them. Here's what happened.

******************

Over a period of a few days this winter, we heard from one colleague, then another – 20 in all -- that conversations they'd had IRL ("in real life") seemingly resulted in ads and sponsored posts in Facebook. Given the state of "surveillance marketing," we weren't that surprised, until we read Facebook's T&Cs. There, the company explicitly stated that it wouldn't use data collected from a user's microphone for ad targeting. That's when we got curious.

First, we looked to the obvious: had our colleagues searched for the advertised item after having had the conversation? Had they checked into the same place as their friend, at the same time? Were they on the same network -- and thus sharing an IP address -- as someone who'd searched for the product or service? We rounded up the answers to these questions, and determined that "interest-by-proxy" was an unlikely cause.

Read more

It's Here! Forrester's Consumer Privacy Segmentation

For over a year now, I and several colleagues on our Technographics and Data teams have been working on a completely new way to understand consumers' complex feelings about privacy and personal data. The effort was inspired by Forrester's brand mission to challenge thinking, and lead change. We've been researching consumer privacy for a while now, but we wanted to bring it to life, and to provide our clients a way to assess their own customers' privacy sensitivities in order to best understand how to apply the frameworks we've developed over time.

Dozens of hours of survey design and data analysis later, I'm incredibly proud to introduce Forrester's Consumer Privacy Segmentation. We've defined four distinct segments of consumers, based on their attitudes and behaviors surrounding personal data collection and use:

Gina Fleming, my co-author and our Manager of Data Science, will soon write a post about the tremendous work she and her team did to develop this segmentation, but for now, I thought I'd share a few of my own big "a-has!" from the study.

  • Privacy isn't binary, no matter how much pundits try to convince you it is. Individuals have a nuanced sense of privacy, and the degrees to which it matters in certain circumstances. Our willingness to share data with others -- from people to government to businesses -- isn't static, and our motivations to share information vary widely. That said...
Read more

The FCC Ruling And Why It Foreshadows Big Changes In Privacy

Like other privacy nerds all over the land, I’ve been anxiously awaiting the results of the Federal Communications Commission’s vote on some stringent new privacy rules for internet service providers (ISPs). Last week, we got news that the vote passed, and now it’s time to start taking stock of what this means for digital advertisers, publishers, and the US privacy landscape overall. Here’s what you need to know:

  • The opt-in requirement represents a sea change in US privacy management. Until now, the US approach to data collection has largely been opt-OUT oriented. The FCC ruling changes that. The commission is requiring broadband internet access service (BIAS) providers – that is, mobile carriers and ISPs – to gain explicit opt-IN before making their personal data available for ad targeting. It’s important to note that de-identified data and “non-sensitive” data don’t fall under the opt-in requirement. These data can continue to be shared as it is today, and can be used for the providers own business and marketing purposes without the consent requirement.
  • Speaking of “sensitive” data… there’s a lot more of it to consider now. Historically, sensitive personal data has been limited to financial data, health data, data about minors, and a few other categories. The new rules broaden the definition significantly to include data that’s become the lifeblood of online advertising:
    • Precise geolocation
    • Web browsing history
    • App usage history
    • The content of the communication
Read more

Apple Does The Right Thing To Defend Customer Privacy

By now, most of you have read about Apple's powerful public statement of refusal to comply with a court order compelling the firm to help the FBI gain access to the data stored in the San Bernardino shooter’s iPhone 5. Specifically, the FBI requires Apple’s help disabling the device’s data auto-erase function after 10 incorrect password attempts, and Apple is refusing to modify the software to enable this.

Over the past three years, Apple has hitched its brand wagon to privacy, because the firm believes that a) customers care enough about privacy to vote with their dollars and b) as the steward of people’s most personal, sensitive data, Apple has an obligation to serve their best interests. While this isn’t the first time that Apple has found itself targeted by regulators over privacy, this is the firm’s staunchest defense yet against government intrusion. Forrester believes that, with this move:

  • Apple is putting its money where its mouth is. Until recently, there has been plenty of debate about whether Apple has simply been paying lip service to privacy. But this move — along with its recent shuttering of the iAds business — proves that Apple is making serious product and business model changes in support of user privacy. Tim Cook is holding fast on the line he drew in the sand last year at the EPIC’s (Electronic Privacy Information Center’s) Champions of Freedom event in Washington, DC, where he said:
Read more

Understanding "Creepiness"

We've all felt it: a weird sense that information about you has been used in a way that just doesn't feel right.

Maybe you received a kids apparel catalog at your decidedly DINK home. Or maybe you saw an online ad at home for a product you'd been looking at from your work computer earlier that day. Or, perhaps your mobile device pinged when you walked into a store to tell you about specials for that store - even though your location settings were turned off.

Many of us in the privacy world have a strong dislike of the word "creepy" because it can't be quantified. And, practically-speaking, it's rather useless because what's "creepy" to one person might well be "useful" to another.

I'm working on research to quantify what we mean when we say something is "creepy," and to categorize the types of incidents that cause people to feel it. That means I need examples - lots of them. And I need your help.

If you've had a creepy marketing, advertising, or customer service experience, won't you please take a moment to tell us about it?

We've set up a short 8-question survey that you can complete anonymously, if you prefer. Your contribution will help us understand how we experience creepiness, and help us educate companies about how not to be creepy!

Consumer Privacy Attitudes: A 2015 Update

Back in 2013, my colleague Anjali Lai and I wondered how the "summer of Snowden" was affecting consumer attitudes about privacy. So, we fielded a survey and ran some qualitative analysis in our ConsumerVoices Market Research Online Community. A year later, we used that historical data, combined with Consumer Technographics and social listening data to see how perception and behavior were changing. It was a fascinating study

Fast forward another year: it's now pre-pre-primary season in the US, and candidates are talking about privacy and personal data protection. There have been three more major data breaches affecting millions of Americans. The adblocking debate is at fever pitch, while Internet giants make privacy a point of differentiation. Obviously, we decide to run our study a third time. And this time, we incorporate (opted-in, permission-based) data from our Consumer Technographics Behavioral Study.

Our findings? Consumers are more willing than ever to 1) walk away from your business if you fail to protect their data and privacy; 2) adopt technologies like tracker-blockers and VPNs to limit their exposure to data misuse; and 3) extend their protective actions to the physical realm. 

And the real kicker is that, if you're one of the marketers who's been counting on Millennials who "don't care" about their online privacy, you're going to be waiting a long time.

Read more

Get Your Privacy House In Order, or 2016 Will Hit Your Business Hard

Now that we’re firmly settled in the Age of the Customer, it’s time to take stock of the factors that are really going to drive business success -- or failure -- over the next few years. At Forrester, we’re betting our hats that privacy will be one a big one. In fact, we think that privacy is integral to each one of the 10 success factors in 2016.

Read more

Privacy & Personalization: two globally important initiatives, one tremendous opportunity

I'm just back from two weeks in Hong Kong, where I'd been invited to give a keynote at the 10th anniversary conference of the Business Information Industry Association. Since I was there, I took the time to meet with some fantastic Forrester clients in industries ranging from travel to insurance to retail to consulting. In nearly every discussion, whether I was speaking to a BT or a marketing exec, we eventually got to the topic of the "privacy-personalization paradox."

This is an issue I've explored extensively, and have written about before. It's a challenge that marketers in the US dabble with when they're considering investments in tools like retail beacons and cross-device identity resolution. But it was enlightening to hear about the challenges that firms in APAC face: antiquated privacy laws, a dearth of third-party consumer data, and even the incredible difficulty of compiling a single customer view across their own first party data. Interestingly, though, the solution in both markets is similar: preference management

I've just published a report about enterprise preference management, which Forrester defines as:

The business practice of systematically collecting, managing, and utilizing explicit customer preferences — about frequency, channel, content, interests, and intent — in outbound communications.

Read more

Safe Harbor is dead. What does that mean for your customer insights & analytics practices?

Yesterday morning, many of us in the United States awoke to some troubling news: the European Court of Justice (ECJ) had ruled that the Safe Harbor agreement is no longer valid.  Security & risk (S&R) and data management folks kicked into high gear. Customer insights and digital marketing teams...? Well, the news slipped past mostly unnoticed. That's a mistake. 

Let's start with a primer on Safe Harbor. If you're a multinational company doing business in Europe, Safe Harbor is the agreement under which you've been allowed to bring European customers' data back into your servers in the US for purposes of targeting, analytics, campaign management, etc. If you work with a US-based database MSP, digital or CRM agency to manage customer data, they've likely been relying on the same agreement. It's a nearly 20-year old agreement that was put in place to bridge the gap between Europe's strict data protection laws and America's relative dearth of them. 

Now, that agreement has been deemed invalid, which means that every company serving European customers needs to reexamine its data practices. Of course, this is primarily the purview of our technology management peers. But customer insights professionals need to partner closely with them on two fronts:

  • Speak up about your third-party data sharing practices. This includes sharing between business partners (for example, passing customer data to a firm that administers your loyalty program or manages warranties), sharing CRM data with digital marketing vendors, and even using third-party tracker on your website that collect IP addresses. Any third party data sharing could come under scrutiny from the European Data Protection Authority, so you'll want to have a consent-based model for collecting and sharing that data soon.
Read more

Is Your Privacy Organization Future-Proof?

Unless you're in a regulated industry, or headquartered in the European Union, chances are that your privacy organization has been limited to one or two lawyers, and maybe a data security expert. This small group has probably been tasked with making sure the firm is in compliance with local laws, and with writing and managing onerous and impenetrable consumer-facing privacy policies. In other words, these teams have worked to keep the company out of legal trouble.

But data privacy, collection, and use practices are becoming more visible, to regulators, to media and ultimately to individuals. And as a result, firms need a different kind of privacy organization to meet the need for transparency head-on. 

So tell us, has your privacy organization changed in the past few years? Are you staffing it with new skillsets? Creating more dotted lines to teams like marketing, product development, etc? Changing from a compliance-focused organization to one poised to capitalize on privacy as a market differentiator?

If so, my colleagues, Heidi Shey, Enza Iannopollo and I would love to hear from you for current research we're working on. Reply here, or email fkhatibloo@forrester.com, and THANKS!

Categories: