Data Privacy Day: Remembering Whose Data We Protect

As the world celebrated #DataPrivacyDay on January 28, I am grateful that it fell on a Sunday this year — a Sunday that fell in a January that fell in an NFL season when my team did not make the playoffs (it wasn't even close).? It gave me an opportunity to reflect on data privacy in a way that I have not done in recent years—and possibly at any time during my professional career.?

Like many in-house lawyers, I have had plenty of work to do since the European Union’s General Data Protection Regulation (GDPR) went into effect in May 2018.? Compliance with the GDPR (and similar regulations in other jurisdictions) is not a one-time, “check the box” endeavor; nor is there a single approach that works for all companies. GDPR compliance is a continuous, organization-wide effort that must be planned with due consideration for the size, industry, organizational structure, culture and other characteristics of the organization. It requires internal training and education; buy-in from multiple departments; and policies and procedures that can evolve as the organization grows. ?

My focus to date has been on the practical aspects of compliance. So when I heard about Data Privacy Day (this was the first year, admittedly), I finally had an opportunity to think about privacy on a more abstract level and even discuss it with a former colleague. I can honestly say that I emerged from the weekend with a deeper appreciation of the goals of the GDPR and of its design.[1]

But this article isn’t about one lawyer’s long and arduous journey towards a deeper appreciation of the law.? I’ll leave those stories to John Grisham. But I would like to contribute to the public discourse on privacy, and I can only write about what I know.? And I believe I can promote the goals of #DataPrivacyDay simply by talking about the company I know and work for, Treasure Data. That may seem like an awfully convenient way to tee up corporate advertising, I realize, but hear me out!

Let me start by saying that this post is not directed to Treasure Data's customers, nor to our prospective customers, nor even to our trusted business partners.? We love and treasure you all. But I imagine you know that already and don’t need to hear it from the Chief Legal Officer.[2]?

This post is directed towards a much broader group, namely those of you whose data we are entrusted with protecting, even though you may never do business directly with us. It is directed towards anyone and everyone who participates in the modern economy as an individual consumer.

That’s a pretty big group, I realize. Treasure Data handles data concerning consumers of goods and services across virtually every industry. Our customers, who trust us with their own customers’ data, are some of the largest and most recognizable global brands. With more than two billion profiles managed in our system, there is a good chance Treasure Data has processed my consumer data at some point, and yours as well.

So I want to take this opportunity to provide more information about Treasure Data – for the benefit of those to whom we do not ordinarily market or promote our services.?

Who is Treasure Data?

We are a CDP (customer data platform) provider whose services are delivered under a SaaS model. Headquartered in Silicon Valley, we have offices across Europe and Asia, and we support businesses around the world. We count many Forbes Global 2000 companies as our customers.

Why do companies engage Treasure Data?

We help our customers give you, the consumer -- i.e., our customers’ customer -- a more meaningful, custom-tailored experience when you interact with their brands in a variety of contexts.? That makes it more likely that you, the consumer, will see value in their products and services and stay loyal to their brand.

?

What service do we provide?

We help businesses stitch together and make sense of data concerning their own customers. The data that our customers upload to our platform is first-party data collected from a myriad of sources.? This helps our customers build more detailed and meaningful profiles of their own customers. That, in turn, allows our customers to have more productive interactions with their customers in a number of different areas – customer service, marketing, in-person services, technical support, etc.? When you think about all the touch points where data is routinely collected, you can understand how useful it can be for a company to weave these disparate strands together.

For example, imagine you have just purchased a new car from a local dealership.? When you get home and open your email, you see an electronic receipt and various “welcome” messages from the car maker and affiliated service providers.? Later that evening, your mobile phone alerts you that you have an incoming email.? It’s an advertisement for a slightly different car model from the maker you just purchased from. While you may understand that it is just a simple mistake made by a large business, it’s hard not to be annoyed or even a little offended. After all, you have just made a major investment in a company that does not seem to even know who you are.? Are you more or less likely to post a favorable review of your new purchase after that experience?

The technology exists to prevent these missteps, even for the largest and most complex enterprises.? This is a small example of what we help our customers do.?

?

Does Treasure Data perform marketing for its customers?

No, not directly.? We help our customers use data and insights to optimize and improve the ROI on their preferred marketing channels.? Companies that use our services are better positioned to use targeted, personalized marketing techniques and channels.? This may mean, for some companies, less reliance on the “spray and pray” email campaigns -- which rarely improve brand image.? By making greater use of first-party data sources, we also help wean companies off of third-party cookies, which are being deprecated.

?

What do you do with the consumer data you process?

The short answer is, only what our customers instruct us to do.? We do not hold onto data longer than our customers need us to.? We delete data when our customers instruct us to.? And, of course, we do not sell, trade or otherwise monetize the consumer data that we process.? That is not our business model.

?

Why should individual consumers trust you?

I would point out a few factors:

1. First and foremost, we recognize that our business will succeed or fail based on the trust we build in the marketplace – the trust of our customers, the trust of our business partners, and the trust of the public.? We have strong economic incentives to protect the consumer data we process.? And we recognize that, by virtue of the vast amounts of data that we process, we have an enormous responsibility. This is woven deep into our culture. In fact, our CEO reminds us of this responsibility at the beginning of every monthly all-hands meeting.
2. We invest heavily in Security and have a first-class in-house team led by my colleague, Aysha Khan, our CIO/CISO.? I could spend an entire article writing on this topic, but it’s easier to refer you to our Trust & Security Center, where you can find this information.
3. We were one of the first companies to get into the CDP industry; and, in contrast to other providers, CDP is all we do, and we are in it for the long haul.? It also means that we will not be tempted to utilize the data we acquire as a CDP provider in other areas of our business.
4. We are well-financed, and our focus is on sustainable, profitable growth. This means that we are careful in our hiring, we invest in training, and we are thoughtful in our development of new products and services.? For better or worse, we are not a “plug-and-play” solution and likely never will be.? Our customers are some of the largest global enterprises across a range of industries, and we devote significant resources to supporting each one.
5. We are “battle-tested” by our customers.? In my experience, most companies do not make their choice of CDP provider lightly. Before signing up for our services, customers often put us through a rigorous due diligence process, involving extensive document and information requests; meetings with subject matter experts and department heads; customer reference calls; etc. -- similar to what I am accustomed to seeing in my past life as an M&A attorney.? Admittedly, these measures make the sales cycle more difficult and time-consuming for us. But we recognize that they do it for your benefit (as the consumer), and we would not have it any other way.

I hope this has been informative, and that you will have a better understanding of our business the next time you see the “Treasure Data” name associated with a company with which you do business.?

So which NFL team do I root for?? That’s a personal question that I may not want to answer.?

Okay, it’s the Patriots.

[1] I hate to “yada yada yada” through the self-realization part of the story, but the basic epiphany I had was that, once you stipulate that data privacy is a right, the GDPR is actually a principled, logical and restrained set of regulations.?The six bases for lawful processing of personal data in Article 6 are a good example of this. Maybe the prevailing perception of the GDPR is already overwhelmingly favorable, and I am the last one to realize it?

[2] As a lawyer, I do need to clarify that the statements in this article are my own and do not necessarily reflect the views of Treasure Data.?

?

?