An "N-party" information trading primer

After my post last week on information trading, I had several discussions on this "N-party" hierarchy with folks operating at different scales in the process. While not every bit of data we would think about in data monetization (see my pitch for why I call this "information trading") involves identifiable customer data, much important data does. Having clear policies on ensuring right-to-use for specific usage of such data - along with the (auditable) tools to ensure appropriate use and handling - is key.

For those searching for an introduction on the whole "N-party" data topic, I recommend excellent post from CustomerLabs ?? 1P Data OPs (https://www.customerlabs.com/blog/what-is-first-party-data-comprehensive-guide/). Here's a quick summary as I see it:

• Zero-party data: data shared by a customer/client/audience member (user) "intentionally and proactively" (as Forrester says), usually in exchange for personalization or enhanced service(s)
• First-party data: data acquired directly by an enterprise about its users, generally in the course of normal operation
• Second-party data: first-party data shared with your enterprise by another firm, usually with some terms-of-use
• Third-party data: data aggregated from other sources, often (but not always) without users' consent
• Null-party data: I added this one to cover the (useful) cases that do not contain any user-identifiable data at all. Calling this class out is helpful to me, so we can classify and handle data with no user-identifiable component differently.

Some first-party data is anonymous (and therefore I'd call it "null-party"). Some useful data that might be offered in an information trade is aggregated or blinded without any way to identify users (same). Our focus here is on that data which has user-identifiable characteristics, since this is where much focus is required to ensure not only accuracy but also appropriate handling and terms-of-use.

I wasn't sure about the origin of the term "zero-party data" so I did a bit of research. Several sources I found credit Forrester with coining the term. Here's a July 2020 post (https://www.forrester.com/blogs/straight-from-the-source-collecting-zero-party-data-from-customers/) from Forrester analyst Stephanie Liu discussing the topic as an early example. Whatever the source and origin date for the term, the distinction between zero-party and first-party to me comes down to whether the information was collected a) in the normal course of operating a service or delivering content (first-party data) or b) was additional data offered proactively by someone for purposes of personalization or enhanced service (zero-party data).

A lot of the discussion about (zero and) first-party data today arises in the context of third-party ad tracking cookies disappearing. As retailers or audience builders, we may want to get information about prospective customers directly (akin to purchasing mailing or subscriber lists used originally in direct mail campaigns) or indirectly (confirming information about how different groups, segments, or customers in a geography browse and purchase). With the phaseout of third-party cookies, we now see more interest in "trading information about preferences and interests". Is this kind of data zero-party or first-party? Only expert analysis and review by qualified counsel can tell us for sure. We need to form some operational definitions that pass muster so we can be sure of what we have the right to do with each class of data.

For those building an information trading strategy or expanding an existing offering, the providers of information in the trade will be creating second-party data. Making this trade requires that the "seller" (the prospective provider) has the right (consent) to offer the data. Making this trade useful also requires that the "buyer" (the prospective recipient) will a) have the rights to use the data for planned purpose and b) find it useful. Both parties need reasonable assurances on these points in order to build a successful relationship. Here are some questions to consider:

For providers of information in a trade:

1. does your subscription agreement or other terms-of-service grant you the right to use any data collected from a subscriber or visitor? Or, only data necessary to conduct your service? Or, none at all?
2. do you have opt-in / opt-out (as appropriate for your jurisdiction and situation) for personal data? how about the means to implement the user choice and to prove you respected that choice if needed?
3. how will you make a distinction (if at all) between first-party data (probably general information on visits, purchases, searches) and zero-party data (stated preferences, interests, optional customizations made on your site)? Put a different way, can you clearly associate specific terms-of-use with the different data collected from users who interact with your enterprise? It may be that optional data is subject to different terms in your various agreements.

For receivers of information in a trade:

1. are your partners providing you second-party data ("we collected it") or third-party data ("we gathered it from other sources")?
2. are you "blending" this information with your own information on the same users? If so, have you worked with your counsel to ensure you are operating within boundaries of other agreements you may have in place?
3. do your terms-of-use allow you to use the information obtained in a trade directly? what if you use the data for cleansing or enrichment of your own user data? Does that place any additional restrictions on what you can do with your (improved) data? Could you still trade it with prospective buyers?
4. how will you assess the quality, scope and accuracy of the data vs. the specification and agreement?
5. would your planned use of such data be compliant with your policies and compatible with the culture and values of your firm?

The commercial scale at which the traders operate obviously has a big impact on how to handle due diligence here. While these types of agreements are not necessarily more complex than agreements for software licensing or product purchasing, it may be harder to document and substantiate compliance initially for organizations just getting started with information trading at scale. It is probably a good idea to build some policies! As with all things relating to user data, data obtained from others, or IP matters generally, ensure you involve your executives and counsel appropriately to understand the ways you can engage in a compliant manner.

With the discussion around acquiring first-party or zero-party data, it is worth noting that many valuable information trades do not involve identifiable user data (the "null-party" case I identified above). A highly transactional firm may have valuable insights arising from commerce data that contains only "null-party" data. Or, an organization might take steps to blind such data so it is not possible to trace back to any individual. While these data would not suffice for direct prospect messaging, account-based marketing or other 1:1 outreach activities, they might be more than enough to drive segmentation-based promotional optimization or to improve general market intelligence. I have worked with and seen many cases in retail where extremely valuable data did not have any user-identifiable components. We would recommend looking at the use cases closely to see if trades involving this "null-party" data could be subject to different (simpler) terms. In the end, only your firm's leadership and counsel can make that decision.

Finally, I'd respectfully suggest that those involved in information trades look closely at their own systems and processes. Are we certain we have our users' consent (and up to date)? Are we sure our systems act appropriately if a user opts out? Can we meet our obligations and commitments where a user asks to be removed? Having the right policies isn't enough - the systems have to do what we think they do. If you aren't sure, enlist some help in an internal audit!

The end of third-party cookies is driving some necessary changes in how many plan outreach to prospective customers or audience members. As with all large shifts, however, new opportunities emerge along with the challenges. If we are careful about handling and usage of the data we acquire and manage, we will gather data that is often of higher quality data and with stronger clarity on usability, enabling us to provide more relevant and engaging services to our users.