Your privacy systems could be just a Hollywood fa?ade – and you may not even know it
Jon Suarez-Davis (jsd)
Chief Commercial Officer, super{set} | Digital Transformation Leader | Board Member | Investor | Advisor | Ex: Salesforce, Krux, Kellogg's
Permission means nothing if it isn’t anchored?in meaningful consumer choice and control
In the new data economy, permission will be ubiquitous. Consumers expect agency over how their data is used, and regulators — from Europe to California and beyond —?are determined to give it to them. To enable data-driven innovation and growth, organizations will need to secure clear permission from data subjects, and dependably reflect those signals across the entirety of their operations.
Unfortunately, that remains challenging for most organizations. Many consent tools lack effective orchestration to enforce consumer decisions as they flow down through data ecosystems. Others fail to deliver a transparent user experience that truly puts consumers in control. The result: a Hollywood facade of privacy, with the performative collection of consent but not the transparency and control needed to truly put consumers in charge.?
Systems that depend on this type of consent theater are all surface and no substance: they provide the appearance of control, but no meaningful agency. This is an emerging problem that brands can’t afford to ignore. To prepare for a world of fully permissioned data, we need to do the work now to build better models of collecting and managing consent — and to put real consumer control at the heart of the new data economy.
The Hollywood facade disempowers consumers
There are two main aspects to the Hollywood facade of privacy. The first is the illusion that consent signals are being respected: organizations collect consent, but fail to enforce it. Superficially, it looks like data subjects are in control —?but behind the curtain, there’s no orchestration of consent signals across the organization or broader data ecosystem.?
This approach is especially dangerous because it can fool organizations into believing they’ve done what’s needed, when in fact they’ve only created the illusion of compliance. In an era of muscular enforcement and consumer awareness of privacy, misplaced complacency creates significant risk for brands.?
Businesses should empower consumers to make meaningful privacy choices, and respect those choices downstream. This starts with transparency. As I’ve written elsewhere , transparency puts the “informed” into informed consent; with it, consumers literally don’t know what they’re agreeing to.?
And more information isn’t always better. We’ve all clicked through to a website and been interrupted by pop-up banners and screenfuls of legalistic smallprint. Instead of making an informed decision, the consumer is reduced to clicking at annoying banners to make them go away.??
Regulators are paying attention to practices designed to manipulate consent: the EU’s Cookie Banner Taskforce , for instance, has warned against using contrasting colors and pre-checked selection boxes to nudge users into “agreeing” to share data. TikTok, meanwhile, was recently fined for offering users a single button to accept cookies, but requiring multiple clicks to reject them.?
Dark patterns of this sort leave consumers feeling short-changed and mistrustful. Small wonder that regulators are treating brands like children, and mandating the precise language required for notifications and consent requests —?or calling for new models encompassing automation and global privacy controls. In a regulator’s mind, perhaps brands have shown they can’t be trusted to get this right; clearly, we need to do something differently, and it’s the perfect opportunity for marketers to step into the conversation.
领英推荐
What does real control look like?
So how can brands avoid the Hollywood facade, and deliver meaningful transparency and control for their users?
Clearly, organizations need robust orchestration to reflect consent signals across their data systems. Automated discovery, to surface sensitive data and map new regulations and consumer decisions onto existing datasets, is also essential. Finally, brands need to proactively manage complex issues such as third-party data processing and deletion.
But consumer control also requires an empowering user experience. Going through the motions with legalistic notifications that badger users to click away their rights isn’t good enough. Brands need informative but intuitive systems that combine clarity and convenience, making it effortless for consumers to grant, review, revoke, or expand consent as they engage with your product.?
Achieving that will require new technologies, including smart permission centers, easy-to-access consent interfaces, and automated discovery tools. We’ll also see brands using permission vaults to proactively respect users’ wishes without bombarding them with permission requests.
A new model for consumer control
Consumers have seen behind the facade: they know what their data is worth, and aren’t willing to surrender it to companies that try to fool them. Part of what they find frustrating, though, is that they want to be able to trust brands, and to share data without feeling like they’re being bamboozled.?
Brands that get this right have the chance to fire up a flywheel of positive reinforcement. The more consumers trust you, the more data they’ll share?— and the more you handle their data responsibly as part of an empowering and convenient exchange of value, the more trust you’ll earn.?
To satisfy consumers and regulators, brands need to step up and reimagine the way they collect and orchestrate consent. New technologies offer an opportunity to fuse meaningful transparency with real consumer control, ensuring data processes align with what customers really want. That’s the way to win trust —?and unlock enduring success in the modern data economy.
Well said JSD. You nailed many of them, I would add my current favorite (or least favorite I should say) is lack of simple and findable opt outs. It’s actually ludicrous that we don’t have a national “do not target” list similar to Do Not Call but that actually works - but on a domain level it’s unforgivable. On the last Neutronian Data Privacy Scores we discovered a well known people search engine with an opt out that was cancelled by a deletion request that was canceled by a suppression request, all of which could be altered at any time by the provider and didn’t apply to any of their subsidiaries or partners. Yay Digital Hollywood!
Nice article JSD. I might be going off track here but I think it is interesting that in Europe the regulators are clearly stating that it is not possible to give meaningful consent to all (approx 700?) the vendors on the IAB EU TCF GVL. We will see TCF v2.2 ensuring that the number of vendors a website is working with being declared stated in the first CMP layer. Readers may trust the website, but there will be a natural level of suspicion when they can clearly see they are sharing their data with hundreds of unknown vendors. Publishers who don't lean into the better curation of their vendors are missing a trick. Since the beginning of the RTB, we have seen a race to the bottom, where more partners = more demand = more revenue. But with better curated vendor selection, can lead to better relationships, deals, transparency/trust, control, innovative data use and increased revenue. It will be interesting where the sweet spot of number of vendors will be 12 months time.
Chief Executive Officer
1 年Chris Arrendale
Customer Success Leader
1 年#2 is a very hard problem to solve. Any business possibly uses 10s to 100s of systems and honouring consumer choices in all systems requires a big engineering effort. Good news is that the privacy vendors like Ketch are taking on the heavy lifting and making it easier for businesses to be compliant.