Reimagining First-Party Data Sharing in a Privacy-First World
By 2023, approximately two thirds of the world’s population will be protected by modern privacy regulations. Businesses that do not comply with this emerging wave of privacy rules are beginning to pay the price. Over 500 organizations have already been issued more than €250M in fines for GDPR compliance. The regulations are not just in Europe. In the U.S., the newly passed California Privacy Rights Act (CPRA) will bring GDPR-like protections to 1/8th of the country’s population. More laws are on the way such as the data protection bills currently moving through the legislatures of Virginia, Florida, and Washington state.
These new regulations are driving dramatic changes in the way companies manage customer data. Marketers are shifting towards a privacy-first model, which is a significant change since data has become the lifeblood of modern marketing. Today’s algorithm-driven marketing programs depend upon data to optimize results. Strategies such as people-based marketing and omnichannel advertising are critically dependent upon demographic and behavioral data for success.
Other than the walled gardens, few brands collect enough first-party data to feed the algorithms their data science teams need for segmenting customers, optimizing promotions, and personalizing content. To feed the machine, data science teams are constantly evaluating new data sources every day. Some marketers collaborate and exchange data with other brands targeting the same consumer segments (second-parties). Others use third-party data brokers that specialize in enriching and augmenting data.
Data Privacy Brings New Hurdles for Marketers
However, concerns about privacy law violations are driving more and more brands to abstain from sharing data – especially the PII needed to uniquely match consumers across two CRM systems. Increasingly, marketing and data science organizations who rely on external data to increase new customer acquisition and drive sales are being blocked by legal organizations who want to avoid compliance penalties and the associated negative press.
At first glance, the challenges may seem insurmountable. Some have abandoned data sharing in certain regions altogether. GDPR alone has driven many third-party data brokers out of Europe. However, others are re-imagining their data operations and designing processes that not only protect consumer’s privacy rights, but also allow for the personalized, targeted campaigns marketers are seeking.
A new approach to data collaboration is long overdue. The current process that brands use to share data with second and third parties is both cumbersome and complex. It is common for a data sharing project to take anywhere from six weeks to six months and involve lots of technical and legal gymnastics. For companies in regulated industries, it can take up to a year to onboard a new data partner before data can even be evaluated. These have inefficiencies existed for decades. Ironically, the new data privacy regulations may provide just the incentive needed to force the industry to rethink how the process should work.
Shatter the Veneer of Trust to Truly Protect Data and Customers
The biggest challenge is protecting the customer data once it is shared. A lot of bad things can happen once PII is sent to a business partner. The data can be merged into an identity graph or it could be packaged up and sold to other organizations – including direct competitors.
Many companies hash or anonymize data before sharing it. However, critics argue that the hashing algorithms commonly used are easy to reverse engineer, enabling re-identification of the data.
As soon as custody of the data is lost, organizations lose visibility and control. That is why legal agreements are critical. However, getting both sides to agree on contract terms is not easy. Legal teams often spend weeks redlining documents to ensure that the appropriate data usage and privacy restrictions are in place. In some, cases the two sides are not able to reach consensus and the project gets canceled altogether.
The contract negotiations break down because neither side trusts the other. No matter how many legal clauses are inserted into the contract and how much due diligence is performed, neither side will ever be able to gain enough confidence that their customer’s personal data won’t somehow be exposed. The root of the issue is the physical movement of the data. As soon as the customer file crosses the firewall, confidence and control are lost. However, some emerging technology providers are asking the question –
What if there were a way to gain the benefits of data collaboration without losing custody of the data?
The Future of Data Sharing: Zero-Trust Technology
A new wave of technologies has emerged in recent years that enable organizations to fundamentally re-imagine the way that business partners share data. Advances in cryptographic technology now make it possible to perform analytics on customer files without ever moving the data. Matches between customer records can be performed without exposing their identity or resolving to a third-party identity graph. Insights and signals can be gained without having to send personal data outside the firewall. By not losing custody of customer identities, we can remove the need for trust completely from the data sharing process.
Legal and compliance organizations can take comfort in knowing that they never lose custody of the data. There is no risk of data leakage. There is no need to track the various copies of data that have been shared across their partner ecosystem. Marketers will be able to gain the powerful insights that come from data collaboration while maintaining trust with their most loyal customers.
The whole process could be performed in a few days instead of a few months as it requires today. Imagine if data teams could visit an online marketplace of data providers then browse the list of available attributes to find the best candidates. A quick and secure “pre-match” of the brand’s customer file could then be performed to understand the overlap in advance. With so little friction, brands would be able to easily mix and match the attributes they desire from different data sources to obtain the best possible insights into their customers.
The ability to find innovative ways to leverage data while protecting consumer privacy will be a key factor separating the winners and the losers in the market over the next five years.
Brands that can identify lawful ways to share data while maintaining consumer privacy rights will enjoy a competitive advantage over their peer group. Armed with better insights, these innovators, will be the ones that win greater market share by utilizing more personalized campaigns that yield higher conversion rates.
[To share your insights with us, please write to firstname.lastname@example.org]