Embracing GDPR to Build Consumer Trust
Lessons from today’s data turmoil
It’s all about trust and transparency. In the wake of the Cambridge Analytica scandal, large tech companies lost billions in market value. The reputation of their leadership teams still suffers significant blows as many broke the trust they had established with their users. This hard earned trust may take months if not years to rebuild which may be the biggest concern for the industry and regulators. Most of the tech giants are data companies so trust matters. Trust is the currency underpinning the data exchange entire businesses are built on. Tech companies provide digital utilities that are valued so much people spend large swathes of their digital lives on them. In exchange these people hand over their data so it can be monetized through advertisers. Users are prepared to do this because they trusted the tech giants. If this trust breaks down, so does the entire business.
This is true for any company for which data is crucial to their business model. If you think of it, this applies to pretty much every company the digital age. It’s hard to think of a business for which data will not be at the core of the value they create for their customers. For some companies data has become the sole business model. So as data is becoming increasingly ubiquitous, any company that doesn’t take consumer trust seriously, especially as it relates to data privacy and transparency, could be in a painful predicament soon. A perhaps even bigger risk though is that they will miss out on the promise of data in the connected world.
How data improves people’s lives
The opportunities for businesses to use data to build experiences, products and services for their customers extend far beyond the big tech advertising-based model. Data genuinely help people live safer, healthier and more convenient lives. Here are some real life examples of projects Sentiance works on with their clients.
- Detecting cardiac arrhythmia triggers
Understanding the lifestyle and routines of heart arrhythmia patients helps to identify the moments in their day that may precede irregular heart rhythm measurements. This helps physicians understand potential triggers of cardiac arrhythmia and is used to coach patients to prevent arrhythmia from happening in the future.
- Improving medication adherence
The lack of medication adherence has dramatic effects on health. In the United States, it is estimated to cause approximately 125 000 deaths, at least 10% of hospitalizations, and an incremental annual cost to the U.S. health care system between $100 billion and $289 billion. Adherence apps help patients manage the medication they need to take by setting alarms to remind them to do so. Understanding the context of patients can help detect whether they are unable to take their medication at the time their app reminds them (they may be stuck in traffic for example). This allows the app to send an extra reminder when it is more convenient for them.
- Coaching pre-diabetes patients:
Mobile and wearable sensor data can help us identify patients’ eating habits, lifestyle and general routines. This is used to help pre-diabetes patients eat healthier by providing them with personalized nutrition and coaching plans.
- Preventing car accidents
The movement of a driver’s mobile phone reveals how they drive. This helps detect unsafe drivers who speed, drive too aggressively or use their phone while driving. They can be coached and incentivized to change their driving style. This can substantially reduce accidents and ultimately saves lives.
- Understanding gait
The sensors in the mobile phone can detect whether a patient has an abnormal gait caused by a potential knee, hip or back problem. These detections also help determine if a patient is on track during the recovery process post-surgery.
In all these use cases real value is created for end users. The possibilities for data to improve people’s lives seem limitless, especially when the user provides explicit and unambiguous consent to use their personal data (which is the case in all these examples). This is crucial. Data driven value creation will only be possible if the relationship between consumers and all parties involved in the collection and processing of their personal data is based on transparency and trust.
Without transparency and trust, we’ll soon find ourselves in the world of dark data. For all the positive opportunities data can provide, without appropriate safeguards, the rights and freedoms of the consumer can be at risk.
Processing personal data, and automated profiling in particular, can harm consumers if it is done in the shadows, without complete transparency about what data is captured, how it is analyzed and for what purpose it is used. The resulting profiles can be based on insufficient, inaccurate and/or outdated data and can perpetuate existing stereotypes and social segregation. If consumers’ access to certain services or goods is determined based on inaccurate profiles, it can even lead to discrimination.
These dark data practices exist, and their consequences are real. They have already eroded consumer trust and therefore pose a threat to all the potential good that can come from the positive use of data to improve people’s lives. People must therefore be protected.
EU raises the stakes for privacy compliance
On May 25th 2018, the European Data Protection Regulation (better known as GDPR) enters into force[i]. This regulation will impose strict obligations on controllers and processors who are either established in the EU, or process data of people within the EU territory.[ii] With maximum financial penalties of 4% of annual global turnover or up to €20m (whichever is higher), the European legislator sends a clear signal to all actors involved in personal data processing. It’s time to get serious about privacy.[iii]
Among many things, the GDPR introduces important provisions to address the privacy risks associated with profiling and automated decision-making practices. The rationale behind the regulation is twofold: on the one hand, the GDPR gives consumers more control over “if, when and how” their personal data is collected and processed. On the other hand, the GDPR significantly raises the accountability for both controllers and processors.
Consumers will expect companies to abide by the strict measures to ensure that they are adequately informed[iv] and that their data is handled with integrity and in a transparent and secure manner. Essentially, the GDPR requires businesses to apply basic ethical principles to the way they collect, manage and store personal data and to give consumers more control over their personal data.[v]
GDPR as a business opportunity
Many companies see GDPR as a burden. GDPR compliance certainly involves extra work to ensure the right processes and technologies are in place. But once companies embrace GDPR (they have no choice but to accept it anyway) they’ll quickly see it as a significant business opportunity. This is for a number of reasons.
First, the new framework provides businesses more legal certainty for how to process personal data in all European member states. It helps them align and manage their privacy governance and strategy over different entities more efficiently.
Second, the GDPR can serve as a brand of trust. GDPR compliance and transparency towards data subjects (employees, customers, clients, etc.) on how their data is being handled can serve as a seal of trust with data subjects, supervisory authorities and the economic market. In the digital age where news is riddled with data breaches, fines and lack of consumer trust, GDPR compliance can serve as a competitive advantage.
Finally, the GDPR can be seen as a catalyst for innovation. It will become a forcing mechanism for often overdue operational changes. The GDPR requires companies to rethink their data processing strategy. As mentioned, (personal) data is of intricate value to many businesses, therefore developing or re-aligning their data processing strategy can help companies develop new products and services, acquire new customers and even attract new talent.
Embracing GDPR to rebuild trust
As we’re getting closer to the GDPR rollout we see the levels of angst rise among many companies. Failure to meet the GDPR standard will lead to fines and becoming GDPR compliant involves hard work. Once companies get over the short term hurdles and fully embrace GDPR they will soon see its real benefits. In the end GDPR is all about establishing an ethical approach to the capturing and processing of personal data. It is designed to protect the consumer and regain their trust. This is not only in the consumer’s best interest, it’s also good for business. In the data economy protection fosters trust and trust grows business.
The extended article will be available in the next edition of the Journal of Data Protection & Privacy.
Cowritten by: Toon Vanparys – CEO of Sentiance, Dimitri Maex – President of Sentiance and Vincent Jocquet – SVP Finance at Sentiance.
[i] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
[ii] Note that the GDPR does not apply to the processing of personal data performed: (1) by EU institutions, (2) by a natural person as part of his/her purely personal or household activity, (3) related to activities which fall outside the scope of EU law and (4) by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and the free movement of such data.
[iii] More and more focus is being pulled to the ethical dimension of data processing in commercial context; for example, some recent opinion pieces from the heart of the tech industry: D. Fortson, Martha Lane Fox plans ‘badge of honour’ for ethical sites, 5 November 2017 https://www.thetimes.co.uk/article/martha-lane-fox-plans-badge-of-honour-for-ethical-sites-3bh7ss50q; M. Boran, Dell reinvents itself for the IoT era by making the right connections: Michael Dell on the ethical challenges now facing tech firms as everything becomes connected, 10 October 2017, https://www.irishtimes.com/business/technology/dell-reinvents-itself-for-the-iot-era-by-making-the-right-connections-1.3260546; R. Bond, AI, ethics and trust, 24 April 2017, https://www.techuk.org/insights/opinions/item/10675-guest-blog-robert-bond-partner-bristows-llp-ai-ethics-and-trust
[iv] Among others, by the use of a privacy notice. For example: http://www.sentiance.com/privacy-and-security/journeys/