Privacy Wars: Data Privacy as a Competitive Differentiator

It’s a well-known fact that there’s no such thing as a free lunch. For services like Twitter, Google, Facebook and virtually every other free-to-use app, the cost of entry is your data

These organizations support themselves through selling advertising, harvesting a huge amount of information on their users and feeding it into algorithms that can target ads with uncanny precision.

Data collection in general has become big business. Organizations across the globe have poured vast amounts of money into tools which allow them to gather and sort this data more efficiently, and the scale at which they’re doing so is increasing exponentially. There are very good reasons for this; it allows them to gain a more accurate sense of their customer base and predict oncoming trends.

However, not everyone is happy about this surge in data gathering. According to a study by Pew Research Center, 79 percent of people report that they are at least somewhat concerned about how the data companies collect on them is used. The issue has also drawn regulatory attention, and numerous legislatures have enacted, or are considering, rules that place stricter limits on how organizations gather and process data. The most notable example is Europe’s General Data Protection Regulations (GDPR), and the US is starting to follow suit; the California Consumer Privacy Act (CCPA) went into effect last year, and grants consumers much greater protections against companies exploiting their information. There are also calls from many campaigners to roll out a nationwide equivalent to the CCPA in the US, and many believe this transformative privacy reform will be high on President Biden’s first-term agenda.

The Data Privacy Proxy War

In response to these shifts both in public opinion and the regulatory landscape, organizations are putting a greater emphasis on data privacy. Apple is perhaps the best example of this; in recent years, the company has made repeated public commitments to user privacy, integrating data protection features into many of its software and services and positioning itself as an alternative to rivals that will mine and exploit your data. For example, Apple recently announced its intent to ask users whether they want to continue allowing Facebook to collect their data. If they say no, Apple will simply shut off Facebook’s access.

The social network has objected strenuously to this move, arguing that it will prevent small businesses from being able to accurately target ads on its platform and that Apple’s warning fails to offer the necessary context for why the data is being collected.

“That ongoing war is only going to proliferate,” says Imraan Kharwa, group CISO for South African tourism company Tourvest. “There’s only going to be more of it, and businesses that position themselves as privacy-friendly or privacy advocates or privacy-focused are going to have an edge.”

Protecting Personal Information with Tracking Tools

Similar warnings have also led Apple to spar with Google, which retains a reputation for its systematic harvesting of user data – but even the erstwhile king of data-gathering is now committing to scaling back on the amount of tracking it subjects its users to. Just last year, Google announced that it would be removing support for third-party cookies from its browser – a technology frequently used to track users as they travel across the web – and the company has recently confirmed that it will not be replacing them with an equivalent technology within its advertising business.

Negative attitudes to cookies and other tracking tools are so common that many products have sold themselves as a method to evade them. Tools like Ghostery, uBlock Origin and DuckDuckGo have all become popular among the web’s more privacy-conscious denizens, and many of their key features are now being natively integrated into popular web browsers.

“If you just look up DuckDuckGo, you see that the primary value driver is the fact that they are privacy-focused,” says Kharwa; “It’s the same thing with Signal messenger, it’s the same thing with Apple as a hardware manufacturer.”

Data: Proceed with Caution

Apple hasn’t entirely abandoned the use of user data, though. If organizations seek to follow the example of privacy-first companies and use their data privacy stance as a market differentiator, the key is not to swear off data collection altogether, but to think carefully about what data they actually need. When starting out on the path to becoming a data-driven business, there can be a temptation to gather as much data as possible, and determine which of it is actually useful later down the line, but this is a false friend. Not only will organizations burn unnecessary resources collecting data that they have no use for, but their customers and users may also resent the amount of data they’re gathering.

You could also be leaving yourself open to stiff penalties by collecting too much data. Aside from the requirements around the day-to-day processing of data, regulations like GDPR also include penalties for organizations that allow personal information to be exposed through a data leak or security breach. The more personal data you hold, the more of a potential target for hackers you become, and the greater the financial risk if you’re hacked and get hit with a fine from regulators.

Data-driven personalization can be incredibly powerful, but making a conscious choice to limit the amount of data you collect on your users can also be equally significant. Unless your data operations are providing substantial, tangible benefits to your users, adopting a privacy-centric stance may engender more loyalty and goodwill, which will serve your business better in the long term.