There were a lot of headline stories last week. With so much in the news, it would have been easy to miss these four big developments related to U.S. consumers’ ability to limit the amount of information tech and marketing companies collect, store, share and sell about them. Here’s a brief recap of these stories followed by a few bold predictions for what’s next in consumer privacy online:

The Week in Data Privacy (6/29/18)

  • Facebook, still trying to complete their to-do list stemming from the Cambridge Analytica hearing, is struggling to track where your data went after they shared it. Good WSJ article aside, this shouldn’t really surprise anyone. As we noted in Adexchanger last month, sharing data is not like sharing a toy. It’s never clear if you got it all back or if was copied, shared and stored elsewhere. Relatedly, another Facebook quiz app just fixed a breach that left data on 120M users exposed for over a year.
  • A company that aggregates and sells consumer data, Exactis, left 340M private consumer records exposed on the internet per Wired. Yes another data breach. This one includes many aspects of personal data including addresses, phone numbers, interests, hobbies plus the age and sex of children in the home. The first class action lawsuit has already been filed, just a day after the breach became public. This story is just beginning.
  • California passed their version of GDPR on Thursday as was predicted given the pressure applied by a more stringent version that had received enough petition signatures to be put on November ballots. The law gives California residents new rights such as the right to block your data from being sold and the right to have your data deleted. Given the difficulty for companies to develop, implement and maintain 2 different sets of rules for US consumers, these laws will likely impact all US consumers when the bill goes live in January 2020. This has happened in other industries. In 2009, the California Air Resources Board (CARB) CWP regulations went into effect for composite wood products sold in California. Soon after, all 50 states began receiving CARB certified products since national and multinational companies could not cost effectively segment their inventory.
  • Speaking of GDPR, it’s now been in effect for 1 month. After the deluge of emails with updated privacy policies, the most commonly seen aspect seems to be the pop-up banner requesting cookie tracking acceptance. Still, many websites accessed by EU consumers are not compliant. Many US sites still block EU users to avoid GDPR fines. The Google Keyword Planner chart still looks like a hockey stick for GDPR terms, with and handful of terms requiring bids fo $60+ for a top of page listing.

3 Predictions for What’s Next

  1. The White House will sign an executive order as a stake in the ground for U.S. data privacy policy. Axios reported last week that a presidential advisor has been holding meetings to discuss what US policy in this area should look like. The Exactis breach and California’s privacy law will further the urgency here for multiple reasons, not the least of which is allowing states to define their own policies would make the U.S. a difficult place for consumer tech to do business. This isn’t acceptable to anyone. While congressional action behind a privacy bill would have a more lasting impact, it’s unclear that enough attention will be paid amidst many other issues on an already crowded front burner.
  2. Two companies will begin to differentiate themselves through their privacy leadership. Consider how Method and 7th Generation burst into grocery stores in the 90’s behind consumer trends towards natural, green products. With so much attention on how consumer data is tracked and shared, some companies will make the strategic choice to stand out from the crowd. While these may be industry upstarts, established brands could look for an edge here to compete in verticals where it’s hard to differentiate.
  3. Three other brands will lose consumer trust because of how they handle data. Here’s why: As Exactis goes under the microscope, one big question will be “How did this little known company get all this consumer data?”. Any companies that sell their data to third party aggregators will be holding their breath that the trail doesn’t lead back to them. But obviously consumers didn’t give Exactis their data directly. Likely the data was sold by first party data collectors, and then resold multiple times where it ended up with Exactis. When a big consumer brand is linked to Exactis, this story will much get more attention.

If you’ve enjoyed this article, please subscribe so you don’t miss the next one (top right corner of this page). And to learn about a new way to maintain visibility over where, when and how your brand’s first party data is used throughout the media supply chain, check out our free tracking service.

Share This