Data privacy is an increasingly hot topic, especially for those in the data-driven marketing industry. I reached out to six privacy experts from some of the world’s leading privacy-focused organizations to get their viewpoints on a variety of data and privacy issues. Read their responses below on topics such as marketers’ responsibility to consumers, mobile’s impact on privacy, industry self regulation versus government regulation, international privacy laws, and much, much more.
Rachel Nyswander Thomas, The DMA's Data-Driven Marketing Institute (DDMI)
Rachel is Executive Director of the Data-Driven Marketing Institute and Vice President of Government Affairs for the Direct Marketing Association.
For the benefit of those who may not be directly familiar with the DDMI — what is the DDMI and how would you describe the role it plays?
If I could describe DMA's Data-Driven Marketing Institute in one word, that word would be: Knowledge.
As the think tank of the data-driven marketing community, DDMI conducts independent, academic research that answers vital questions about on how data is changing our industry and our lives, and provides the platform to make sure this vital research informs and shifts the policy debates that threaten data-driven marketing. With data-driven innovation impacting nearly every area of our lives, it is key that policymakers, consumer advocates, and the media understand the value of data and how to nurture, not stifle, that innovation. DDMI seeks to put research and hard numbers behind this transformation, just as we did with areport authored by Harvard Business School and Columbia University professors that showed the real economic benefit of Data-Driven Marketing Economy, which provided $156 billion in revenue to the U.S. economy and fueled more than 675,000 jobs in one year alone. DDMI continues to produce research and information that demonstrates the value of the DDME, highlights the importance of data-driven marketing innovation, and increases the understanding of responsible data-driven marketing.
Sébastien Houzé, The Federation of European Direct and Interactive Marketing (FEDMA)
Sébastien is Secretary General of the Federation of European Direct and Interactive Marketing (FEDMA).
How does FEDMA celebrate/think about Data Protection Day?
FEDMA organizes an event at the Parliament, with MEPs, regulators, and industry members to carry our message: between Data & privacy, it's all about finding the right balance. Regulation will only work if it's not limiting business and global competition. Regulation will only work if self-regulation complements the legal texts.
Jules Polonetsky, The Future of Privacy Forum
Jules is Executive Director and Co-Chair of the Future of Privacy Forum.
Big data seems to have moved beyond a concept stage buzzword and into the realm of reality. How does the FPF think about/define big data and are there "rules of the road" the data-driven marketer must be aware of?
Big data can mean many different things, and in many ways, the concerns surrounding data analytics go hand-in-hand with some of the challenges presented by the Internet of Things and constant connectivity. From a privacy perspective, one simple way to think about big data is simply as data that challenges existing privacy principles. The big challenges posed by big data are where it strains traditional Fair Information Practice Principles. Long-standing and important principles like notice and consent, purpose specification and use limitations, and particularly data minimization may need flexibility when societally beneficial uses of data depend on unexpected new uses and longer term retention.
FPF has previously called for folks to start seriously engaging in analysis of any potential benefits of big data. For marketers, what is the ultimate value to consumers? What consumers are benefiting from a given data-driven practice? Companies need to grapple with both the tangible and more abstract privacy concerns that people have about using data, particularly if that data raises potential sensitivities or could lead to inferences that might trouble individuals. Putting in place a process to deliberate and consider these questions is important, particularly in the absence of any clearer "rules of the road."
Mike Zaneis, Interactive Advertising Bureau (IAB)
Mike is the Executive Vice President and General Counsel of the Interactive Advertising Bureau (IAB).
What are your thoughts on legislative and/or regulatory action in 2014? What can we expect in 2015?
2014 was a very quiet year for privacy legislation. Most of the work was done at the regulatory level, with a number of Federal reports on "Big Data" being published. I think that the fruitless "Do Not Track" debate sucked the oxygen out of the privacy debate for a couple of years, but with the issue now largely dead, we are moving on to more productive discussions. I see a number of areas of bipartisan support for privacy and security legislation in 2015. The President has called for enactment of a national data breach notification standard, further restrictions on the use of student data, and strong new information in the area of cyber security. Each of these issues has strong merit and with the right leadership in Washington we could see movement on all three proposals.
J. Trevor Hughes, International Association of Privacy Professionals
J. is President and CEO of the International Association of Privacy Professionals.
Cybersecurity and its related issue, data breach, are top of mind in board rooms and C-suites around the world. What's IAPP's role in helping to move the needle on better protection for consumer (and corporate) data?
Data protection is everyone's responsibility. Organizations that hope the IT team or a technological solution are all that's needed will likely find themselves with a situation on their hands. We provide training, education, and resources for organizations to create a holistic awareness of data privacy issues, so that anyone who's handling data on a regular basis understands the data's value, how it needs to be handled and how it needs to be protected. Privacy professionals can't do it all by themselves. They need to be leaders in their organizations, advocating for responsible data handling. Data breaches will happen, just like banks get robbed, but smart organizations can be prepared for the worst and limit any damage to customers and the brand.
Marc Groman, Network Advertising Initiative (NAI)
Marc is President and Chief Executive Officer of the Network Advertising Initiative (NAI).
Given that we know consumer behavior can be described as a multi-screen, multi-environment experience, does that indicate a need for specific industry self-regulatory guidance for what is known as Cross Device identification? What might that look like?
The NAI recognizes that the digital advertising ecosystem is rapidly evolving and individual companies are developing new technologies and business models to address these changes in the ecosystem. We are exploring how our core principles of notice and choice with respect to Internet-Based Advertising (IBA) and placing substantive restrictions on NAI member companies' collection, use, and transfer of data used for IBA via the Code apply in different contexts while remaining technology and business model neutral. We are also examining technical, legal, and policy issues so that we produce logical and practical policies that can be implemented and honored at scale by the full range of NAI member companies. As member companies deploy new business models, NAI encourages these members to consider the privacy principles set forth in the Code, including notice, choice, control, transparency, and accountability.
Today, the NAI Code does not cover the activity of linking devices, based on the assumption that the devices belong to the same user or household, for the purposes of fraud prevention, attribution, delivering advertisements or providing advertising-related services to different. We must address this going forward. This is where the industry is headed and where regulators and policymakers are watching. I anticipate that this year the NAI will develop and issue guidance regarding the application of the Code, including the application of the opt-out mechanism, to the collection of data across devices and/or the linking of multiple devices used or likely used by the same individual or household.
