I’ve just finished reading „Corporate Surveillance in Everyday Life“ by Wolfie Christl at Cracked Labs. The long title – “How Companies Collect, Combine, Analyse, Trade, and Use Personal Data on Billions” – clearly reflects the focus. It’s an excellent piece of research, well-written and illustrated with thought-provoking graphics.
The report aims to show: first, how online businesses, advertisers, risk managers and marketers (among others) get hold of consumer’s personal data; and then, what they do with it.
The report achieves both goals extremely well. It not only highlights the technologies that make individuals transparent to business; it also draws attention to areas of the data economy and business practices which are at best ‘opaque’ for the private person.
To date, business has largely followed the path “we use data this way because we can (technically)”. Organisations in numerous industries have been collecting data about their own customers for decades. But the trend in recent years is an increase in data sharing and re-distribution. Data brokers, for example, collect personal data about people who are not customers from multiple sources, combine it via unique identifiers – and then use it to develop an all-round view of the (so-called) ‘private’ individual for re-sale to other organisations.
By contrast, the ‘private’ person – the source of the data – does not have a complete picture of which organisation has their data or what is being done with it. Small wonder that some feel that commercial tracking and profiling amounts to invasive and pervasive, surveillance. Hence the view that a general discussion about what may be done with personal data (legally, ethically) is seriously overdue.
What’s very clear from reading this report – especially Chapter 7, ‘Key Developments in Recent Years’ – is the potential for mis-communication and conflict between the various participants in the data economy.
At base level, mis-communication may arise from a simple difference in definitions. An example: in the USA, pseudonymised data is usually described as “anonymous”; whereas, in the EU pseudonymised data must legally be handled the same way as “personally identifiable” data. The impact of this difference is far from trivial. Once GDPR kicks in from May 2018, global data providers will have to handle data about EU residents in a different manner to those living elsewhere.
The potential for conflict arises because future debate on Privacy is ultimately going to boil down to a ‘how it is’ vs ‘how it ought to be’ argument. Vested commercial interests will say “we’ve been allowed to do this so far, its’s too late to make a fuss about it now”. Those interested in restricting those practices will counter with “You should have policed your own activities responsibly; this has crossed the line, it’s time to stop”.
There will probably be a lot of posturing and verbal aggression before we get to the compromise and conciliation stage.
So who will really get value out of reading this? Some thoughts:
- Strategic and senior managers
differences in laws and attitude mean that globalisation of data practices and processes (one size fits all) is a dead duck. Regional strategies are indicated for the foreseeable future.
- Marketers on both sides of the Pond
who want an update on what colleagues in other continents / countries / industries are doing. Also: how and where combinations of data are being used to understand customer interests better. Last but not least, to help marketers think about where and why people might just find a ‘cool marketing idea’ just a bit too intrusive – before they kick back.
- Legal teams focussed on Privacy Compliance
a fast way to get a very up-to-date overview on the use of personal data in marketing across several consumer industries. At the same time, they can mentally compare business practice against current / upcoming law to identify potential risks
- Privacy Officers in B2B Organisations
the benefit for these folks is that they have a background to compare their own use of Customers’ personal data in 1-to-1 marketing. And compared with the B2C world, the use of professional information in the context of B2B campaigns is a refreshing contrast: highly transparent, permission-based and non-intrusive.
How to get a copy of the Report
Published June 2017, this report is bang up-to-date. It’s available for direct access at http://crackedlabs.org/en/corporate-surveillance and (via the same page) as a free PDF Download (93 pages, A4).
Credits: Author: Wolfie Christl Contributors: Katharina Kopp, Patrick Urs Riechert. Illustrations: Pascale Osterwalder. Publisher Statement: „Every effort has been made to ensure the accuracy of the texts in this report. The author and the publisher accept no liability in the case of eventual errors.“