Taking control of your private and personal data

Privacy is Power!

This is the title of Carissa Veliz’s compelling, and very carefully researched, book recently published by Penguin; it’s a bestseller and an Economist ‘best book of the year’. At the time of writing, it’s sold out in Waterstones.

However, it appears to have hardly created a ripple in the collective consciousness of the marketing community. It should.

In the book she makes a very persuasive case against allowing companies like Facebook, Google and Amazon to collect and monetise personal data in the way that they do.

She puts forward multiple arguments against this kind of data collection, which start from an explanation of the importance of privacy in the first place; she then goes on to detail the dangers of its use for political purposes, and the damage it can do to individuals when it falls into the wrong hands.

One of her most revealing examples was when Ashley Madison’s dating site for married people wanting to have affairs was hacked, and 30m people were impacted.

Alongside Clarissa Veliz herself, there are numerous governmental and public bodies who are showing signs of mounting concern about the massive invasion of privacy by the social media companies, and their influence over a huge range of political and social topics.

At times like this it is important for ordinary direct-to-consumer companies, who collect ‘personal’ data solely with the intention of better serving their customers, as well as increasing their sales, to make a clear distinction between the kinds of data they collect, and how they use it, compared to the social media giants.

Now, all the references made in the book to ‘personal data’ relate to what we might better describe as private data, e.g. data about what you have been up to, where you have travelled to, what you like or dislike, what you agree or disagree with, what websites you visit, or when you go to bed or wake up in the morning.

However, there is another whole other category of personal data that could be better described as transactional. This is the kind of data that is usually stored in a direct-to-consumer company’s customer data platform, and relates solely to the interactions between the company and its customers.

If, as is likely, the ability of companies to collect and monetise personal data is gradually restricted over the coming years, then those of us engaged with companies who sell direct-to-consumers, but on the whole don’t sell personal data, need to make sure that the distinction between personal private data and personal transactional data is made clear, and broadcast loudly.

Normal direct-to-consumer companies collect personal data about 1) transactions 2) activity on their website 3) calls to their call centre 4) responses to direct communications 5) what a customer felt about a recent customer experience. All this data is collected with no more wicked intention than to serve the customer better.

These companies do not use the data for political purposes, or to attract advertisers, or to sell to other companies (except only when the customer has given specific permission for their data to be used in this way).

It is essential that the collection and use of personal transactional information is allowed to be collected and made available to oil the normal wheels of commerce. Without it, every customer would become a prospect, and the companies we deal with would not be able to relate to us.

The risk is that, if we do nothing, when popular opinion turns against the activities of the social media giants, as we expect it will when the disadvantages of exposing oneself in public become clearer to people, then there may be a backlash against the collection of all types of personal data, transactional as well as private.

So, we need to start to make the argument now for the clearest possible distinction to be made between private personal, and transactional personal, data; and for those who support ‘pulling the plug’ on the social media giants’ data collection, as recommended by Carissa Veliz, it’s a case of explaining to them what kind of personal data for which the plug should be pulled.