It’s no secret that 2020 represents a major year for the regulation of personal data. While GDPR has already rocked the marketing world in the EU, CCPA and more than 40 other pieces of pending state-level legislation are going to again transform the handling of personal data in the United States and abroad. Marketers are concerned about what such legislation will mean for the future of personalized marketing, and for good reason. Today’s efforts to legislate consumer privacy are being executed with a chainsaw rather than a scalpel—and that’s ultimately going to be a problem for marketers and consumers alike.
Here’s why our conversations around personal data need to get more nuanced—and fast.
The Dangerous Lack of Distinction
All the legislative initiatives currently being drafted and pushed forward in state legislatures share two traits:
- They’ve all been written with consumers’ interests in mind.
- They all fail to make useful distinctions in terms of the personal data they’re designed to protect.
The first point indicates that the notion of personal data regulation represents a noble and potentially valuable one. The latter means that today’s efforts are utterly failing to achieve the desired goal.
The concept of personal data is a general one, as defined both by the letter of the new laws and the way that we debate them. However, the reality is that there is a wide spectrum of data that surrounds people. A large swath of that spectrum includes data that is completely public, and an even larger swath of the spectrum includes data that is totally benign. However, every bit of the spectrum is being regulated as though it represents deeply personal and potentially explosive private information.
Many people have aptly compared today’s data industry to the richness of the oil and energy industries, most often as a way to emphasize all the “refining” that data must undergo before it can be put to good use. In terms of regulation, it’s useful to draw that comparison out further as it relates to the fuel spectrum. When it comes to energy, there’s a big difference between the availability and dangers of plutonium used in nuclear reactors versus, say, the charcoal briquettes you use in your grill. One is quite rare and potentially lethal if mishandled. The other is widely accessible and far more stable.
Such is the case with today’s wealth of personal data. Most are publicly available and benign in nature. Only some pieces—such as personal banking information and medical information—boast a high potential to cause damage even if the application is benign.
Other types fall squarely in the middle and are worthy of vigorous debate. For example, real-time location information is benign when used to send an Uber but potentially explosive in the wrong hands.
Either way, today’s regulations ignore the differences along this spectrum and treat every bit of personal data like it’s plutonium. Why?
Not All Data Belongs to Consumers
We can’t and shouldn’t expect consumers to understand the nuances of the value and vulnerability of their personal data, but we can and should begin to educate the market on the fact that a spectrum exists. As a seeming show of respect for consumer privacy, our industry spends a lot of time talking about how “consumers own their data.” Quite frankly, that’s not true in many cases.
A good deal of consumer information is public and out of the realm of the individual’s control. Consider something as simple as your name. Do you own your name? No. Legally, you don’t own your name. Other people can say it, refer to it and otherwise write it or use it without violating your privacy. It’s an easily discoverable bit of information, as is a lot of information about you, from the type of house you own to the car you drive. Such things are observable and, thus, not “data” that you own and can shield as desired—nor would you have much cause to do so. Most of this data is harmless, and its use does not threaten your wellbeing.
Of course, that’s not the case with all data, so let me be clear: When it comes to truly sensitive personal information like banking details and medical files, stringent federal oversight is not only warranted but necessary. And much of it is already on the books. Where proper legislation doesn’t already exist, the U.S. government should move to codify appropriate protections for such personal data and ensure such information remains under a consumer’s control. Fractured state initiatives will not be sufficient to extend proper, comprehensive protection for this plutonium-grade data.
As an industry, we like to talk about offering a value exchange for consumer data. But there can be no real weight to this concept if we don’t all operate under a fair assessment of what is being transacted in that exchange: how valuable the data is and how private it is. As long as we continue to treat all data like it represents a person’s deepest, darkest secrets, the laws and perceptions around data-driven advertising will continue to be unfairly and unnecessarily restrictive. It’s high time we start separating the plutonium from the charcoal briquettes.BOTTOM: