CX in the age of privacy and trust, Part 1: It’s about the consumer, not the regulator

This is the first in a series of articles on creating, maintaining, and optimizing great customer experiences in the context of mounting concerns about privacy and increasingly strict regulations governing data processing. We address topics such as consent strategies, the role of trust, the elements of trustworthiness, and integrating consent exchanges into CX. In Part 1, we show why privacy and trust are inescapable, even if your organization is not subject to data regulations like the GDPR or CCPA.

Four forces at work on data processing by marketers and CX teams

The GDPR has hogged the headlines, but it is only one of four key forces that are transforming the rules and the practices of processing personal data:

  1. The EU’s General Data Protection Regulation. Now in effect for almost one year, the full implications and impact on business practices of the GDPR are becoming more clear as regulators issue the first decisions about violations and fines. (See for example “The real story (and the real real story) about Google’s GDPR fine.”)
  2. Other regulations, such as Brazil’s LGPD and California’s CCPA. “GDPR-like” legislation is under consideration or implemented in at least a dozen other countries. Numerous US states are set to follow California’s lead — and the resulting splintering of data rules could make businesses actually wish for a single federal-level regulation.
  3. Technical and business model innovations. Doc Searls estimates that over 2 billion people worldwide have used a ad- or tracking-blocker — a phenomenon he calls “the largest boycott in human history.” The Safari and Firefox browsers have blocked third party cookies (with so-called intelligent tracking protection) for some time; now Google Chrome — with over 60% market share — is rumored to be considering something similar. (Scepticism appropriate.) Meanwhile, new anonymity-based browsers like Brave are gaining ground. Finally, Apple’s exemplary privacy stance — which seemed self-defeating only a few months ago — is now become a key feature of new products and services, such as Apple Card — and privacy is becoming a selling point for many other companies.
  4. A global consumer revolt against unauthorized data collection, sharing, and tracking. Aside from the widespread use of ad- and tracking-blockers, it’s clear that we are witnessing a rapid sea change in the public’s attitude about data collection and online privacy. For example, 68% of surveyed adults in the US and UK said they don’t trust how brands use their personal information. When asked in a global survey to select the top reasons they would abandon a provider, 79% said “using my data without my knowledge.”

The business analyst Horace Dediu has compared this sea change around online privacy it to the shift in societal attitudes about smoking – which in a few decades went from something admirable or at least acceptable (remember smoking in movie theaters? In airplanes?) to something disagreeable and sanctioned.  In 2015, Dediu predicted a future in which the harvesting of personal data “will become taboo, toxic, the most distasteful, hateful thing.” He was right, except that this future is arriving not in decades but in a few short years – fueled by seemingly endless data scandals. (See my recent podcast discussion with Horace, “The State of Our Disconsent.”)

The real GDPR is inescapable

Taken together, these four forces create what I call the real GDPR — not just the EU regulation but a Global Data Privacy Revolution. Because this revolution is, at bottom, powered by consumer distrust and demands, it cannot be evaded. Your company might stop doing business in the EU and every other region with disagreeable data protections. You might write off (or provide sub-par service to) the 30 to 50+% of the addressable market that is deploying tracking blockers or other data privacy innovations. But the only way to evade the consumer backlash and new expectations is to stop having customers.

Smoking gun evidence — the origins of the CCPA

California has long been a trend-setter when it comes to consumer protection legislation. (Think of the automobile emission standards introduced in the mid-1960s.) Still, it’s somewhat puzzling that the CCPA should have come out of California – and especially in the way that it did. How did the home state of Facebook and Google pass this “historic privacy legislation”? And how could it happen in just a few months (the GDPR took years of acrimonious debate)? And how did the bill passed both houses of the legislature unanimously, without a single dissenting vote lubricated by tech lobbyists? The very short answer from a long and fascinating story is that the CCPA was reluctantly backed by business interests only because they were panicked to prevent an more restrictive citizen’s ballot measure from coming to a vote in November 2018.

This is why  it would be foolish for any organization to look at the CCPA (or any other data regulation, for that matter) only from a compliance perspective, as if it was created by some faceless bureaucrats in Sacramento. On the contrary: the CCPA reflects the (rather muted) voice of the people of California, and your responses should be designed to address their concerns, their anxieties, their demands for ethical and responsible handling of personal data – and not only to comply with the letter of the regulation.

(This origin story is also why the current attempts to water down the CCPA before it becomes law could very easily backfire. If citizens feel — or can be convinced — that the legislation has failed to adequately represent and protect their interests, another privacy ballot measure is virtually guaranteed.)

Privacy, consent, and “beg data”

I call it the new era of beg data. Whether for regulatory compliance (good) or the acknowledged need to put consumers in control (better, and inescapable), access to personal data must be based on a mutually beneficial, fully-informed, and trust-based interaction. In Part 2, we’ll look at how such “consent exchanges” — typically cookie consent notices — are currently undermining if not destroying all of the hard work you put into customer experience . . . and what you can do to fix it. (If you can’t wait, contact us to discuss your marketing and data privacy challenges.)

Tim Walters, Ph.D.
Tim is a principal strategist and the privacy lead at The Content Advisory, as well as a partner at IOOI Group, and a founding partner of Digital Clarity Group. He is writing, advising, public speaking and aims to help both enterprises and solution providers come to terms with customer experience management (CEM) – while also respecting the privacy and personal data of consumers. For him, this means understanding the fundamental concepts – experience, customer journeys, the jobs to be done – and then designing and implementing the engagement strategies that deliver mutual benefit for both buyers and sellers. His publications include "The CEM Imperative,” an "Executive FAQ" about the General Data Protection Regulation (GDPR), and “Is Native Advertising the New Black?”. Prior to DCG, he was a Senior Analyst and Advisor at Forrester Research, and director of international marketing and strategy for FatWire Software. Earlier, he was a professor at the University of Rochester and New York University.
Tim Walters, Ph.D. on LinkedinTim Walters, Ph.D. on Twitter


Author: Tim Walters, Ph.D.
Tim is a principal strategist and the privacy lead at The Content Advisory, as well as a partner at IOOI Group, and a founding partner of Digital Clarity Group. He is writing, advising, public speaking and aims to help both enterprises and solution providers come to terms with customer experience management (CEM) – while also respecting the privacy and personal data of consumers. For him, this means understanding the fundamental concepts – experience, customer journeys, the jobs to be done – and then designing and implementing the engagement strategies that deliver mutual benefit for both buyers and sellers. His publications include "The CEM Imperative,” an "Executive FAQ" about the General Data Protection Regulation (GDPR), and “Is Native Advertising the New Black?”. Prior to DCG, he was a Senior Analyst and Advisor at Forrester Research, and director of international marketing and strategy for FatWire Software. Earlier, he was a professor at the University of Rochester and New York University.