Why CSPs need a code of ethics for customer data
Consumers taking control of their personal data has been a central theme of 2018, and not only in the many discussions around the General Data Protection Regulation (GDPR), writes Chad Wollen, the chief marketing officer of Smartpipe. Although it may seem to many that this topic peaked with the arrival of the new data laws on the 25 May, it is only the beginning.
Even will.i.am, lead member of the Black Eyed Peas, TV talent show judge and technology advocate has spoken about the importance of consumers owning personal data – rather than large companies – during an appearance on TV show Sunday Brunch. He predicted a future data democracy where people will be empowered by their data. This idea has been on the fringes for decades, but is now firmly in the mainstream, being discussed on daytime TV by a celebrity.
With data-related news stories such as the Facebook and Cambridge Analytica episode regularly making the headlines, the data practices of the digital giants are getting their fair share of bad press. So it’s time for companies to show they take their data responsibilities seriously and are following an ethical approach in their treatment of personal information.
Step forward the communications service provider (CSP), the custodian of customer information within secure networks and potentially the ideal champion of the ethical use of data.
CSPs are well placed to manage consumer data
CSPs have access to vast volumes of high-quality first-party data, and the ability to combine accurate account information with data from multiple touch points including voice calls, SMS, data roaming, downloads, and mobile commerce, to gain a 360-degree view of the user. They are also highly trusted by their customers, which is the factor most likely to encourage consumers to share their personal information with companies, above discounts or free products.
Because of the trust factor, consumers are more likely to give CSPs their consent to data collection and processing – a key requirement of the GDPR – than other companies. For instance over 80% of consumers would allow their mobile network operator (MNO) to use their personal data for advertising purposes, assuming privacy enhancing technology is in place. This is far higher than the 50% that would opt into data collection by GDPR-compliant publishers who did not use such technology, which is the way most consumer data enters the advertising market. This difference illustrates the power CSPs have in providing data for targeted and personalised advertising, as long as they take an ethical and responsible approach to information management.
The trust MNOs have is a foundational advantage over other sectors and businesses, but should not be taken for granted. It is developed in a specific context; CSPs will have a trust halo as big brands consistently delivering an essential service, but they will have to lift and shift that trust in the new context of privacy and data protection. This means doing two things – powerfully communicating their new purpose and promise, and most importantly, substantiating that communication with tangible and discernible changes in conduct.
CSPs recognising their responsibilities
CSPs are becoming more aware of the quantity and the corresponding value of consumer data they hold, and some are already using this advantage to gain a foothold in the digital advertising industry, potentially taking on the digital giants such as Google and Facebook. AT&T, for example, has launched Xandr, an advertising and analytics unit, to expand its ad platform and strengthen its TV advertising capabilities.
This foregrounds the urgent need for clear communication and transparent conduct. CSPs not only need to re-contextualise the trust of their consumers, but they also need to do so while wishing to use data for new and non-core purposes.
But in using data for advertising or any other purpose, CSPs mustn’t neglect their responsibilities towards the customers who create it. Telefonica is one company recognising the need to protect data and empower customers to control its use. The company’s manifesto for A New Digital Deal has a section on delivering trust in data, which promotes ethical use, transparency, and choice, declaring “a human-centric approach should empower people to decide how and when their data is used.”
CSPs need a code of data ethics
Telefonica’s manifesto is the latest in a long line of pro-privacy announcements – following on from Orange, Vodafone, and Deutsche Telekom. While this is a very positive development, empowering consumers to take control of their data isn’t something one company can achieve in isolation; there needs to be a shared code of data ethics across the entire industry. These worthy individual initiatives need to be upgraded into an ethically-driven industry code of conduct, as the GDPR envisages.
The GDPR sets basic ground rules companies must obey, or risk hefty penalties, but a code of ethics is about more than obligation, it is about doing what is right rather than simply what is required.
Take consent as an example. The GDPR uses consent as one of the legal bases for data processing with companies required to gain explicit rather than implied consent to clearly defined data practices. Some businesses look for loopholes in the consent requirement, perhaps trying to establish an alternative legal basis, or doing the bare minimum to abide by the rules. But asking customers if their data can be collected and explaining in detail what it will be used for shouldn’t be a matter of legal compliance but a matter of ethics.
Even if there is a legitimate reason for data processing that makes consent legally unnecessary, telling consumers what their data is being used for and requesting their agreement is vital to building a strong and mutually trusting relationship.
In establishing an industry-wide code of data ethics, CSPs should aim to minimise the volume and types of data used, collecting and processing only what is deemed absolutely necessary. They should take responsibility for the data practices of their partners, suppliers, and clients, ensuring responsible data use across the supply chain rather than solely looking inward at their own organisation.
Ethical codes are the start, transformation comes next
It is not enough for the industry to simply initiate more joined-up thinking when it comes to the correct use of data – they must then put this code into action. This will involve investment in long-term data strategies, providing new tools and experiences that put the consumer first – giving them control of their data and how it is used.
Adopting a more ethical approach to data may also mean employing privacy-enhancing innovative technologies that allow data to be used without identifying the individual, such as utilising temporary, single-use tokens in place of persistent identifiers. This would allow CSPs to make useful information externally available for various purposes without their customers’ personal data ever leaving the safety of the network.
Any transformation must be brand-led, with MNOs providing more control, more transparency, and more meaningful choices for their customers, to maintain and strengthen their trust, and therefore enhance reputation and loyalty.
With a combination of first-party information and high levels of customer trust, CSPs hold a unique position of power in the new data era. By adopting an industry-wide code of ethics that leverages new technologies and gives control of data back to the consumer, they can fill the gap left by less transparent operators, a role traditionally filled by the ad tech sector.