In light of the many news headlines and scandals over data privacy today, many companies are afraid to use customer data because of concerns over potential privacy violations. There is also a growing concern over being legally compliant but still making customers unhappy or uncomfortable, much like what happened with Target in 2012. Target legally used their customers’ data to create targeted ads, but the personal nature of the ads still upset customers. Target wasn’t doing anything wrong with data monetization, but it still negatively impacted customers. Many companies opt not to use data out of fear, but that comes at a huge loss of revenue.
Data monetization challenge
Striking a balance between protecting the customer and monetizing the data is an interesting and timely challenge. Companies must consider both accuracy (quality of data utilization) and privacy. With privacy, there is always going to be some accuracy loss and vice versa if you want better accuracy. So, it’s up to the company to decide how to balance the tradeoff between privacy and accuracy. It’s easy to get just privacy or just accuracy, but the challenge is to get them both at the same time.
The current reasoning says: ‘If I want more privacy, I have to have lower accuracy, therefore my business is doing worse.’ My work proposes that there is a missing piece here – data come from people, and if your customers don’t feel comfortable with your privacy guarantees, then they will stop being customers, and you will get worse or no data. For example, if I find out a company is tracking my search history, I might delete cookies or change the way I browse online, and then the company isn’t going to learn anything about how I search.
Conventional wisdom says better privacy has to be worse for the company, but that’s not exactly true. Consumers are much more aware of their privacy now, and they are being more thoughtful in terms of protecting it. There are cases that show you can in fact do better as a company and make higher profits if you are to give better privacy guarantees. If you focus on privacy and make it a priority, in the end it leads to better data that can be monetized. Also, in terms of market competition, in a lot of these cases where there is public outcry about privacy violations, there is a potential for companies to differentiate themselves and compete in the privacy space. They can gain customers by offering better privacy guarantees and build trust.
Data privacy beyond compliance
Although often grouped together, data privacy and data compliance are two separate challenges. Compliance is strictly binary – does your company follow the laws or not? The answer there is that companies should always follow the laws and be compliant with the laws to ensure there is no unauthorized use of the data. But within the legal space of data compliance, a company has room to make decisions about privacy. Compliance gives you parameters that you can work inside. And in that space of being compliant, you can choose how to use your data. With privacy, its more about deciding what information should be used. If a company decides that compliance isn’t enough, what can you do beyond just complying with the privacy laws to monetize your data?
Is differential privacy the answer?
I’m focused on helping companies understand the balance between privacy and accuracy by looking at a more wholistic model. The answer is in differential privacy, which gives companies an opportunity to both make use of the data and still have these formal privacy protections in place. Differential privacy is designed to protect the privacy of individuals, but still provide companies with helpful information to make better decisions. With differential privacy, our hope is to ensure companies only learn from the global database in aggregate, rather than any specific individual.