Business handshake showing need for companies to act now to take the complexity out of consumer consent
GDPR, PIPEDA, DETOUR: It’s Time to Take the Complexity Out of Consumer Consent by Tara Kelly, CEO at SPLICE Software

GDPR, PIPEDA, DETOUR: It’s Time to Take the Complexity Out of Consumer Consent

Two-thirds of Americans believe current federal regulations are not good at protecting their personal data online and 64% support more regulations of advertisers.  Canada already has the Personal Information Protection and Electronic Documents Act (PIPEDA), which outlines rules for customer data collection, use and disclosure. The EU has the General Data Protection Regulation (GDPR), which protects data and individual privacy. With so much support already from consumers, it’s only a matter of time before the US adopts stricter consumer privacy regulations, too.

There’s a bipartisan bill in the US Senate now — the Deceptive Experiences To Online Users Reduction (DETOUR) Act — that would outlaw deceptive interfaces and default settings used by some online platforms to “trick” consumers into handing over personal data that will be used for commercial purposes. If the DETOUR Act doesn’t become law, something similar will, eventually.

These regulations didn’t spring up in a vacuum. Many companies use deceptive practices to get consumers to opt-in to communications and data sharing. Retailers often neglect to ask customers if it’s okay to send email offers, using pre-ticked boxes on order forms that give customer consent, even if the consumer didn’t mean to.

Naturally, the use of subterfuge like pre-ticked boxes makes consumers suspicious. When they don’t get the opportunity to make a conscious choice about communication and/or data use, consumers wonder what they’ve agreed to let the company do to them, get from them and tell them. So regulators are stepping in to make sure companies are more upfront with consumers.

A license for the Internet?

While the motivation behind consumer data and privacy protection laws is sound, there’s a danger of the pendulum swinging too far. The share of goods and services shopped and purchased online keeps growing, so companies need to use digital channels to market to consumers. It should be possible to protect data and privacy without abolishing direct marketing.

There’s also the consumer’s role in these exchanges of data and contact information — don’t they have a responsibility? As the saying goes, there’s no such thing as a free lunch. Consumers enjoy access to free content, so they should expect the businesses that provide the content to monetize it. There’s another saying: if a person or company is letting you use its platform for free, that means you are the product.

Companies like Facebook and Twitter connect distant friends and families, deliver the latest news, provide space for video and photo sharing, enable people to organize, etc. While that shouldn’t give the companies carte blanche to deceive users or abuse the data they collect, shouldn’t consumers have some obligations in this exchange too, if only to understand how the platform makes money?

People need a license to drive cars. That’s how we’ve agreed to make sure drivers understand the rules of the road to keep everyone safe. Consumers don’t need a license to use the internet, and such a requirement is unlikely to be imposed. But isn’t it a good idea for consumers to at least understand how the internet works and to think about who provides the “free” content they enjoy?

What if we built relationships instead?

Maybe instead of requiring a license to cruise the information superhighway or increasing regulations on how companies interact with people online, we should build relationships instead. That’s not to say regulation is unnecessary – businesses and consumers alike need protection from unscrupulous operators who abuse the data that drives online commerce.

But some basic knowledge on the part of consumers — and fundamental good manners on the part of businesses — could go a long way toward reducing the outcry about privacy. This will enable companies to build trust-based relationships with customers. As in any other type of relationship, trust in a business relationship is critical, and creating trust requires honesty.

Businesses can start by being more upfront with customers about what they want and what they intend to do with the information they get. No more pre-ticked boxes; If the business can communicate value by describing how sharing data results in better service or offers, customers are likely to agree to the exchange – no sneakiness necessary.

Now is a good time to start building those relationships. Companies have opportunities at multiple points along the customer journey to obtain consent for communication and data use. To build a trust-based relationship, they can explain in clear and simple terms what information they want, what they plan to do with it and what benefits the customer can expect in the data exchange.

GDPR, PIPEDA and DETOUR are just the beginning. In response to justified consumer fears about how bad actors abuse data, new regulations are being considered every day, all around the world. As more regulations come online, digital commerce will become more difficult for consumers and businesses — unless companies act now to take the complexity out of consumer consent.