Mixed into this week’s shiny news from Apple’s Worldwide Developers Conference is an important data privacy update—a new Apple feature that reveals to consumers what personal data their apps are tracking. Though the feature is limited because it is self-reported by app developers, Apple is right to design an interface that makes data tracking easy to understand.
The wider industry needs to keep pace with Apple’s push on privacy. Doing so starts with every business finally admitting two truths: First, the global business approach to data privacy is broken, and second, consumers deserve a universally better experience.
The outbreak of COVID-19 has thrust the issue of data privacy front and center. Stuck at home, people are moving more and more of their lives online, and most are unwilling to give up their rights to enhance their physical safety. Now, more than ever, businesses need to build trust on data privacy. Proof of heightened privacy concerns can be found as companies such as Zoom experience consumer backlash for their failures to live up to today’s privacy expectations. And users have been even more shocked to find that moving to a competitor doesn’t guarantee a better privacy experience. Even before the pandemic threw data privacy into the limelight, Alphabet’s Sidewalk Labs, Superhuman, Clearview AI, and Triplebyte all faced public criticism and consequences for violating consumer trust.
With user interest in data privacy reaching new heights, companies need to understand that privacy is not solely a legal, policy, or compliance issue. Today, it’s also a user experience problem.
The privacy bare minimum
There’s no doubt that data privacy regulations are important and accelerating around the world. In 2018, both California and Brazil signed data privacy bills into law. However, if companies are more concerned about regulation, compliance, and fines than about the user experiences of exercising data rights, they’re doing it wrong.
Why is it that business leaders are obsessed with Net Promoter Scores and user-centricity on everything from onboarding to payment, but not for something as fundamental as data privacy? The answer is that executives have been fed a false narrative. Most business management advice on data privacy presents limited options: Establish a manual process that is friction-heavy; invest in cumbersome compliance technology that helps meet the minimum standard of the law; or ignore the rules and risk penalties.
In many ways, “delete my data” has become the new customer refund.
These are all dangerous propositions for any company that aims to be user-centric. All of those choices ignore the type of experience that customers deserve when it comes to their data. In many ways, “delete my data” has become the new customer refund—a way for customers to express their displeasure at a company by taking back control over the data they’ve provided. Remember the #DeleteUber campaign? Angry at what was seen as an opportunistic move on Uber’s part, half a million users sought to delete their accounts. When they found they couldn’t delete their data along with the app, that frustration compounded their existing anger at the company. Beyond specific controversies, data rights are gaining steam as users look for companies that demonstrate respect for their data. And as we saw this week, big players such as Apple have recognized this and aligned both their product updates and their brand with privacy.
A nightmare journey
This process is prone to user frustration, customer data breaches, and internal bottlenecks. It’s so arduous for companies to execute that many adopt the “strategy” of obscuring the process so users don’t make data privacy requests at all. It’s hard to imagine another scenario in today’s business world where this would be acceptable. What if whenever someone wanted to withdraw money from their bank, they had to email a generic handle found on a webpage to request their money, wait weeks while the bank verified their identity, and then wait for weeks more while managers scrapped around in bank vaults to manually piece together their savings? Somehow, on data privacy, we’ve gotten used to this as the status quo.
It was like data was flowing into companies on a 12-lane superhighway but flowing back out to users on a dirt road.
I realized how painful this process was as an undergrad after I decided to try to find my personal data online. I reached out to over 21 companies, including Google, Facebook, Twitter, Under Armour, Reddit, and Spotify. I sat on the phone with customer service teams and legal directors and even tried to scrape the data myself by building third-party apps on company platforms. Though the data represented my life story, it was impossible for me to read it. The asymmetry was staggering. It was like data was flowing into companies on a 12-lane superhighway but flowing back out to users on a dirt road.
Since then, as the CEO of the first-ever data privacy infrastructure technology company, I’ve studied the user experience of data privacy at over 120 companies. Most companies—more than 60% of those I’ve studied—are using the privacy flow outlined above, and it’s as common to see it at a startup as at a Fortune 100 company.
Putting users first
The future of data privacy is meeting customer needs on data access and deletion at the click of a button. That’s possible now through smart engineering solutions, but realizing that vision of the future also requires businesses to recognize, and prioritize, the fact that consumers want a better experience.
In the future, the companies that thrive will be those that recognize the strategic opportunity data privacy presents. It’s time to lean in on the vision that gives users instant control over their data. Put another way, it’s time to stop treating data privacy like a cumbersome workflow problem and instead embrace the opportunity of championing user data rights instead.
Ben Brook is the CEO of Transcend, the first-ever data privacy infrastructure technology company. Transcend is backed by Accel and Index Ventures.