While healthcare and financial data are protected by federal legislation, individuals have little control over how consumer data is collected and used.
As technology advances and the devices consumers use every day get better at tracking people's behavior, concerns over data privacy grow.
Some data needs to be protected and already is.
Personal medical information is protected is protected by laws such as the Health Insurance Portability and Accountability Act (HIPAA) to prevent people from being discriminated against due to their health. Data such as social security numbers and financial records is protected to prevent crimes like identity theft.
Data related to consumer behavior, however, is not nearly as regulated by data privacy laws.
But data related to consumer behavior is growing exponentially. Laptops record every website people look at and online purchase they make. Smartphones have a GPS that tracks and records every step people take and location they visit.
Who has access to that data, and how it's used, matters.
Brendan Egan is a marketer. He is the founder and CEO of Simple SEO Group and co-founder and CEO of The Marketing Masters, author of "101 Tips from Marketing Masters," and member of the board of directors at more than 10 companies.
But despite his background as a marketer, he believes in data privacy and thinks more needs to be done to give individuals control over their data privacy.
In this first part of a two-part Q&A, he discusses why it's important to give individuals more power over who has access to their data and how it can be collected and used. In the second part, he goes in depth about pending legislation called the American Data Privacy and Protection Actthat could begin the process of better protecting personal information.
When we use the term 'data privacy' as it relates to consumer data, what information are we talking about that's sensitive and may need protecting?
Brendan Egan
Brendan Egan: There is the obvious sensitive information like financial data, credit card information, bank accounts, and security questions like your mother's maiden name or the town you grew up in. Those things are black and white in terms of being sensitive information. But we live in a global economy where data privacy is more than just the traditional information we would put through a paper shredder back in the day. It's become things like purchasing habits, spending activity, and internet browsing activity. The smart card enables tracking of people and how they live their daily lives -- how many times I go to Starbucks in a week or how often am I commuting down certain roads. The lines between what's sensitive information and what isn't have become so blurred that what it comes down to, on both a personal and business level, is that all of our data is something that should be guarded and private.
I sit in the chair of a marketer, and I love having access to data that we can use for our clients. But I understand that both consumers and businesses have a need to keep their information private and not have 'Big Brother' looking over their shoulder and data constantly getting into the wrong hands.
If it's just collected for something like a direct marketing campaign, why is how many times you go to Starbucks sensitive data?
Egan: There's not much malice with a marketing company tracking how many times I go to Starbucks and showing me a Starbucks ad on a Tuesday at 9 a.m. to try to get me back in there. But think of someone who has an addiction. Maybe they're trying to quit drinking and they had been going to a bar every Wednesday night, and now that bar is showing them ads to try to bring them back. There's a variety of things that seem harmless on the surface. It's very hard to legislate or regulate that one use of data is good and another use of data is bad. There's a lot of gray area.
As a society, we're all on our phones 24 hours a day, seven days a week, and we've become so interconnected that there are certainly concerns about data falling in the wrong hands -- our enemies and hackers and others that are doing very clear bad things. But there's also a large spectrum of things that are questionable that can be done with data that, on the surface, don't look bad but could be causing harm to the society at large or to individual people.
Is it possible to strike a balance?
Egan: I think we have to look back in history. Data privacy is nothing new, but we're dealing with a new type of data privacy. If we go back to the 1990s, there were regulations passed regarding a Do Not Call Registry. It was established so that you could put your phone number on this registry and businesses could no longer call you. It gave consumers a way to opt out of being cold called. If you go back even further than that, stores would ask to put you on their mailing list, and you had a clear-cut way of opting out of that.
Today, we have done a good job with regard to email lists, which segued from phones. But now we're in a time when you don't have to give your email to be tracked. You can be tracked just by visiting a website, just by visiting a storefront. There are all these technologies that exist [that can track activity]. At the crux of the issue is giving consumers a clear and easy way of opting out of that data being collected. The General Data Protection Regulation (GDPR) has attempted that in Europe, but that hasn't come to America yet.
As a marketer, how do you feel about data privacy laws like GDPR that restrict data collection?
I sit in the chair of a marketer, and I love having access to data that we can use for our clients. But I understand that both consumers and businesses have a need to keep their information private and not have 'Big Brother' looking over their shoulder and data constantly getting into the wrong hands.
Brendan EganFounder and CEO, Simple SEO Group; co-founder and CEO, The Marketing Masters
Egan: When GDPR came out, I hated it. It was an absolute nightmare for us to navigate that.
We primarily work with businesses based in the United States. But a lot of them have operations overseas and do business overseas, so it became very confusing about what could be collected and who could collect what. But where we are today is a transitory period where certain businesses can collect certain things and other businesses can collect other things, and some businesses are taking GDPR very seriously even though they're based in the U.S. and are applying it to the U.S. while others are not. So what we have is a very uneven playing field. Certain businesses have a clear advantage based on their risk tolerance and where they are geographically operating, so though I hated GDPR when it first came out, I've really grown to like it.
As I've become more informed about the data that's being collected and how it's being used -- especially as we get into AI and data is being crunched and manipulated and bent and construed in ways we could never imagine -- I think it's very important that individuals have a say in what data is collected and where that data ultimately goes.
What about anonymizing data -- does that mitigate the concerns related to data privacy?
Egan: There's a lot of talk about anonymous tracking. Instead of putting a cookie on someone's device and seeing that they went to Starbucks or a website or paid their American Express card, they're starting to make it anonymous through tokens and keys so that someone can't be targeted individually. They can only be targeted along with a group of people that have similar behaviors. That doesn't solve all the issues and concerns, but I think it's a step in the right direction. Businesses are not getting information about a specific person, but they're still able to target someone without knowing exactly who that person is.
Is anonymizing data the 'right' way to collect consumer data and protect people's privacy?
Egan: It's a step in the right direction. This is contrary to what a lot of marketers say, but I believe the data belongs to the individual. So I think anonymous tracking is a step in the right direction. But I still think we need to give individuals the opportunity to opt out. If I walk into a car dealership and I don't want to be bombarded by car ads for the rest of my life, I should be able to opt out of that. If I walk into a casino and I have a gambling problem, I should be able to opt out of getting ads. The anonymous aspect of it helps in terms of personal information not getting into the hands of bad actors. But it doesn't help with some of the other issues, such as people with addictions and people who feel like they're getting harassed through advertisements.
I had a client that was a large therapy group, and a woman was going to therapy and her husband didn't know about it. All of a sudden, she was getting bombarded by ads for therapy, and he was wondering, 'What the heck is this all about?' There are millions of scenarios where privacy is important not just from a security standpoint but from a personal privacy standpoint.
Editor's note: This Q&A has been edited for clarity and conciseness.
Brendan Egan
