Amy Yeung is the Chief Privacy Officer at Lotame. In this piece, she explains how minimising data can help advertising businesses as they navigate an evolving privacy landscape.
As an industry, we’ve made great strides in advocating for and educating the public about the importance of data privacy. Increasing data privacy regulations across different states in the U.S., Australia’s Privacy Act, Apple’s privacy changes and the recent Google cookie delay development hasn’t ceased to send shockwaves throughout the advertising world. The privacy laws — make well-intentioned and important attempts to protect consumers. But, in my view, we’re focused on the wrong things. We tend to focus on what we lose through more stringent data regulations. We’re not focusing nearly enough on what we gain from this exercise of data minimisation: A reduction in the white noise created by unnecessary data, more verifiable data insights, and the opportunity to create a framework for safer and cleaner data collection processes into the future.
If we care about our bottom line, we need to plan for sustainability by adopting data practices that ensure business can continue without falling into a reactive stance with every new piece of legislation. Treating all privacy principles as equal — and equal in how they affect data privacy analysis and overall business strategy — ties us up into pretzels over process questions, without fully considering the substantive value of the answers. Focusing on theoretical scenarios makes it easy for us to drift into trying to solve for unrealistic scenarios.
Consider an extreme example: If a company isn’t ingesting data, there are minimal data privacy concerns, and consequently, there is no risk. Now, we all understand this is not a practical approach for brands and media owners who recognize the need to collect at least some data about their customers. But the decision is not binary — all or nothing. We are too focused on whether and how to collect data, and not focused enough on what types of risk come with certain types of data, and how we can reduce the overall risk because of a reduced data ingestion footprint.
In conversations about current and impending regulatory pressures, we often downplay the value of data minimization and its subsequent benefits downstream. We need to reweigh the principles of data privacy, and acknowledge data minimization as the most important priority when it comes to data protection and privacy.
Clearly, an architected system (privacy by design) can provide some very real value to reviewing and reducing risk across the system. But certain tenets of the privacy principles — namely data minimization — can have a significant impact on the overall treatment of the cumulative data. Focusing on this value proposition will help improve discernable value for our businesses, and truly create trust with consumers.
Data minimisation includes making some very real and very difficult upfront decisions about data ingestion for a media owner. For example, electing not to capture a mobile ID or an individual’s personal demographics at the start means that event will not include this potentially valuable information. Or, electing to capture as an initial matter to validate identity, but minimizing following validation, can meet important needs and reduce downstream risk. Although a number of professionals I work with do recognise and appreciate this decision, not all do. This difference in data collection practices creates separate bands of data privacy risk, exposure, or trust while ingesting all data from that event. But while acknowledging that separation, we must give due credit to positive downstream effects: namely, the impact of minimizing attachment of data points in the future, as it limits the initial data set. Many organizations do not fully embrace this secondary value in their privacy analysis.
Approaching data minimization seriously requires some upfront decision-making that delivers benefits into the future. This is especially wise right now: Reacting to emerging data regulations on a case-by-case basis only delays resolution of the problem. Businesses must identify the most valuable data for themselves and their partners. Limiting the types of data collected upfront saves resources needed to process the data. Reducing waste — unneeded or hard-to-verify data — enriches the data’s potential and reduces security risks in data storage. Consider whether the data will age well. Data has a shelf life, and outdated data adds no value to the sum of all your data.
There is a correlation between data minimization and data enrichment, and this also places value in minimization. It is natural to conclude that when there is less data to connect, it is more difficult to attain a high level of enrichment. Certain key values such as names, phone numbers, and addresses will, of course, deepen the analysis. In contrast, pseudonymized and aggregated data can generally be recombined and enriched only in limited ways. To be clear, these are in fact positive limiting factors, which should be incorporated into the overall analysis of risk, despite the use of the word “enrichment.”
This is the moment for media owners and advertisers alike to ask whether their data is valuable because it is vast, or because it delivers actionable insights. Data minimization is the key value proposition we need today to enable best decision-making practices for the business, its partners, and ultimately consumers.