Data privacy has been the focus of many regulations over the last few years. General Data Protection Regulation (GDPR) has consumed much of the conversation and the California Consumer Protection Act (CCPA) went into effect just last month. Privacy has been around since the advent of civilization: it’s referenced many times in classical Greek law; third, fourth, and fifth amendments to the US Constitution include privacy related provisions; and in 1948, UN’s Article 8 included the right to respect privacy.
Over the last few decades, online privacy has added a new level of focus on data protection. Privacy regulations such as GDPR or CCPA have focused on a few primary areas for data infrastructure. These include:
- Personal Information: Identify systems in which the personal information is retained
- Non-Personal Information: Identify or link any data fields not maintained in a manner that would be considered personal information
- Delete any personal information about the consumer which the business has collected
- Direct 3rd parties to delete information about consumers which they have collected on behalf of the business
Like many regulatory endeavors, these are already falling behind the technology usage of consumers and businesses. Although the primary focus of many regulations has been on stored structured and unstructured data, other areas such as real-time data, voice recognition, machine learning (ML), and artificial intelligence (AI) have been gathering consumer attention due to their invasive natures. Some areas include:
- Ability to listen to conversation through computer microphones and displaying ads for something a consumer spoke of near a voice assistant and not necessarily to it
- Converging data between data collected while shopping online, chatbot data, and online browsing activity
- Ads following across multiple devices based on social media activity and shopping across multiple sites
- Chatbot data stored and used for subsequent chatbot interactions with customers using AI and ML technologies
Regulatory fines are the stick and data architecture needs to reflect current regulations to fix unintended overreach in data collection and comply with customer data requests. Data can be collected in an ethical way by:
- Providing full transparency of how data is being collected and how data is intended to be used, then sticking to the intended usage
- Mindfulness that the collected data closely approximates how consumers would want to behave in person
- Use AI and ML technologies with a human touch across the multiple channels of interaction with customers
A holistic data collection, storage, and usage can both prevent regulatory mistakes and increase brand goodwill and customer satisfaction.