tag:econsultancy.com,2008:/topics/privacy-data-protection Latest Privacy & data protection content from Econsultancy 2017-09-29T16:43:30+01:00 tag:econsultancy.com,2008:BlogPost/69463 2017-09-29T16:43:30+01:00 2017-09-29T16:43:30+01:00 10 delightful digital marketing stats we’ve seen this week Nikki Gilliland <p>Without further ado...</p> <h3>Digital ad fraud predicted to rise to $19bn in 2018</h3> <p>A new report by <a href="https://www.juniperresearch.com/researchstore/content-commerce/future-digital-advertising/ai-ad-fraud-ad-blocking-2017-2022" target="_blank">Juniper Research</a> predicts that digital ad fraud will cost advertisers $19bn in 2018 – that’s equivalent to $51m per day. This figure, which represents advertising on online and mobile devices, is also predicted to rise to $44bn by 2022. </p> <p>Meanwhile, the report further predicts that platforms using AI for targeting purposes will account for 74% of total online and mobile advertising spend by 2022.</p> <h3>Honesty is the key to winning trust from travel consumers</h3> <p>According to research by the <a href="https://dma.org.uk/research/dma-insight-customer-engagement-focus-on-travel" target="_blank">DMA</a>, simple factors like honesty and value for money can instill trust in travel consumers – perhaps even more so than technological innovation.</p> <p>The DMA found that 59% of consumers want value for money, 58% want ease of use, and 58% want good customer service from travel brands. Similarly, these factors can also keep customers loyal, with 53% saying good customer service would lead to a repeat booking, and 40% saying the same for deals and loyalty schemes.</p> <p>That's not to say customers don’t want the convenience of technology as well. 52% of consumers say they would use a chatbot to help with pre-travel questions, and 53% would be interested in using a VR headset to see a hotel room.</p> <p><img src="https://assets.econsultancy.com/images/0008/9270/DMA.JPG" alt="" width="750" height="568"></p> <h3>Three in four UK consumers are concerned about privacy of connected devices</h3> <p>New research from <a href="http://www.worldpay.com/uk/about/media-centre/2017-09/shoppers-give-thumbs-up-to-in-store-biometrics" target="_blank">Worldpay</a> has revealed a lack of trust in connected devices among UK consumers. </p> <p>In a study of over 2,000 people, just 23% of UK respondents said they feel comfortable with a smart device such as a fridge or virtual assistant ordering items on their behalf. Not only did the study uncover that Brits are laggards when it comes to Internet of Things adoption, but also that privacy is still a massive barrier. </p> <p>Worldpay found that 78% of British consumers are worried that businesses would share their personal data, while 77% are concerned about the prospect of devices being hacked by fraudsters. UK consumers are clearly a stubborn lot too, as 33% claimed that nothing would make them feel comfortable with automated purchasing.</p> <h3>93% of consumers would consider a rival brand after a negative email experience</h3> <p>A new report by <a href="https://www.mailjet.com/blog/guide/transactional-research-report/" target="_blank">Mailjet</a> suggests that lost emails can negatively affect levels of customer retention.</p> <p>Research has found that 28% of consumers across the UK now receive four or more transactional emails per day. Furthermore, 77% state they always check that they have received a purchase confirmation email, and 41% won’t wait more than one minute for a transactional email to arrive before getting annoyed with the company they are using.</p> <p>Consequently, 93% of customers would consider choosing a rival provider following a negative transactional email experience, with 21% of UK consumers saying speed of email delivery is the most important factor.</p> <p><img src="https://assets.econsultancy.com/images/0008/9269/Mailjet.JPG" alt="" width="760" height="407"></p> <h3>Decline in number of retailers offering free returns </h3> <p>Research by <a href="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.reboundreturns.com%2Fquarter-2-2017&amp;data=02%7C01%7Cdavid.moth%40econsultancy.com%7C3ed69e69770147425ea908d50590c01e%7Cfdd3bf0d1bfa49198a45f1a311d56753%7C0%7C0%7C636421041622281531&amp;sdata=%2B%2F6%2FC2F5MpzzWUd4cyJCEreZwzqYMJR1Zszj3mYBFHE%3D&amp;reserved=0" target="_blank">ReBound</a> has uncovered a drop in the number of UK and European retailers offering their customers free returns. In a study of over 200 leading fashion brands, just 28% were found to offer free returns – a big decrease from 55% in Q1.</p> <p>ReBound’s report also found that the majority of retailers are failing to be upfront about their returns policies, with just 6% promoting their returns policy at all three key stages of the purchase journey – product page, basket, and checkout.</p> <p><img src="https://assets.econsultancy.com/images/0008/9276/Returns.jpg" alt="" width="760" height="456"></p> <h3>Social sentiment for Uber increases following licence revoke </h3> <p>Since TFL announced that it won’t be renewing Uber’s licence to operate, social media has been awash with conversation about the decision. 4C Insights has been looking at engagement and sentiment for both companies across platforms including Facebook and Twitter.</p> <p>Surprisingly, it found that sentiment has dropped 13% for TFL since the announcement, with Uber remaining level despite the working practices highlighted by TfL's decision. </p> <p>With 730,000 signatures on the petition for Uber to have its London license renewed, it seems the general attitude on social media is annoyance at the service being taken away. </p> <h3>90% of Gen Z travellers influenced by social media</h3> <p>When it comes to travel plans, <a href="https://info.advertising.expedia.com/travel-and-tourism-trends-for-american-travelers" target="_blank">Expedia Media Solutions</a> has revealed that the Generation Z is the demographic most influenced by social media, with Instagram and Facebook being named as the most influential platforms. </p> <p>While Gen X (or millennials) are influenced less by social media than younger generations, more than half of them say Facebook has an effect on their decision-making.</p> <p>Lastly, baby boomers are the least likely to research travel destinations on social media, with more than 55% already deciding where to go, and 43% saying they don’t need help with planning.</p> <p><img src="https://assets.econsultancy.com/images/0008/9272/Expedia.JPG" alt="" width="780" height="347"></p> <h3>iOS 11 sparks consumer demand for new AR apps</h3> <p>Following on from the launch of iOS 11 and Apple’s new AR platform, ARKit, consumer demand for AR apps is on the rise.</p> <p>A new report by <a href="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdigitalbridge.eu%2Fdownload-our-new-report-augmented-reality-changing-the-face-of-retail%2F&amp;data=02%7C01%7Cnikki.gilliland%40centaurmedia.com%7Cadb8f897d4ac427e9e8d08d505beece0%7Cfdd3bf0d1bfa49198a45f1a311d56753%7C0%7C0%7C636421239942488912&amp;sdata=DN6h7HZhQ23xErI%2BpE0u4xwhEyFol2J3t7zrWcfNRAo%3D&amp;reserved=0" target="_blank">DigitalBridge</a> suggests that 61% of consumers say augmented reality is the technology they are most excited about using, compared to 30% for virtual reality. Consequently, 69% now expect retailers to launch an AR app within the next six months.</p> <p>Meanwhile, a further 18% of consumers don’t expect to be kept waiting longer than 12 months before they are offered access to an augmented reality platform, and 82% are expecting the technology to be made available via mobile.</p> <h3>Consumers fail to recall brand logos</h3> <p>Signs.com has been looking at how well consumers can recall the brand logos they see every day. <a href="https://www.signs.com/branded-in-memory/" target="_blank">The study</a> involved 150 participants drawing 10 famous logos from memory, including Apple, Burger King, and Domino's.</p> <p>Results found that just 6% of people could recall the Starbucks logo – perhaps surprising considering many participants buy one of the 18m cups of coffee it sells per day.</p> <p>Ikea saw the most success, with nearly a third of participants recreating near-perfect logos. Meanwhile, more than 20% of participants wrongly included a crown when drawing the Burger King logo, despite the fact that the design hasn’t included one in almost 50 years.</p> <p>Lastly, one in three participants incorrectly included a stalk in the Apple logo. </p> <p><img src="https://assets.econsultancy.com/images/0008/9271/brand_logos.JPG" alt="" width="550" height="631"></p> <h3>Pizza generates 26m shares on Instagram</h3> <p>Lastminute.com has revealed the world’s most-shared food trends, including the top international foods and the most popular obscure trends.</p> <p>Topping the list of the most-shared international foods is pizza, with 26m shares on Instagram. This is followed by sushi with 17.6m shares, and pasta with 11m shares.</p> <p>Meanwhile, matcha tea was found to be the most popular unusual food, generating 2.5m shares. Cronuts, bubble tea, and freakshake also appear in the top 10 obscure foods Instagram users love to document.</p> tag:econsultancy.com,2008:BlogPost/69437 2017-09-22T13:30:00+01:00 2017-09-22T13:30:00+01:00 What advertisers need to know about Safari's new anti-tracking feature Patricio Robles <p>Here's what advertisers need to know about the new feature and how it could affect their ability to target ads to consumers.</p> <h3>What is it?</h3> <p>As its name suggests, Intelligent Tracking Prevention is an anti-tracking feature that is designed to protect user privacy. Specifically, it “reduces cross-site tracking by further limiting cookies and other website data.”</p> <h3>How does it work?</h3> <p>Intelligent Tracking Prevention looks at the resources web pages load as well as how users interact with those pages. Interactions captured include taps, clicks, and text entries. </p> <p>The data Intelligent Tracking Prevention collects is put into buckets for each top-level domain (TLD) or TLD+1. It is then run through a machine learning model to determine whether the domain in question is capable of cross-site tracking. </p> <p>Apple WebKit engineer John Wilander <a href="https://webkit.org/blog/7675/intelligent-tracking-prevention/">explained</a>:</p> <blockquote> <p>Out of the various statistics collected, three vectors turned out to have strong signal for classification based on current tracking practices: subresource under number of unique domains, sub frame under number of unique domains, and number of unique domains redirected to. </p> </blockquote> <h3>What does it do?</h3> <p>Once Intelligent Tracking Prevention detects cross-site tracking, it takes action to either keep or purge first-party cookies and website data based on a number of factors.</p> <p>For example, for the TLD example.com, if a user has not interacted with the website for 30 days, Intelligent Tracking Prevention will purge its cookies and website data. On the other hand, if the user does interact with the example.com website, it will allow its cookies to be used in a third-party context for 24 hours.</p> <p><img src="https://assets.econsultancy.com/images/resized/0008/9080/webkit-blog-flyer.png" alt="" width="470" height="152"></p> <p>According to Wilander, “This means users only have long-term persistent cookies and website data from the sites they actually interact with and tracking data is removed proactively as they browse the web.”</p> <p>To ensure that users can stay logged into websites, partitioned cookie functionality has been added to WebKit. This allows for a website to keep its cookies beyond 24 hours for the purpose of keeping users signed in but not for cross-site tracking.</p> <h3>Why is the ad industry so upset?</h3> <p>The current version of Safari already blocks third-party cookies but as the ad industry sees it, the potential blocking of first-party cookies goes way too far.</p> <p>Six industry groups, including the Interactive Advertising Bureau, American Advertising Federation, the Association of National Advertisers, and the 4A's, penned <a href="http://www.adweek.com/digital/every-major-advertising-group-is-blasting-apple-for-blocking-cookies-in-the-safari-browser/">an open letter</a> to Apple “from the Digital Advertising Community.”</p> <p>In it, the groups argue that “Safari's new 'Intelligent Tracking Prevention' would change the rules by which cookies are set and recognized by browsers”, in turn disrupting the infrastructure of the digital economy. The letter explains that “Blocking cookies in this manner will drive a wedge between brands and their customers, and it will make advertising more generic and less timely and useful.”</p> <p>In practical terms, Intelligent Tracking Prevention will severely disrupt behavioral targeting and <a href="https://econsultancy.com/blog/64099-what-is-retargeting-and-why-do-you-need-it">retargeting</a>. While these forms of targeting are very popular with advertisers because of their efficacy, they are frequently the source of complaints from consumers and privacy advocates.</p> <h3>How has Apple responded?</h3> <p>Those user complaints seem to carry a lot of weight with Apple, which is refusing to give in to the ad industry's demands to rethink Intelligent Tracking Prevention.</p> <p>“Apple believes that people have a right to privacy – Safari was the first browser to block third-party cookies by default and Intelligent Tracking Prevention is a more advanced method for protecting user privacy,” the company stated. “The feature does not block ads or interfere with legitimate tracking on the sites that people actually click on and visit. Cookies for sites that you interact with function as designed, and ads placed by web publishers will appear normally.”</p> <h3>How is the ad industry likely to respond?</h3> <p>Of course, advertisers are unlikely to resign themselves to a new world in which cross-site tracking is difficult if not impossible in the most popular mobile browser.</p> <p>As privacy expert Alexander Hanff <a href="https://privacy-news.net/news_article/5936b50c178a907559b1e5f3">noted</a>, Intelligent Tracking Prevention can't thwart server-side tracking and now that Apple is taking aim at client-based cross-site tracking, “it is highly probable that Apple's new approach to tracking will only accelerate a move to these server side technologies from those who have yet to use them.”</p> <p>So even if Apple's move causes a lot of hand-waving, given the importance of cross-site tracking to the online advertising ecosystem, this almost certainly won't be the end of the story.</p> tag:econsultancy.com,2008:BlogPost/69425 2017-09-15T12:02:00+01:00 2017-09-15T12:02:00+01:00 10 remarkable digital marketing stats we’ve seen this week Nikki Gilliland <p>Get stuck in…</p> <h3>Live stream engagement is on the rise</h3> <p>According to <a href="http://blog.globalwebindex.net/chart-of-the-day/the-rise-of-live-streaming-2/" target="_blank">GlobalWebIndex</a>, the amount of users engaging with live streams on social media has increased nearly 10%.</p> <p>Now, 28% of internet users have watched a live stream on Facebook, Instagram or Twitter in the past month – up from 20% in Q3 2016. </p> <p><img src="https://assets.econsultancy.com/images/0008/8992/GlobalWebIndex.JPG" alt="" width="720" height="540"></p> <h3>Data usage increases while lack of transparency remains high</h3> <p>A <a href="http://media2.bazaarvoice.com/documents/more-data-more-Problems-ebook.pdf?utm_source=press%20release&amp;utm_medium=PR&amp;utm_campaign=Ad%20Age%20Research" target="_blank">new study</a> by Bazaarvoice and AdAge has revealed how digital marketers view the impact and credibility of data partnerships. </p> <p>Despite an increase in data usage, it found that there is still a lack of transparency, with both the sources and quality of the data being misunderstood and mistrusted by marketers.</p> <p>While 95% of the marketers surveyed said that they employ first- and third-party data in their media plans, 64% are unsure about the origins of their data sources. What’s more, one quarter of brand marketers do not know how often their data sources are refreshed. </p> <p>Lastly, three out of four marketers said they are not confident that their data is reaching in-market consumers, and just 23% of agency buyers are fully confident that their third-party data partners deliver against KPIs.</p> <h3>Only 17% of new leads are converted as sales &amp; marketing teams struggle to align</h3> <p>A new study by <a href="https://www.dnb.co.uk/marketing/media/state-of-sales-acceleration.html" target="_blank">Dun &amp; Bradstreet</a> has revealed that there is huge disconnect between sales and marketing teams, with just 17% of new leads being converted into revenue as a result. </p> <p>57% of marketers say that understanding their target audience is a big challenge, and 56% say that an inability to find relevant and complete data holds them back.</p> <p>Meanwhile, 24% of salespeople say they don’t have enough time to research potential customers, and 35% say they are under more pressure to provide value in a digitally-led business.</p> <p><img src="https://assets.econsultancy.com/images/0008/8991/Dun_and_Bradstreet.JPG" alt="" width="423" height="438"></p> <h3>72% of consumers turn to Amazon to research products</h3> <p>According to <a href="https://kenshoo.com/e-commerce-survey/" target="_blank">Kenshoo</a>, Amazon is playing an increasing role in shopping discovery, as 72% of people say they visit Amazon to research products online.</p> <p>26% of Amazon users also admit to checking for alternatives, background information, and prices on the site when they are thinking about making a potential purchase in a physical store. Meanwhile, 51% say they usually refer back to Amazon to find out additional product information or to compare prices – even if they’re happy with the offering on another retail site.</p> <p>Lastly, 9% say that they often share interesting products that they find on Amazon with friends, colleagues, and family.</p> <h3>Millennials spend more time watching time-shifted content than live TV</h3> <p><a href="https://www.cta.tech/News/Press-Releases/2017/August/Millennials-Now-Watch-More-Time-Shifted-Content-Th.aspx" target="_blank">CTA</a> (Consumer Technology Association) has revealed that millennials’ interest in live TV is dwindling, with this demographic dedicating more time to watching content after it’s already aired.</p> <p>Millennials are now dedicating 55% of their TV-watching activity to ‘time-shifted’ content – either on streaming sites or on-demand platforms – compared to 35% of people aged over 35. </p> <p>Additionally, millennials are more likely to try content recommended by predictive recommendations, with 79% saying they've watched shows that have been suggested for them.</p> <p><img src="https://assets.econsultancy.com/images/0008/8990/CTA.JPG" alt="" width="491" height="491"></p> <h3>Personalisation generates 50% higher email open rate</h3> <p>A new report by <a href="http://www.yeslifecyclemarketing.com/campaign/benchmarks/vwo-subject-line-benchmarks" target="_blank">Yes Lifecycle Marketing</a> has revealed that brands are failing to use personalisation in email subject lines, despite a proven increase in open rates.</p> <p>It found that messages with personalised subject lines generated a 58% higher click-to-open (CTO) rate than emails without. However, just 1.1% of all emails sent in Q2 2017 had personalisation based on name in the subject line, while 1.2% were personalised based on other factors like browser behaviour or purchase history. </p> <p>In contrast, it appears marketers are largely focusing efforts on welcome messages, with 69% sending this type of email.</p> <h3>82% of global marketers say that predictive marketing is essential</h3> <p>Forrester’s <a href="https://rocketfuel.com/tlp/" target="_blank">latest study</a> has found that the majority of global marketers believe predictive marketing is essential.</p> <p>66% of marketers in a survey said that their customer and marketing data comes from too many sources to make sense of it. Consequently, 82% said predictive marketing is essential to keep up with competitors in future.</p> <p>The survey also found that 86% of global marketers plan to increase the use of AI to drive marketing insights in the next 12 months, and 80% said they will use AI to deliver consistent, optimised, cross-device content.</p> <p><img src="https://assets.econsultancy.com/images/0008/8988/Forrester.JPG" alt="" width="318" height="570"></p> <h3>Half of millennials prefer sales outreach via social media</h3> <p>Research by <a href="https://getbambu.com/data-reports/q3-2017-how-to-optimize-for-social-selling/" target="_blank">Bambu</a> has revealed that millennials are keen to use social media to learn about new products and services, with 45% of this demographic more likely to prefer sales outreach via social than older generations.</p> <p>Bambu also found that 35% of people are more likely to buy from a sales representative who shares industry news and helpful content on social, and 22% say that this activity makes them more likely to follow that representative on social.</p> <p>Social selling is clearly more favourable than traditional methods such as cold-calling – just 9% of consumers say that the phone is their preferred way to hear from a company for the first time.</p> <p><img src="https://assets.econsultancy.com/images/0008/8987/Bambu.JPG" alt="" width="720" height="467"></p> <h3>81% of retailers anticipate a future as a media company</h3> <p>According to <a href="http://go.brightcove.com/marketing-future-of-retail" target="_blank">Brightcove</a>, an increasing number of brands are taking on traditional broadcasters by producing long-form, TV-style content. As a result, 81% of retailers say they anticipate transitioning into fully-fledged media companies in future.</p> <p>From a study of 200 retail businesses in the UK, France, and Germany, Brightcove found that 61% are already offering TV-style content services, and a further 33% have plans to do so within the next two years.</p> <p>There could be resistance from consumers, however, as Brightcove also found that 41% of consumers who have previously watched this kind of content say it is too ‘salesy’, while 30% say it is inauthentic.</p> <h3>Only 9% of people visit high-street travel agents</h3> <p>Finally, <a href="https://www.apadmi.com/travel-report-2017/" target="_blank">Apadmi</a> suggests that the high-street travel agent could be under threat, as just 9% of UK holidaymakers say they now visit travel agents in person to book their holiday. This comes from a survey of 1,000 people who have gone on holiday in the past 12 months.</p> <p>The study also revealed that just 4% of 18-24 year olds have visited their high street travel agents in recent times, while this rises to 18% for people over the age of 65.</p> <p>It’s not all gloom and doom for travel agents though. Apadmi also found that an increase in technology would attract consumers back to the high street, with 48% saying they would like to see travel agents invest in augmented reality and virtual reality so they can view destinations, hotels or transport in store.</p> tag:econsultancy.com,2008:BlogPost/69399 2017-09-13T11:00:00+01:00 2017-09-13T11:00:00+01:00 Why GDPR is great news for marketers and will create a more efficient data economy Daniel Gilbert <p dir="ltr">Why anyone whose business relies on personal data would be ungrateful for <a href="https://econsultancy.com/hello/gdpr-for-marketers/">the GDPR (General Data Protection Regulation)</a> is a mystery to me: it is a huge step in the right direction, designed to benefit data holders and consumers alike. There are costs to becoming ready, and the potential risk of being fined for non-compliance – but these are short-term problems, which will soon be forgotten in the wake of a more transparent, efficient data economy.</p> <p>In relation to digital advertising, the new regulation will have a positive impact on the quality of the data used for targeting, the relevance of ads, and the attitude towards those ads on behalf of the consumer. Ultimately, GDPR will greatly enhance the performance of any digital marketing campaign.</p> <h3>Creepy vs. Relevant</h3> <p>Online advertising treads a fine line between being creepy and relevant. An oft-cited example comes from the US clothing store, <a href="https://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/#1fb3a72f6668">Target</a>, which epitomises the current issue with targeted advertising. Using an algorithm to analyse the purchasing habits of its customers (based on data obtained from loyalty cards), Target was able to predict, amongst other things, when one of its shoppers became pregnant and adapt its marketing accordingly.</p> <p>On one occasion, Target sent a bundle of soon-to-be-a-mom-related coupons to a 16-year-old customer; her father sent an irate complaint, only to discover that Target, before even the daughter had realised it, was right.</p> <p>This is an extreme case of creepiness, yet this feeling and a number of other synonymous attitudes, are prevalent amongst recipients of targeted advertising. And underlying this sense of creepiness, is ultimately a lack of trust. According to the largest European consumer survey to date, <a href="http://ec.europa.eu/commfrontoffice/publicopinion/archives/ebs/ebs_359_en.pdf">the Special Eurobarometer 359 report</a> (2010), ‘70% of Europeans are concerned that their personal data held by companies may be used for a purpose other than that for which it was collected.’</p> <p>Furthermore, ‘Just over a quarter of social network users (26%) and even fewer online shoppers (18%) feel in complete control.’ <a href="https://www.symantec.com/content/en/us/about/presskits/b-state-of-privacy-report-2015.pdf">The Symantec State of Privacy Report</a> (2015) reports similar findings: ‘only 22% trusted "tech companies" to keep data completely secure and only 10% trusted social media organisations’. And, considering current practices, it’s not really that surprising that this is the case.</p> <p>As a result of this lack of trust, many consumers are resorting to either not sharing their data, or falsifying it. A report by the <a href="http://www.pewinternet.org/2015/05/20/americans-attitudes-about-privacy-security-and-surveillance/">Pew Research Center</a> (2013), found that ‘an estimated 86% of consumers in the US had falsified or misrepresented their personal information online’.</p> <p><img src="https://assets.econsultancy.com/images/0008/8921/Pew_survey.png" alt="" width="700" height="590"></p> <p><em>Further stats from Pew Research</em></p> <p>In a report published earlier this month in the <a href="http://www.tandfonline.com/doi/abs/10.1080/0267257X.2017.1348011">Journal of Marketing Management</a>, Girish Punj warns that ‘the trend towards the falsification of online information could be particularly detrimental for mobile commerce firms because they require accurate location-aware, real-time information on consumers for personalising communications and customising product offers’.</p> <p>In simple terms, the current relationship between advertisers and consumers is damaging to both parties. GDPR presents a massive step forward to repairing this relationship, and improving personal data quality.</p> <h3>Data transparency</h3> <p>Greater media transparency has become the number one priority of advertisers over the last couple of years, especially since the publication of the <a href="http://www.ana.net/content/show/id/industry-initiative-media-transparency-report">ANA K2 report in 2016</a>. What about transparency between advertiser and consumer?</p> <p>At the moment, internet users are heavily deterred from making an informed decision about whether to share their data, the potential consequences of such sharing, and what exactly is happening to their data once it has been submitted.  </p> <p>In the previously mentioned research by Symantec, ‘59% of respondents said that they only skim read the terms and conditions when buying products or services online’ and ‘14% said they never read the terms and conditions’.</p> <p><img src="https://assets.econsultancy.com/images/0008/8922/symantec_stats.png" alt="" width="684" height="388"></p> <p>The Eurobarometer research found that ‘58% of respondents who use the internet usually read privacy statements’, but ‘24% of those who read them said that they did not fully understand what they are reading.’</p> <p>A study by the <a href="https://ico.org.uk/media/about-the-ico/documents/1431717/data-protection-rights-what-the-public-want-and-what-the-public-want-from-data-protection-authorities.pdf">ICO</a> (2015) found that a focus group’s ‘awareness of privacy notices was extremely limited’, and number of studies have criticised the lack of granularity in options, leading to consumers needing to make compromises, e.g. opting to share data in exchange for valuable information.</p> <h3>The positive impact of GDPR</h3> <p>If GDPR is able to achieve what it sets out to – ensuring data transparency, increasing individual control – then advertisers can expect a much improved relationship with their audience. A study by the <a href="http://www.twi-kreuzlingen.ch/uploads/tx_cal/media/TWI-RPS-099-Schudy-Utikal.pdf">Thurgau Institute of Economics</a> (2015) concludes that ‘transparency leads to an increase in the individual’s willingness to share personal information as the individual is able to see and assess the collected information and the possible use of it’.</p> <p>Part of transparency is understanding the benefits of data sharing. A study by <a href="http://www.sciencewise-erc.org.uk/cms/assets/Uploads/SocialIntelligenceBigData.pdf">Sciencewise</a>, a UK government-funded programme, found ‘personal benefit to be the strongest incentive’ for those in favour of sharing personal information, yet, according to a study by <a href="https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/deloitte-analytics/data-nation-2012-our-lives-in-data.pdf">Deloitte</a> (2012), ‘62% of consumers are not confident that sharing their data with companies or public sector bodies will result in better services or more relevant products’.</p> <p>The majority of internet users don’t believe in the benefits of an open data economy, but GDPR will help to make these benefits clearer. In terms of advertising, the main advantage will always be greater personalisation, along with the more indirect, general reward of a more efficient ad industry driving economic growth. Beyond this, there is the potential of data to be used for improving services, and generating a global network of information with incalculable social benefits.</p> <h3>We need to make GDPR work</h3> <p>GDPR, for all of the praise within this article, is imperfect. There are a number of foreseeable loopholes that may be exploited by data holders, potential limitations to the efficacy of the regulations in terms of empowering individuals to exercise their new rights, and a number of ambiguities that may lead to confusion when the law becomes implemented next year.</p> <p>A number of commentators are also questioning to what extent data holders/processors will fulfil <a href="https://www.econsultancy.com/blog/69376-gdpr-requires-privacy-by-design-but-what-is-it-and-how-can-marketers-comply">the ‘privacy by design’ principle</a> that is so important to the success of the EU’s ambition. And, so long as businesses are convinced that non-transparent data practices are to their advantage, there is plenty of reason to be pessimistic about GDPR: perhaps, despite all this anticipation, it will actually have very little impact?</p> <p>The answer depends on all of us. Not since AdWords has there been a better opportunity for improving the transparency of advertising, and for aligning the interests of consumers with the objectives of businesses. It is up to all of us on the other side of the screen to use GDPR to make advertising better, and rejuvenate the digital world.</p> <p><em>For more resources on this topic, check out <a href="https://econsultancy.com/hello/gdpr-for-marketers/">Econsultancy's GDPR hub page</a> or sign up to our </em><em><a href="https://www.econsultancy.com/training/courses/gdpr-data-driven-marketing">GDPR &amp; Data-Driven Marketing Training</a>.</em></p> tag:econsultancy.com,2008:BlogPost/69415 2017-09-12T14:15:00+01:00 2017-09-12T14:15:00+01:00 Five things every company can learn from the Equifax data hack Patricio Robles <p>While companies have been aware of the data breach threat for years now, the unfolding Equifax incident is a stark reminder of just how high the stakes are today. </p> <p>Here are five lessons every company should heed from the Equifax breach.</p> <h3>1. Data is more valuable than ever, and there's more of it than ever</h3> <p>While most companies don't store data as sensitive as a credit bureau like Equifax, companies of all sizes are increasingly collecting more and more data. And for good reason: for the past several years, companies have been told that data is critical to their success in the 21st century.</p> <p>Take the digital advertising market, for example. To win, companies <a href="https://econsultancy.com/blog/66957-resolving-the-customer-identity-challenge-with-first-party-data/">have been upping their efforts to gather and use first-party data</a>.</p> <p>This isn't inherently a bad thing, of course, but as companies store more data, and more detailed data, about their customers and, in many cases, people who aren't even their customers, the risks associated with data breaches increase substantially and that <a href="https://www.econsultancy.com/blog/67668-data-can-be-toxic-here-s-how-companies-should-handle-it">data can be toxic</a>. Even if companies don't store the most sensitive information about their customers, such as Social Security numbers, as digital data proliferates, criminals are becoming more savvy about how data can be exploited and that means companies shouldn't underestimate how the data they store could be used, especially when it is combined with data from other sources.</p> <h3>2. Disclosure of data breaches needs to be made quickly</h3> <p>Equifax reportedly learned that its systems had been breached in late July, so one of the biggest criticisms of the company is that it took over a month to inform the public. While it's understandable that a company might need time to investigate a breach and determine its extent, at the same time, companies need to understand that the public is not going to respond kindly when breaches are not promptly disclosed, especially when the information stolen could be used against them.</p> <p>As a result, unless law enforcement demands otherwise, companies should err on the side of disclosing that they've been breached sooner rather than later.</p> <h3>3. The response cannot be botched</h3> <p>Following a data breach, companies have one chance to make things right to the greatest extent possible. Despite the fact that Equifax knew about a data breach for weeks, its public response to the breach has been roundly criticized.</p> <p>The <a href="https://www.equifaxsecurity2017.com">website</a> the company set up to provide information <a href="https://www.bloomberg.com/news/articles/2017-09-08/consumers-struggle-to-get-answers-from-equifax-after-massive-hack">was plagued with problems</a>, some of them downright embarrassing. The data breach checker that purports to let individuals know if their data was part of the breach <a href="http://www.zdnet.com/article/we-tested-equifax-data-breach-checker-it-is-basically-useless/">doesn't appear to work</a>, and an arbitration clause in a legal agreement for the free monitoring service Equifax is offering to affected consumers <a href="https://www.forbes.com/sites/dianahembree/2017/09/09/consumer-anger-over-equifaxs-ripoff-clause-in-offer-to-security-hack-victims-spurs-policy-change/">was the source of a firestorm that Equifax had to respond to</a>.</p> <p>Put simply, Equifax's response has basically been a textbook case study for <em>how not to respond to a massive data breach </em>and because of this, everything the company does from here forward is going to be met with an even more critical eye from the public and media.</p> <h3>4. The actions of company leadership are going to be scrutinized</h3> <p>Thanks in large part to social media, there's more scrutiny than ever over companies when something goes wrong. In the case of Equifax, it was quickly revealed that three members of Equifax's senior management team <a href="https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack">sold nearly $1.8m worth of shares</a> in the company in the days following the company's discovery of the data breach. </p> <p>According to an Equifax spokesperson, the trio "had no knowledge that an intrusion had occurred at the time," something that some members of the public and media have had a hard time believing, especially given that one of the executives who sold stock was the company's chief financial officer.</p> <p>But even if one accepts the company's claim, it's a reminder to companies that the public scrutiny they will face in the wake of a data breach extends to the actions of company management and therefore, part of the response strategy should take into account the importance of ensuring that the actions of company management following a data breach don't make a bad situation worse. </p> <h3>5. Data breaches are an existential threat</h3> <p>One of the big questions following the Equifax hack is whether or not Equifax will survive. While it might seem preposterous to question whether one of the three major credit bureaus in the US and a company with a market capitalization of over $17bn even after its stock has fallen by over 20% in recent days could go out of business following a data breach, all bets are off because there has arguably never been such a damaging data breach in the world's history.</p> <p>A lawsuit seeking up to $70bn in damages <a href="https://www.bloomberg.com/news/articles/2017-09-08/equifax-sued-over-massive-hack-in-multibillion-dollar-lawsuit">has already been filed</a> and government agencies <a href="https://www.recode.net/2017/9/8/16278030/congress-hearing-massive-equifax-data-breach-hack-security-privacy-data">are circling</a>. Given the nature of this breach and the number of Americans affected, it's hard to see Equifax emerging from this with little more than a financial and regulatory slap on the wrist. And even if Equifax has money left in the bank when all is said and done, it seems likely the company's name will be tarnished for years and possibly even decades to come.</p> <p>Obviously, most businesses don't store the same type and volume of data about consumers as Equifax, but it's not inconceivable that as companies rely more and more heavily on more and more detailed data, the cost of data breaches could increase to the point where businesses, especially small and mid-sized companies, routinely don't survive them.</p> tag:econsultancy.com,2008:BlogPost/69410 2017-09-11T14:01:00+01:00 2017-09-11T14:01:00+01:00 Verizon wants customers to give up their data for targeted ads, and it's willing to pay Patricio Robles <p>As The Wall Street Journal <a href="https://www.wsj.com/articles/verizon-wants-to-build-an-advertising-juggernaut-it-needs-your-data-first-1504603801">detailed</a> on Monday, Verizon has launched a new program called <a href="https://www.verizonwireless.com/rewards/verizon-up/">Verizon Up</a> that offers users rewards like free music, Uber rides, sports gear, coffee and discounts on new phones. There are also "amazing once-in-a-lifetime experiences and front-row tickets" to concerts, movies and sporting events.</p> <p><img src="https://assets.econsultancy.com/images/0008/8822/verizonupreward.png" alt="" width="517" height="368"></p> <p>Verizon boasts that "no points or levels [are] required" in its new rewards program. For every $300 spent on a Verizon Wireless monthly bill, customers receive one credit.</p> <p>Oh, and there's one more thing: to participate in Verizon Up, customers have to opt into Verizon Selects, a program that "uses information about your web browsing, app usage, device location, use of Verizon services and other information about you (such as your postal/email addresses, demographics, and interests) and shares information with Oath (formed by the combination of AOL and Yahoo)" to "personalize your experiences and make advertising you see more useful across the devices and services you use."</p> <p>In other words, to score rewards, Verizon customers have to allow Verizon to use the data it has about them to deliver targeted ads.</p> <h3>A new kind of truth in advertising?</h3> <p>Naturally, Verizon Up is going to have its critics, but the company believes it is actually being more transparent and honest with its customers than many other digital advertising players are with their users.</p> <p>Verizon's CMO, Diego Scotti, pointed to Google and Facebook, telling the Wall Street Journal, "Some of our competitors, they have exactly the same thing, it's just buried in the terms and conditions of the service. We are not hiding anything."</p> <p>It's not a bad point.</p> <p><a href="https://www.econsultancy.com/blog/69381-the-google-facebook-duopoly-extends-to-mobile-apps-what-can-marketers-do">Google and Facebook</a> are under increasing scrutiny as their digital ad dominance grows. Both companies track users across the web and across devices. And in most cases, average users don't know when they're being tracked or how to control the data collected even when they have the ability to. In July, a judge in California dismissed a lawsuit against Facebook over its tracking of users even when logged out. Users don't have an expectation of privacy, the judge ruled.</p> <p>Google and Facebook, of course, offer a lot of value to users and the argument is that users allow these companies to collect data and advertise to them as payment for their otherwise free services. "If you're not paying for it, you're not the customer, you're the product" the saying goes.</p> <p>For years, some argued that users should be paid for their data as part of a so-called information market. As Vasant Dhar, a professor at New York University's Stern School of Business has <a href="http://money.cnn.com/2012/10/18/technology/social/facebook-should-pay-you/index.html">argued</a>, Facebook in particular would benefit by being more transparent given the amount and type of data it collects. "If users aren't making a conscious choice about what happens with their data, they end up feeling violated," he stated.</p> <p>But despite years of this kind of talk, there has been literally no movement on the part of advertising giants to compensate their users for their data. Even though its rewards are tied to dollar spend, Verizon Up is arguably one of the first major programs in which a major company is seeking to get customers to voluntarily give up their data for advertising purposes by giving them something of value in return other than access to a free service.</p> <p>Will it work? And will Verizon refuse to take and use valuable data from customers who don't sign up for Verizon Up?</p> <p>How those questions are answered could very well determine if a different future is possible for the digital advertising market.</p> tag:econsultancy.com,2008:BlogPost/69376 2017-09-06T14:00:00+01:00 2017-09-06T14:00:00+01:00 GDPR requires privacy by design, but what is it and how can marketers comply? Ben Davis <p>In systems engineering this is demonstrated by GPS, for example, where your mobile can detect its geographical location without giving away that location or your identity.</p> <h3>What does privacy by design mean in the context of the GDPR?</h3> <p>Before we dive in, I should confess that to liven up this article, I have peppered it with crappy stock photos that represent privacy or data breaches. I hope you enjoy.</p> <p><img src="https://assets.econsultancy.com/images/0008/8642/privacy1.jpg" alt="privacy" width="500"></p> <p>First off, it's worth saying that privacy by design is a new part of EU regulations, contained in the <a href="https://econsultancy.com/hello/gdpr-for-marketers/">GDPR</a>. The EU Data Protection Directive does not refer to the concept, which means that until the GDPR comes into force in May 2018, data controllers simply have to take appropriate measures in order to protect personal data (not to <em>design</em> so it doesn't need protection).</p> <p>So what does the GDPR state? It's worth reading <a href="https://gdpr-info.eu/art-25-gdpr/">paragraphs 1 and 2 of article 25</a>, which I have reproduced here (skip them if you're in a hurry):</p> <ol> <li>Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.</li> <li>The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons. </li> </ol> <p>In short, the GDPR requires:</p> <ul> <li> <strong>data protection by design:</strong> data controllers must put technical and organisational measures such as pseudonymisation in place – to minimise personal data processing.</li> <li> <strong>data protection by default:</strong> data controllers must only process data that are necessary, to an extent that is necessary, and must only store data as long as necessary.</li> </ul> <h2><img src="https://assets.econsultancy.com/images/0008/8643/privacy_2.jpg" alt="privacy" width="575"></h2> <p>Those organisations that do not implement privacy by design may show a disparity between their privacy policies and their privacy controls in practice. Back in 2013 in <a href="http://www.research.lancs.ac.uk/portal/en/publications/social-networking-privacy-understanding-the-disconnect-from-policy-to-controls(43358f64-c6e0-400c-b0d7-ef1db8893a41).html">a paper</a> from Lancaster University, this was shown to be the case with social networks. This is perhaps the central tension of social networks where, <a href="https://www.lrb.co.uk/v39/n16/john-lanchester/you-are-the-product">as John Lanchester writes</a>, "you are the product".</p> <p>In recent times, <a href="https://www.econsultancy.com/blog/69267-gdpr-six-examples-of-privacy-notice-ux-that-may-need-improvement">WhatsApp arguably showed such a disparity</a> when updating its T&amp;Cs in 2016. Users had to tap to agree when asked to share their personal data with Facebook companies, and many will not have noticed an opt-out 'hidden' in a concertina which referred to the sharing of their WhatsApp data to improve 'Facebook ad targeting and products experiences'.</p> <h3>What are the principles of privacy by design?</h3> <p>The ICO <a href="https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-by-design/">gives us</a> a nice initial summary encouraging "organisations to ensure that privacy and data protection is a key consideration in the early stages of any project, and then throughout its lifecycle. For example when:</p> <ul> <li>building new IT systems for storing or accessing personal data;</li> <li>developing legislation, policy or strategies that have privacy implications;</li> <li>embarking on a data sharing initiative; or</li> <li>using data for new purposes."</li> </ul> <p>But we can go further and investigate privacy by design in more detail. Specifically, by looking at <a href="https://iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf">the seven foundational principles</a> listed by Canada's Information and Privacy Commissioner Ann Cavoukian in 2011, and based on Kim Cameron's <a href="https://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf">seven 'Laws of Identity'</a>.</p> <p>These principles are not detailed in the GDPR, but they echo a lot of what the GDPR is endeavouring to encourage among data controllers.</p> <h2><img src="https://assets.econsultancy.com/images/0008/8644/privacy_3.jpeg" alt="privacy" width="259" height="194"></h2> <h3>1. Proactive not reactive; preventative not remedial </h3> <p>Cavoukian writes about the need for "a clear commitment, at the highest levels, to set and enforce high standards of privacy − generally higher than the standards set out by global laws and regulation."</p> <p>This is undoubtedly a key point and something that should be central to a marketer's commitment not just to comply with the GDPR, but to present a user experience which people will understand and trust. This commitment to privacy should create a "culture of continuous improvement" with poor design recognized and anticipated, to make corrections before negative impacts can be realised.</p> <h3>2. Privacy as default</h3> <p>We've already discussed this concept as it is referred to in the GDPR. Important points include:</p> <ul> <li>purpose specification – explaining to users how personal data is collected, processed, retained and disclosed.</li> <li>collection limitation – fair, lawful and limited to that which is necessary (also applies to data processing, retention and disclosure).</li> <li>data minimization − non-identifiable interactions and transactions as default. Wherever possible, identifiability of personal information should be minimized. </li> </ul> <p>It should be said that the GDPR takes a flexible approach to privacy as default, which <a href="https://united-kingdom.taylorwessing.com/globaldatahub/article-privacy-by-design-and-default.html">according to</a> law firm Taylor Wessing, "gives data controllers the ability to determine their level of compliance based on the privacy risks involved." This means taking into account the context, nature and purposes of data processing.</p> <h2><img src="https://assets.econsultancy.com/images/0008/8645/privacy_4.jpg" alt="privacy" width="500"></h2> <h3>3. Privacy embedded into design</h3> <p>The GDPR is flexible, but there still have to be assessments of privacy that are in some way objective and can be applied to design.</p> <p>To that end, privacy impact assessments (PIAs) should be carried out. These PIAs, <a href="https://ico.org.uk/media/for-organisations/documents/1595/pia-code-of-practice.pdf">a framework</a> for which has been developed by the ICO, should reduce the risks of harm to individuals through the misuse of their personal information, and can be integrated into existing project management policy.</p> <h3>4. Full functionality – positive-sum, not zero-sum</h3> <p>This is basically a principle that refutes the idea that privacy should have to compete with other interests, such as design objectives and technical capabilities. Privacy should not impair functionality.</p> <p>As Cavoukian puts it, "objectives must be clearly documented, desired functions articulated, metrics agreed upon and applied, and trade-offs rejected as often being unnecessary, in favour of finding a solution that enables multi-functionality."</p> <h3>5. End-to-end security – lifecycle protection</h3> <p>Data controllers have responsibility for the security of personal information throughout its entire lifecycle – that includes "methods of secure destruction, appropriate encryption, and strong access control and logging methods."</p> <h2><img src="https://assets.econsultancy.com/images/0008/8646/privacy_5.jpg" alt="privacy" width="500"></h2> <h3>6. Visibility and transparency</h3> <p>This, to me, is one of the more fascinating parts of privacy by design. It is central to what it is to be a progressive organisation when working with data and designing the user experience.</p> <p>Responsibility within the organisation for privacy-related policies should be documented – this may refer to your data protection officer. Transparency dictates that information about privacy policy and data processing should be made available to data subjects (i.e. people).</p> <p>Data subjects should also be clear on "complaint and redress mechanisms". This is relevant to the GDPR, which gives subjects a number of rights, including:</p> <ul> <li>a right to prevent processing for direct marketing;</li> <li>a right to object to decisions being taken by automated means;</li> <li>a right to claim compensation for damages caused by a breach of the Act.</li> </ul> <p>An <a href="https://www.aaai.org/ocs/index.php/SSS/SSS17/paper/viewFile/15305/14583">interesting experiment</a> by Vitale et al. looks at the effect of a transparent UX on human-computer interaction. The researchers reasonably hypothesise that "a less transparent method of information collection from people might impose some privacy concerns."</p> <p>To test this, the researchers designed a sign-up process for a bank account which used a facial recognition system. In the transparent treatment, the system explained to users how the machine learning system works – only storing spacial coordinates (not the full photograph of the face) – using an annotated picture of a celebrity to demonstrate. This information explained how the system reduced the risks for user privacy.</p> <p>The result was that transparency of the system significantly increased the number of users giving consensus for storing their face.</p> <p>What was even more interesting was that when transparency was combined with embodiment (a human-like robot, shown on the left in the image below), the number of users releasing additional information about their social network accounts increased (compared with the disembodied system shown on the right).</p> <p><img src="https://assets.econsultancy.com/images/0008/8628/embodiment.png" alt="embodiment using a robot to increase trust of data subject" width="600"></p> <h3>7. Respect for user privacy</h3> <p>The last principle of privacy by design is all about consent, a big part of the GDPR. Specific consent is required for personal data processing and consent may be withdrawn. As we have detailed previously in looking at <a href="https://www.econsultancy.com/blog/69253-gdpr-10-examples-of-best-practice-ux-for-obtaining-marketing-consent">best practice UX for obtaining marketing consent</a>, requests must be:</p> <ul> <li>unbundled from other terms and conditions;</li> <li>without pre-ticked boxes - i.e. the user must actively opt-in;</li> <li>granular - with separate consent for different types of processing;</li> <li>named - your organisation and any third parties who will be relying on consent should be named;</li> <li>reversible - tell people they have the right to withdraw and detail how to do it. </li> </ul> <p>This principle of respect for user privacy also dictates that personal information should be accurate and up-to-date, and that individuals should have access to it, as well as be informed of its uses and disclosures.</p> <h3>How is privacy by design enforced? </h3> <p>The GDPR says that voluntary and transparent certification will be available through an appropriate certification body. I'm not sure who that will be as the text doesn't make for easy reading.</p> <p>Though privacy by design is a nebulous concept, and at first hand may seem less important than some of the more specific parts of the GDPR, it's clear to me that a commitment to privacy by design is what's needed from organisations. This commitment will show that a transition is in place, and that the organisation is working towards full compliance.</p> <h2><img src="https://assets.econsultancy.com/images/0008/8647/privacy_6.jpg" alt="privacy" width="550"></h2> <p><em><a href="https://www.flickr.com/photos/77068017@N07/6779368830">Image via Flickr</a></em></p> <h3>In summary...</h3> <p>Privacy by design should not come as a shock, or seem too complicated, to most companies. In essence its principles sum up a lot of what the GDPR is trying to achieve – not only protecting consumers but enabling them to <a href="https://econsultancy.com/blog/69119-gdpr-needn-t-be-a-bombshell-for-customer-focused-marketers">forge a better relationship</a> with companies. Ultimately, it's a winner for both parties. </p> <p><em><strong>Note that this article represents the views of the author solely, and is not intended to constitute legal advice.</strong></em></p> <p><em>For more resources on this topic, check out <a href="https://econsultancy.com/hello/gdpr-for-marketers/">Econsultancy's GDPR hub page</a> or sign up to our </em><em><a href="https://www.econsultancy.com/training/courses/gdpr-data-driven-marketing">GDPR &amp; Data-Driven Marketing Training</a>.</em></p> tag:econsultancy.com,2008:BlogPost/69338 2017-08-17T10:00:00+01:00 2017-08-17T10:00:00+01:00 Five companies using robots and AI to make a difference Nikki Gilliland <p>This is naturally a big concern - but there <em>is</em> a flip side. We’re all aware of how AI technology is changing the ways consumers interact with companies, by making processes faster, easier, and more streamlined than ever before. But more than this, artificial intelligence is starting to have a greater and positive impact on society as a whole.</p> <p>So, putting the aforementioned matters aside for a moment, here are five companies using AI intelligence to make a difference in consumers lives.</p> <h3>No Isolation</h3> <p>For children with a chronic or long-term illness, being unable to attend school doesn’t only mean missing out on vital education. It also means missing out on crucial social interaction, often leading to high levels of isolation and loneliness. </p> <p>A new startup company called No Isolation is aiming to transform the lives of children struggling with this issue with the world’s first ‘telepresence robot’.</p> <p>Essentially, the robot takes the place of the person in the classroom when they cannot attend. It allows them to listen as well as participate by controlling the system through an app while at home. If the child is feeling too poorly or sad to contribute – they can also turn on a blue light on the head of the robot to signify passive learning.</p> <p>While the technology itself is not revolutionary, it is revolutionising the lives of the children using it. By taking away feelings of social isolation, and helping to ease worries about going back to school after prolonged periods, it’s having a direct and positive impact on its target consumer. No Isolation is also working on a product to help senior citizens dealing with loneliness.</p> <p><iframe src="https://www.youtube.com/embed/GfHBsmswe8s?wmode=transparent" width="854" height="480"></iframe></p> <h3>Microsoft</h3> <p>From a startup to one of the world’s biggest brands – Microsoft has invested heavily in AI in the past few years. ‘Seeing AI’ is one of the first examples to come to fruition – an app that uses artificial intelligence to help visually impaired people.</p> <p>The app uses an iPhone camera to tell people what’s happening around them, using neural networks to identify people, objects, and even the emotions of others via facial recognition.</p> <p>One of the most functional aspects is its ability to recognise US currency, something that is usually impossible for visually impaired people due to the fact that all bills are the same size and shape. Similarly useful, it helps identify everyday household objects by scanning barcodes, and recites text as soon as it appears in front of the camera.</p> <p>With further research in speech recognition, as well as the agricultural and healthcare industries – it is clear that Microsoft is intent on harnessing the power of AI for positive change.</p> <p><iframe src="https://www.youtube.com/embed/bqeQByqf_f8?wmode=transparent" width="854" height="480"></iframe></p> <h3>Darktrace</h3> <p>Cybercrime <a href="http://fortune.com/2017/06/22/cybersecurity-business-fights-back/" target="_blank">reportedly cost</a> the global economy an estimated $450bn in 2016. Now, a new wave of companies is aiming to fight back, with many using AI to identify and prevent digital attacks. </p> <p>Darktrace is one of the most valuable, having recently raised $75m in funding. By using machine learning technology to analyse network traffic and track threats, Darktrace is able to quickly identify anomalies. Moreover, it is able to do so without slowing down or disrupting normal operations.</p> <p>With organisations taking an average of 99 days in 2016 to realise they had been breached, this kind of AI technology can rapidly alter the speed at which attacks are quashed. Meanwhile, as an increasing number of cyber-attacks are now said to involve altering data rather than merely stealing it – AI can help to prevent potentially catastrophic outcomes. For example, in healthcare industries, where altering medical records can lead to the possible misdiagnoses of patients. </p> <blockquote class="twitter-tweet"> <p lang="en" dir="ltr">Our <a href="https://twitter.com/hashtag/AI?src=hash">#AI</a> tech caught a malicious <a href="https://twitter.com/hashtag/insider?src=hash">#insider</a> trying to harvest user credentials - learn how in our Global Threat Report <a href="https://t.co/ZDAQQwt7fw">https://t.co/ZDAQQwt7fw</a> <a href="https://t.co/t1B8vQoeIn">pic.twitter.com/t1B8vQoeIn</a></p> — Darktrace (@Darktrace) <a href="https://twitter.com/Darktrace/status/892680454138187777">August 2, 2017</a> </blockquote> <h3>Leka</h3> <p>New <a href="http://stm.sciencemag.org/content/9/393/eaag2882" target="_blank">research</a> from the University of North Carolina and Washington University has found that an AI can identify autistic children before they display overt behavioural symptoms. By training a machine learning algorithm on the behaviour and earlier MRI data of children with autism, scientists then built a model that predicted a number of other autism cases.</p> <p>The potential for early diagnosis is not the only way AI is having an impact. A new motion-sensitive robot named Leka has been developed to help children with autism spectrum disorder, Down’s syndrome and other disabilities develop motor, cognitive and emotional skills.</p> <p>As children with autism struggle with interacting and communicating with others, Leka acts as an intermediary. While it is designed to display some human characteristics, such as facial expressions, it can be customised to adapt to the child’s individual needs for engagement and interaction. Alongside the direct benefits to the children, Leka is also having a huge impact of the lives of therapists, parents and care-givers – helping to reduce anxiety in both learning and day-to-day life.</p> <p><iframe src="https://www.youtube.com/embed/luN84iqllIA?wmode=transparent" width="854" height="480"></iframe></p> <h3>Babylon Health</h3> <p>Machine learning is changing the way the healthcare industry diagnoses and treats serious diseases like cancer and diabetes, with the technology being used to read CT scans and X-rays.</p> <p>In the UK, start up digital healthcare company Babylon Health is aiming to revolutionise the diagnoses of routine conditions, creating an AI doctor that takes the place of a GP.</p> <p>The app, which is currently being used by 800,000 people, allows patients to text their symptoms and receive advice from the AI. Babylon then advises whether or not medical care is needed, also providing the option of a video-consultation with a real doctor.</p> <p>Interestingly, the NHS is currently trialling the service in areas of London as an alternative to the 111 number, which offers free medical advice on the telephone. With the potential to offer cost savings, as well as free up time for busy GP’s – Babylon is being touted as a positive step for healthcare professionals. Meanwhile, with Babylon claiming that its technology can help cut diagnosis time by 50% - it’s also aiming to make the experience more positive and convenient for patients.</p> <p><iframe src="https://www.youtube.com/embed/CMD6B8h6Pzg?wmode=transparent" width="854" height="480"></iframe></p> <p><strong><em>Related reading:</em></strong></p> <ul> <li><em><a href="https://econsultancy.com/blog/68722-how-ai-will-impact-marketing-and-the-customer-experience">How AI will impact marketing and the customer experience</a></em></li> <li><em><a href="https://econsultancy.com/blog/69098-could-ai-revolutionize-high-street-retail-as-well-as-ecommerce/">Could AI revolutionize high street retail as well as ecommerce?</a></em></li> <li><em><a href="https://econsultancy.com/blog/67745-15-examples-of-artificial-intelligence-in-marketing">15 examples of artificial intelligence in marketing</a></em></li> </ul> tag:econsultancy.com,2008:BlogPost/69342 2017-08-16T10:03:00+01:00 2017-08-16T10:03:00+01:00 Focus on GDPR, but ignore e-Privacy at your peril Tim Roe <h3>Let’s get started with what the e-Privacy regulation is </h3> <p>The e-Privacy Regulation is a complementary piece of European legislation to the <a href="https://econsultancy.com/blog/67540-what-is-the-eu-general-data-protection-regulation-gdpr-why-should-you-care/">GDPR</a>. It is designed to address specific scenarios that exist in the electronic communications world and at the same time ensure that the principles of the GDPR are still valid. </p> <h3>Why is this regulation important for marketers like me?         </h3> <p>Much of the regulation is focused on securing the privacy of electronic data and communications that travel across the internet and other electronic services. However, the regulation also covers direct marketing activity via electronic means. This activity is currently regulated in the UK by the Privacy and Electronic Communications Regulation (PECR), which sets the familiar requirements for opt in, opt out and unsubscribe rights of the individual among other things. </p> <p>What is set out in this regulation will have a fundamental impact on how marketers can communicate to their customers after May 2018.</p> <h3>Another law! Why do we need it?</h3> <p>When PECR was passed as a law in the UK it needed to complement the Data Protection Act 1998 which is the current privacy law that came before the GDPR. However, the GDPR has raised the bar on privacy rights and has meant that the current laws that specialise in electronic communications do not meet the needs of the wider use of electronic communications today.    </p> <h3>Do we know what this law will say?</h3> <p>In a word, no. The current proposal is under negotiation in Europe and it is possible that some of the text may change. However, the GDPR is law, so any changes made should not contradict the GDPR or its principles. The proposal is all that we have at the moment and as the target to get it approved is May 2018, it is important to understand the possible implications and make plans accordingly.</p> <h3>What could be the implication to marketers?    </h3> <p>One of the main changes that this regulation will bring, is likely to be the impact on business-to-business marketing (B2B). In line with the GDPR’s wider scope of personal data, data relating to someone at their place of business is that person’s personal data. This is reflected in the new directive, where there is no distinction between B2B and B2C personal data. </p> <p>If we put that in the context of B2B email marketing, whereas before you could email someone as long as you gave them the opportunity to opt out, now the rules are the same as B2C.</p> <p>This means that you need to use either consent, or the so-called ‘soft opt in’ principle. Both the Article 29 working party and the European Data Protection Supervisor have asked that the regulation makes this treatment of B2B personal data clear. The idea that a right can be given to you by one hand with the GDPR and taken away with the other under the e-Privacy regulation is counter intuitive.  </p> <h3>What exactly is a ‘soft opt in’ approach? </h3> <p>The GDPR concept of <a href="https://www.econsultancy.com/blog/69303-gdpr-for-marketers-five-examples-of-legitimate-interests">legitimate interest</a> is reflected in the e-Privacy regulation by allowing the soft opt in process for both B2B and B2C marketing, so long as the following conditions apply;</p> <ul> <li>The business obtains the electronic contact details during the sale of goods or services</li> <li>The business only promotes its own similar goods or services</li> <li>The business must give the customer the opportunity to object at the time and in an easy manner </li> <li>The business must present that opportunity to object with each communication (e.g. an unsubscribe link)</li> </ul> <p>This legal basis for sending direct marketing is valid for all electronic channels, namely email, SMS, social media and instant messaging apps. However, you must tell the customer which channels you intend to use at the point of collecting the information. </p> <h3>Consent is not just a tick box</h3> <p>The other legal basis for sending electronic marketing is <a href="https://www.econsultancy.com/blog/69253-gdpr-10-examples-of-best-practice-ux-for-obtaining-marketing-consent">consent</a>. Consent relating to the e-Privacy regulation is the same as in GDPR. Consent is therefore defined as;</p> <p>“any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”</p> <h3>Let’s break that down into something we can all understand!</h3> <p>You will need to provide comprehensive information (specific, informed) about what the person is consenting to, as well as ensuring they wouldn’t be disadvantaged if they didn’t consent (freely given). There must also be no doubt as to what they are consenting to (unambiguous) and no doubt as to whether they have actually given consent (clear affirmative action).</p> <h4>Voice-to-voice marketing calls </h4> <p>Voice-to-voice marketing calls can still be undertaken as long as the end user has not objected to voice calls. Therefore, all marketing voice calls must be screened against TPS as well as CTPS first, to ensure the person has not opted out of marketing calls. You will need to provide caller line identification or a mandatory prefix (yet to be decided).</p> <h4>Tracking technology </h4> <p>The e-Privacy regulation not only covers transmission channels, but will also impact the tracking that goes on relating to many technologies. Cookies, web beacons, hidden identifiers, device fingerprinting and any other device that is developed to track the activity of the individual will need consent from the end user.</p> <p>Unlike the previous e-Privacy directive, the new regulation acknowledges the usefulness of browser based settings for obtaining consent for web based tracking. Although it would mean the default settings for browsers would be to restrict intrusive cookies.</p> <p>The use of beacons in store will now require that notices are placed in prominent places, informing the customer of the tracking that is going on and telling them how they can object to it. </p> <h4>Regulation versus directive</h4> <p>Finally, the fact that the new law will be a regulation will mean that it will be more or less written into UK law in its entirety. The previous EU e-Privacy law, was a directive, so the individual member states were able to create local laws based on their own interpretation of the directives. With the GDPR, there is not much wriggle room for local Governments to water down the legislation.</p> <p>You cannot make plans to change your processes and update your legacy customer data to be GDPR compliant without also taking the e-Privacy regulation into account. The fact that it is still not set in stone will make this hard to do, but those who start preparing with what we know now will be in a better place on May 24th 2018. </p> tag:econsultancy.com,2008:BlogPost/69303 2017-08-09T10:31:00+01:00 2017-08-09T10:31:00+01:00 GDPR for marketers: Five examples of 'Legitimate Interests' Ben Davis <p>One of the six lawful grounds for personal data processing is the 'legitimate interests of the controller or third party', and this is the area we'll be examining in this article, with plenty of help from the excellent Legitimate Interests Guidance produced by the Data Protection Network (<a>sign up to download it here</a>).</p> <p>We'll look at general examples of legitimate interests and more specific examples, too.</p> <h3>What are the six lawful grounds for data processing?</h3> <p>Article 6.1 of the GDPR defines the lawful grounds for data processing as follows:</p> <ul> <li> <strong>Consent</strong> of the data subject</li> <li>Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a <strong>contract</strong> </li> <li>Processing is necessary for compliance with a <strong>legal obligation</strong> </li> <li>Processing is necessary to protect the <strong>vital interests</strong> of a data subject or another person</li> <li>Processing is necessary for the performance of a task carried out in the <strong>public interest</strong> or in the exercise of official authority vested in the controller</li> <li>Necessary for the purposes of <strong>legitimate interests</strong> pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject. (Note that this condition is not available to processing carried out by public authorities in the performance of their tasks.) </li> </ul> <p>The marketer will chiefly be interested in the grounds of legitimate interests and consent. (For more on consent see our previous articles on <a href="https://econsultancy.com/blog/69253-gdpr-10-examples-of-best-practice-ux-for-obtaining-marketing-consent/">best practice UX for obtaining consent for marketing</a> and some <a href="https://econsultancy.com/blog/69267-gdpr-six-examples-of-privacy-notice-ux-that-may-need-improvement/">UX that may need improvement</a>.)</p> <h3>What does 'legitimate interests' mean and how might it apply?</h3> <p>Fairly obviously, the term refers to the stake that the company processing the personal data may have in that processing. This may imply a benefit inherent in processing for that company itself or perhaps for wider society.</p> <p>As the DPN points out, a legitimate interest 'must be real and not too vague'. For example, it may apply to an organisation's data processing as part of fraud protection, security measures or transferring that data between different parts of an organisational group. Some of this may already be part of legal compliance.</p> <p>These sorts of interests may seem pretty fair to the average reader, and indeed the expectations of users is one of the elements that the ICO guidance earmarks for consideration when a data controller is deciding whether to rely on legitimate interests.</p> <p>Would or should a user expect the processing to take place? If there is an expectation then the impact of the processing is arguably less than if no expectation was possessed. </p> <p>For the marketer, three of the six generic examples in the GDPR (in recitals 47 to 50) of where a Controller may have a legitimate interest are of particular note.</p> <p><strong>1. Direct marketing</strong></p> <p>The GDPR states, ‘the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.’</p> <p>This may be where consent is not viable or not preferred, though the DPN rightly stresses the fact that organisations will still need to show that there is a balance of interests – their own and those of the person receiving the marketing.</p> <p>Of course, any individual can object to direct marketing and it is one of the examples of legitimate interests for which objection is already fairly well understood and easy to action (often by unsubscribe link or by contacting the company in question to request).</p> <p><strong>2. Relevant and appropriate relationship</strong></p> <p>This may be a direct appropriate relationship, such as where the individual is a client.</p> <p><strong>3. Reasonable expectations</strong></p> <p>As previously discussed, if a controller understands individuals have a reasonable expectation their data will be processed, this may help to make a case for legitimate interests.</p> <h3>How about some more specific examples?</h3> <p>Aside from some of the more obvious cases where legitimate interests may apply – risk assessment, checking children's age, processing data to afford individuals rights – here are five specific example that may be pertinent for marketers (again taken from the <a>excellent DPN advice</a>).</p> <h4>1. Suppression</h4> <p>If a user objects to direct marketing, for example, a company may need to hold some personal data, however limited, in order to ensure no more marketing is sent to this user. This could be regarded as a legal obligation.</p> <p>This example was alluded to in the comments of <a href="https://econsultancy.com/blog/69253-gdpr-10-examples-of-best-practice-ux-for-obtaining-marketing-consent/">a previous article</a> on the GDPR. The Guardian allows users to delete their account and states that "Deleting your account removes personal information from our database. Your email address becomes permanently reserved and the same email address cannot be re-used to register a new account."</p> <p>Whilst one of our readers highlighted that this seems to jar with the the right to be forgotten, it's likely understood by most users that a record needs to be kept and that although comments on articles can be anonymised, the comments themselves are a matter of record and any new account must be on a novel email address.</p> <h4>2. Personalisation</h4> <p>Though a retailer or a travel company may rely on consent for marketing comms, personalising a website's content (e.g. recommendations) to improve the user's customer experience may rely on legitimate interests.</p> <h4>3. Direct marketing</h4> <p>As the DPN suggests, legitimate interest could include direct mail from a charity to existing supporters updating them on details of upcoming events.</p> <h4>4. Web analytics</h4> <p>The DPN gives the example of 'a social media platform [using] diagnostic analytics to assess the number of visitors, posts, page views, reviews and followers in order to optimise future marketing campaigns.'</p> <p>Web analytics is one area though where changes to the ePrivacy Directive of 2002 (to bring it in line with the GDPR) may complicate matters. Though this author is only a layman, reading <a href="http://privacylawblog.fieldfisher.com/2017/the-new-e-privacy-regulation-what-you-need-to-know/">a blog post</a> from law firm Fieldfisher, I was slightly confused as it seems to indicate that cookie consent is needed for third-party platforms such as Google Analytics:</p> <blockquote> <p>Exemption for analytics cookies: Like the leaked draft, the Commission’s [ePrivacy Directive] proposal retains an exemption from the cookie consent requirement for analytics. However, the exemption applies only for first-party analytics, not third-party analytics – so websites and apps using third-party analytics platforms like Google Analytics etc. will still need consent (even if, for the techies amongst you, the cookie is technically served from a first-party domain – third party here refers to the provider of the analytics service, not the domain from which the cookie is served).</p> </blockquote> <h4>5. Updating customer details and preferences</h4> <p>The DPN highlights the example of a retailer using an external service provider to verify the accuracy of customer data. The DPN also details that controllers have to be careful here as to how such activity is carried out.</p> <p>On this blog we have <a href="https://econsultancy.com/blog/69267-gdpr-six-examples-of-privacy-notice-ux-that-may-need-improvement/">already pointed to</a> the fines given out by the ICO to Flybe, Morrisons and Honda, which each broke the existing Privacy and Electronic Communications Regulations (PECR) flouting customers' marketing wishes, sending emails asking whether users want to change said marketing permissions (and even incentivising the behaviour).</p> <h3>How can marketers be sure legitimate interest applies?</h3> <p>Though the GDPR does not list all circumstances in which legitimate interests may apply, it does specify that any processing under this banner meets the balance of interests condition – are the interests of the controller overridden by the interests or rights of individuals?</p> <p>Individuals can object to data processing for legitimate interests (Article 21 of the GDPR) with the controller getting the opportunity to defend themselves, whereas where the controller uses consent, individuals have the right to withdraw that consent and the 'right to erasure'. The DPN observes that this may be a factor in whether companies rely on legitimate interests.</p> <p>If you are unsure about whether legitimate interests applies, your data protection officer will likely be undertaking a Legitimate Interests Assessment (LIA). There is a template for such an assessment in the <a>DPN's guidance document</a>.</p> <p>In short, an LIA is split into three steps: </p> <ol> <li>The assessment of whether a legitimate interest exists;</li> <li>The establishment of the necessity of processing; and</li> <li>The performance of the aforementioned balancing test</li> </ol> <p>Regarding step three, factors under consideration include:</p> <ul> <li>the nature of the interests (such as the reasonable expectations of the individual);</li> <li>the impact of processing;</li> <li>any safeguards which are or could be put in place.</li> </ul> <h3>Privacy notices must provide clarity to the user</h3> <p>One of the main threads of the GDPR is providing clear and transparent information to individuals about data collected, how it is processed, and the lawful basis for this processing.</p> <p>This is no different where legitimate interests applies – see the examples below from the DPN. It should also be made clear that individuals have the right to object to processing of personal data on these grounds.</p> <p><img src="https://assets.econsultancy.com/images/0008/8170/Screen_Shot_2017-08-09_at_08.23.30.jpg" alt="privacy notice" width="300"></p> <p><em>Example privacy notice from the DPN, including detail about 'legitimate business purposes'</em></p> <p><img src="https://assets.econsultancy.com/images/0008/8171/Screen_Shot_2017-08-09_at_08.23.40.png" alt="privacy notice" width="300"></p> <p><em>Example from the DPN of an alternative statement on data collection page</em></p> <p><strong><em>Note that this article is not intended to construe legal advice or offer comprehensive guidance.</em></strong></p> <p><em><strong>That's it for this summary. Let us know how you are preparing for the GDPR in the comments below.</strong></em></p>