Being a "Good Guy" When Collecting and Analyzing User Data

Published: April 5, 2016 Updated: January 31, 2018 Author Category Data Privacy & Security, Product Best Practices

This is a guest post by Leah Hamilton, a qualified solicitor and writer from TermsFeed.

Collecting and analyzing user data is a common part of marketing practice and business strategy. Without knowing what your customers want, or what their focus is, you can’t easily provide them with the products they may need.

However, in doing this exercise it’s important to remember that customer data is usually private information that needs to be kept confidential. It’s also crucial to keep in mind that not everyone wants their data to be analyzed by algorithms and targeted by advertising.

So how do we reconcile these issues? By being a “good guy” when it comes to the ethics of collecting this data. There are numerous ways in which you can do this, for example, by ethically collecting and using customer data, while balancing the needs of your company with the needs of your customer.

Balancing Data Analytics and User Privacy

user privacy

Photo credit: Owen Moore

The conflict between data analytics benefits and user privacy is very real, and it’s important to remember that any choices made in this realm come with a trade-off. If you collect a lot of user data, you may be able to create very focused, efficient marketing campaigns. But the trade-off is that your users may feel as if their privacy has been invaded, and they may not view your company positively or promote it to others.

There are a number of ways in which you can ensure that user privacy is protected, such as collecting only what you need, keeping data within your own domain, and self-hosting.

There will always be someone snooping on your data (we mean your personal data) and looking for a way to get around the law. You can read here how to protect yourself ahead of time.

Now let’s examine some of the ethical issues with data collection a little more closely.

Ethical issues

Many of the ethical problems involved in data analytics come about because of either over-collection of data, or a lack of information provided to website users. Over-collection of data is an issue, because it results in excess information being vulnerable to exploitation, loss, or misuse. For example, if you don’t need to collect credit card information of your customers but you do anyway, then a sudden data loss could leave your company open to liability that you didn’t need to expose your company to.

With regard to a lack of information, one key factor in ensuring that you don’t break your customers’ trust is being transparent about what you are collecting. If you don’t tell your customers what you are collecting, who is collecting it, and what you are using it for, they can’t consent to it.

The primary issue is that within every organization there are a number of different decision-makers and stakeholders, and everyone has different ideas about what is “ethical”. Particularly when it comes to the views of the business when compared to the views of their customers, there may be a big difference in what they each view as ethical. Let’s take a look at what customers may perceive as “ethical” business behaviour, and the key question: do they care about it?

Evaluate Your Web Analytics Solution Towards GDPR In 12 Steps

Find out if your analytics solution guarantees data accuracy and privacy, including GDPR compliance:

Download FREE Guide

Do Customers Care How Ethical a Company is?

The simple answer to the question is: yes. Building customer trust and confidence in your brand is crucial to retaining business, and a reputation for integrity can go a long way in obtaining new customers as well.

Collecting data on customers is a key building block in most marketing strategies, but “when data analysis results in different customers being offered different products or prices, there’s the possibility for problems,” some privacy experts say. Issues of fairness appear when customers are treated differently depending on private data, particularly when that private data is used more extensively than the customer might have expected.

A 2014 Neilson study found that “fifty-five percent of global online consumers across 60 countries say they are willing to pay more for products and services provided by companies that are committed to positive social and environmental impact”, and this trend is not just limited to social and environmental ethics. A 2011 study examined privacy concerns with smartphone apps, and found that 59% of women and 52% of men were worried about privacy when downloading programs onto their phones, and a 2012 Harris Interactive survey found that 60% of survey participants were “more concerned about their online privacy now than they were a year ago.”

Furthermore, a Gigya and OnePoll study found that consumers are more likely to share data if it will only be used by the company they share it with, if the data will be used for a clear purpose, and the amount and type of the information requested are reasonable. Customers were also either “somewhat” or “very” concerned about how companies use their data:

data privacy concerns

This image was taken from Gigya and OnePoll study

It’s not just customers who care how ethical a company is, either: having a reputation for ethical behaviour and integrity can also help your business to attract high-quality employees. Brian Hill at Demand Media notes that employees “want career advancement within the organization to be based on the quality of the work they do and not on favoritism. They want to be part of a company whose management team tells them the truth about what is going on.” Business ethics begins internally, and if you have a strong ethical policy for conducting your business and your employee relationships, you’ll more easily be able to build rapport with customers.

What About the Law?

At a minimum, if you comply with relevant data privacy laws, you can feel more secure that what you are doing is in line with the ethics of what most consumers would expect.

In the US, one of the most well-known general data protection laws is the California Online Privacy Protection Act (CalOPPA). It applies to those online service providers (including websites) who collect or process the data of California residents. CalOPPA’s requirements are that the operator must “conspicuously post its privacy policy on its Web site, or … make that policy available”, and certain clauses must be covered in that policy, such as how the operator will tell customers that the policy has changed, and how they respond to requests from users not to be tracked.

In the EU, the law is significantly more extensive. Under current EU law (which applies to businesses based in the EU that are collecting the data of EU citizens), information must be kept only as long as necessary, and must only be collected for stated, lawful purposes. Furthermore, any collected data must not be transferred outside the EU unless that country is deemed by the European Commission to provide that data with “adequate” protection.

Furthermore, EU law is about to get even harsher, with the introduction of the EU General Data Protection Regulation. This new regulation will have increased requirements for notifying individuals about data collection, and will apply to anyone collecting the data of EU citizens, not just those companies who are based in the EU.

How Can Companies Act Ethically When Collecting Data?

The first thing you need to do is ensure that you have a comprehensive internal policy about data privacy and ethics, and clear expectations for how your employees should behave.

Your policy should cover ethical values that your company will uphold, such as these basic principles from Cleverism:

  • Honesty: Be straightforward when dealing with customers, and behave with integrity.
  • Responsibility: Accept the consequences of the choices you make, and serve the needs of customers of all types.
  • Fairness: Balance your interests fairly with the interests of your customers, and protect the information of your customers.
  • Respect: Acknowledge basic human dignity by using good-faith efforts to communicate, understand and meet needs.
  • Transparency: Act openly, be receptive to communication, constructive criticism, action, and disclosure.
  • Citizenship: Fulfill all legal, economic, and social responsibilities to stakeholders, as well as keeping the community in mind when you act.

Second, set up a Privacy Policy that complies with the laws of your region, and ensure that customers can easily view it and agree to it. One simple way is to use a popup when they arrive at your website, or include a checkbox or field to click “I agree” when the customer creates an account with your store or business. Here’s an example of how that can be implemented, from YouTube:

Terms of Service

Conclusion

Balancing company desires with customer privacy can seem like a daunting task, but behaving ethically is not that difficult if you have a core set of principles guiding your company. Take steps to consider the ethics of what you are doing when you collect customer data, and closely examine the purposes for which you are collecting it.

Ensure at all times that you have permission to collect and use customer personal data, and make sure that your Privacy Policy is clear and easy to read. Comply with the law, and set firm boundaries for employee behaviour with straightforward business ethics. By doing these things, you can help to be one of the “good guys” when dealing with customer data.

Leah Hamilton

Author’s bio:


Leah Hamilton is a qualified solicitor and writer working at TermsFeed, where businesses can create legal agreements in minutes using the Generator.
leah.hamilton@termsfeed.com

Evaluate Your Web Analytics Solution Towards GDPR In 12 Steps

Find out if your analytics solution guarantees data accuracy and privacy, including GDPR compliance:

Download FREE Guide

Tagged under

Author:

Karolina Gawron, Content Marketer

Content manager at Piwik PRO

See more posts of this author
12 Simple Steps To Make Your Web Analytics Efficient & GDPR Compliant

Share