Privacy vs. profit: Will businesses ever put people first?

People care about their privacy. While perhaps not always the case, there is overwhelming evidence that today’s consumer feels strongly about how organizations use their personal data and, perhaps more importantly, are educating themselves about privacy. For example, Google reports an impressive upward trend in the number of users who have searched for “online privacy.”

Unfortunately, there is also evidence to suggest that consumer trust in how organizations handle their personal data has eroded. Though most companies support a privacy role or privacy team to address data privacy practices, it seems that most companies have not succeeded in the challenging task of alleviating consumer concerns.

Our recent Privacy beyond borders report found that a staggering 92% of consumers believe that companies prioritize profits over data protection. This same report revealed that the problem is getting worse, with 59% of respondents stating that their concerns about privacy have increased over the last 12 months.

According to the Pew Research Center, 42% of US adults are concerned about companies selling their data without them knowing. Slightly fewer respondents (38%) worry about others stealing their data. Overwhelmingly, 81% of US adults are concerned about how companies use the data they collect about them. Moreover, in the same research study, respondents indicate that they feel they have little to no control or understanding over what data companies collect about them.

In the light of so such certainty about both how important the privacy issue is to people, and how little trust (and increasingly so) consumers place in companies related to their personal data, why aren’t companies doing better?

The answer, of course, is complex. Good privacy experiences and practices are hard to create and even harder to maintain in the background. More central to the dilemma, though, is the fact that personal data ties so closely to revenue and profit in today’s marketplace, it seems intuitive to many leaders that good privacy equals poor profits, leading to an almost inevitable tension between the pursuit of profit and the need to protect user privacy.

Even compliance-oriented organizations can fall into the trap of setting legal compliance as the standard.

Consumers may not understand privacy laws, but they do develop strong opinions about what ethical personal data handling looks like.

This means that organizations may still risk reputational destruction when they establish compliance-driven practices, but when what is legal falls short of what customers consider ethical.

The profit-driven approach: When privacy takes a back seat

Take as evidence a few case studies of companies that have faced reputational damage because of privacy:

Facebook-Cambridge Analytica scandal

A case in which Cambridge Analytica exploited Facebook’s APIs at the time that allowed developers to see social connections between people and used that information to micro-target political messages. This event both prompted new laws, such as the EU’s Digital Marketing Act, and lawsuits and litigation for Facebook – one of which Facebook settled for $725 million US.

Equifax data breach

An event that underscored for consumers just how much personal data companies have about them, how even foreign governments can exploit personal data, and how delicate is the security balance. Equifax’s breach impacted 150 million Americans.

Google’s Project Nightingale

Where a whistleblower alerted the public to Google’s sharing of sensitive health data without consideration of ethics. Though perhaps legal, patient backlash for Google and its brand was considerable.

As just a few of many, many case studies, the above examples demonstrate that not only can noncompliance with privacy laws be damaging and expensive, but even legal but unethical practices can lead to negative outcomes for businesses. Consequences for prioritizing profit over privacy include legal consequences (fines, lawsuits, regulatory action) as well as loss of trust (leading to declining sales and increased marketing costs). Ultimately, organizations prioritizing short term gains at the expense of privacy pay the piper in the longer term.

The people-first approach: Examples of ethics-based privacy

The good news is that ethical companies do not have to resign themselves to unprofitability, only relying on their principles to keep them warm at night. Quite the opposite – research shows that ethical companies outperform companies that do not prioritize ethics by 12.3%.

Specifically in privacy, take these privacy-first use cases and the tangible benefits they have seen:

Apple

Apple has taken a proactive stance on privacy related to the iPhone iOS operating system, such as requiring account deletion option for apps, and the ‘ask app not to track’ feature and turning off Identifier for Advertisers (IDFA) by default. Since it made these changes, estimates suggest that Apple’s own ad business has increased, as has its privacy buzz in the marketplace.

Signal

An encrypted, privacy-focused messaging app, has created positive spin in the marketplace, including being recognized publicly by Elon Musk. Since Musk’s recommendation, the app went from ten million installs to fifty million in a single day.

These companies have seen some of the tangible benefits of prioritizing privacy past the point of basic compliance. They have seen stronger customer relationships and loyalty, have differentiated themselves across privacy lines, and increased sales. Additionally, going beyond the law reduces risk and increases compliance, including futureproofing the regulations of tomorrow.

Balancing privacy and profit: Is it possible?

These companies and others have proven that sound – or even superior – privacy practices do not have to happen at the expense of the bottom line. Quite the opposite: ethical privacy, the step above privacy compliance, gives organizations the opportunity to leverage privacy investment into increased profit.

Strategies for achieving privacy and profit include:

Privacy by design and default: Integrating privacy into product development from the outset and establishing the most conservative, privacy-sensitive settings as default.

Transparent and attractive data policies: Clearly communicating data practices to users, as well as the value proposition – what value users will see in return for their data.

Ethical data monetization: Finding ways to profit from data without compromising privacy. Ethical strategies can include anonymization of data sets, as well as innovative approaches that place data sharing in the hands of the users themselves with clear and transparent consent management in place.

Clear data strategy: Understanding how the organization is willing (and not willing) to use/share data, under what circumstances, and with what type of notices can help the organization set strategic standards to follow in the future.

An ethical privacy orientation can help an organization set itself apart from competitors, reduce risk, futureproof its practices – all while enjoying increases in revenue and profit.

In other words, compliance is good – ethics are better.