In today’s increasingly connected world, protecting user data privacy is becoming more critical and more regulated across the globe. It’s no longer something that a company in the data collection field can ignore or treat lightly.
If you have a website or a mobile application, you are likely collecting some information from your users, be it in the form of an I.P. address, email address, name, phone number, etc.
The concern is that this amassed information should be kept private and safe.
In the most recent cause for concern, we’re seeing the most significant fine for data breaches being handed out to Facebook-owned WhatsApp, €225 million ($267 million) for breaking the European Union’s data privacy rules. Ireland’s Data Protection Commission (DPC) noted that WhatsApp did not correctly inform E.U. citizens how it handles their data, including how it shares that information with its parent company.
Sample providers collect data of their users and store information about them in their databases. Third-party developers can access such databases for various reasons: they may need a set of valid email addresses for an app or want to test their ad targeting algorithms on real-life sample datasets.
Typically, sample providers make agreements with these developers about user privacy, and what can/can’t be done with the provided data/databases. And as you might guess, there is money involved in such transactions; hence only trusted partners should be invited to collaborate with sample providers (and often have separate legal contracts signed). But laws are emerging around the world to shape this arrangement. These laws dictate what information can be collected online and what disclosures need to be made when collecting this information.
GDPR: The Standard
One example is the General Data Protection Regulation (GDPR), adopted recently across Europe. It regulates how user data should be handled. It requires companies like sample providers to make privacy policies public for users to read and understand what kind of information is being collected from them. These privacy policies must also indicate if the provider shares such information with any third parties.
It mainly has the interest of children using the internet in mind. It requires companies to get verifiable consent from a child’s parent/guardian before the child is allowed to use their services.
This law applies regardless of whether a company is using personal data for commercial reasons or not, and it doesn’t make distinctions on what kind of data they store.
If the user decides to delete their account, all the information related to it must be deleted.
The regulation also imposes strict guidelines for disclosing any breach of security involving user data. If such a security breach happens, it should be promptly reported to users and authorities (i.e., Information Commissioner Office in the U.K.).
Also, under GDPR, consumers have a right to opt out of any marketing messages they receive from companies by unsubscribing via a straightforward mechanism. If you are dealing with user data for marketing purposes, you must include this feature.
Privacy policies are the backbone of GDPR, which is why sample providers need to implement them and make users aware of their data collection practices. Even if you don’t have any direct connection with the European Union (E.U.), but companies in Europe use your software tools, you will need to comply with this regulation.
However, we are now seeing other countries implement similar laws, so it’s even more critical that companies begin to shape their policies around privacy concerns.
In China, for example, this year’s enactment of the Data Security Law and Personal Information Protection Law will make it more expensive for businesses to store Chinese user information outside of China. This signals that authorities are getting serious about how companies collect, store and use data.
China has long sought to defend its national internet from outside influences under the guise of “cyber sovereignty.” Still, a slew of new laws and regulations are forcing both foreign and domestic businesses to keep data connected to local consumers and operations within China.
The U.S. lacks a federal law about data privacy, but various state laws govern how companies collect and use consumer information. California’s new Consumer Privacy Act imposes specific requirements on businesses to ensure the security of user data and gives consumers more rights to control what happens to their personal information.
In Canada, data privacy ramped up with Alberta passing the Personal Information Protection Act (PIPA). This law requires businesses to erase consumer data when asked and give mandatory notice of personal data breaches involving sensitive information. Companies could face hefty fines if they do not follow PIPA’s privacy rules. Now, legal provisions are being updated to reflect the modifications in tide and align more closely with GDPR requirements.
Privacy and Security:
Many laws like GDPR can’t be ignored. Companies need to act accordingly to secure end-user privacy and data security, primarily if they collect sensitive information such as financial or health-related data.
But laws imposing restrictions on how information is collected and shared can be a tricky balancing act for companies. On the one hand, you make it tougher to collect the data – which could mean fewer sales – but on the other, you are complying with user privacy rights.
Governments worldwide continue to tighten their grip on data collection, so I predict we will see businesses work harder to secure the oceans of data they’ve collected and make sure consumer information stays private and secure without sacrificing growth.
Agility is needed in the market research field to balance data collection and security. So, while it is possible to manage the two together, you will need an agile process in place to make this happen.
Companies that remain flexible and on the ball as laws are implemented in the global market will stay at the forefront of the competition while others scramble to keep up. Presenting yourself as a secure and reliable partner will be invaluable in the market research industry.
Contact Raymond at firstname.lastname@example.org to learn more about privacy and panel management.