Tuesday, October 7, 2014

Some more on Privacy

In advance of our upcoming lecture on Privacy, here is a great article in AdAge stating the importance of "Privacy-by-Design", but discussing how its neither easy nor cheap.

Thanks Hari Won for the article!


  1. I liked this article, but have an issue with the "Privacy Officer" suggestion that it concludes with. A privacy officer is a good idea in theory, but is one that could easily be defanged and stripped of value. The devil is in the details, and there would need to be a way for the privacy officer to have real power, because without a significant cultural shift it will be viewed similar to compliance/legal/policy depts: something to be avoided or outmaneuvered on the path to getting work done.

  2. I agree with Zach - making Privacy a separate function is great, but only if privacy protection is also a clear mandate for every line function as well. Otherwise, inevitably the Privacy Officer would get overruled.

    That said, I think 4Info's more impressive decision is the one to keep data in separate databases, so that external hackers are unable to stitch data together. I think this hits on a key distinction in the privacy debate - while many consumers and governments, particularly in Europe, are concerned about companies knowing too much, I believe the more dangerous long-term issue is hackers and external parties that try to access the data. Individual companies have at least some reputation incentive to be careful with using data - but the unwanted release of that data is what would cause true consumer harm. Hopefully, 4Info and other ad companies will see marketers increasingly appreciate this fact and face less friction around protecting privacy.

  3. I agree with Zach - having a privacy officer is great, but only if line management and engineers share an equal respect for privacy. If not, having a 3rd party trying to protect privacy would probably fail in the long term.

    That said, I think 4Info’s more impressive effort is keeping user data split across multiple databases. While consumers and governments, particularly in Europe, seem to worry about technology and advertising companies collecting and using data, I worry much more about 3rd parties trying to access that data unlawfully. Companies have at least some reputation incentive to use data carefully. But hackers would have no such qualms, and could present real danger to consumers. I hope over the long run that 4Info will see more of its marketers understanding the importance of building in privacy protections from the start.