Countless organizations around the globe collect and process user data. This isn’t news to most of us.
Every time you make a search query online, sign up for a newsletter, make an online purchase or share a photo on social media, this information is being registered somewhere (likely, even, several somewheres). Data privacy and security are always in the spotlight, especially in the wake of several major data breaches and cases of organizational abuse and exposure.
The subject has stirred somewhat of a justified panic, scrutinizing some of the tools and services we rely on daily and expect to respect personal privacy. A consequential influx in privacy regulation has ensued, forcing all companies to rethink their approach to data privacy and security.
This hasn’t really changed the way we behave as users, though.
We may be a bit more careful when screening app permissions or a bit choosier about what we post online, but that’s about it. None of the companies implicated in some headlines have reported a significant decline in daily active users.
As end users, we want our privacy respected. We entrust our information in the hands of organizations, expecting them to make the highest efforts to guard it. Especially since we have no real control over what happens to our data.
Mark Zuckererg made waves back in March with his blog post and F8 keynote announcing that “the future is private.”
While some scoffed at this statement (hey, even Zuckerberg admitted that Facebook “doesn’t currently have a strong reputation for building privacy protective services”), he’s right. The future is private. Users are learning to demand their data privacy, and they’re right to do so. Regulatory bodies worldwide are heeding the call of the public, and privacy laws are springing up like mushrooms after a massive privacy infringement rainstorm.
The future is (also) personal
We talk a lot about seeing the user as a whole person, being able to connect the dots across devices, platforms, channels. Fine-tuning the user experience is what strengthens brands and creates loyalty.
In marketing, professionals work hard to create messaging that can be personalized, targeting the right person at the right time with the right message.
There is a very fine line, however, between user experience and privacy; and when this line is stomped on precariously, the result can feel inauthentic and even creepy to the user. Brands often struggle to find that sweet spot where they feel familiar, like an old friend; not overly-familiar, like a stalker.
AppsFlyer’s tools are designed to help marketers create that familiarity; we rely on data processing to help create user journeys that drive user acquisition, retargeting and retention. By getting the full picture of how users interact with the brand, across multiple devices, channels and platforms, marketers can deliver better user experiences, fine-tune their targeted audiences and acquire more active customers.
At the same time, we pride ourselves in putting security and data privacy above all else. As an attribution company trusted by over 12,000 leading brands and businesses worldwide, we know how critical privacy and security is in today’s world, for every industry.
How can the personal experience coexist with the growing need for data privacy? How can we, AppsFlyer, proudly deliver a product that relies on user data to work in the first place?
Privacy by design
It’s not either/or; creating a seamless user experience does not mean you have to compromise on security and privacy.
From the very beginning, AppsFlyer designs products with privacy and security at its core. We don’t just talk the talk, we walk the walk.
We are committed through and through to the principles of privacy: transparency, accuracy, data minimization and accountability. Our customers know exactly how we process data, what kind of data we process, and what we will never do.
Attribution data is first party data, generated from customer touch points with a brand, and serves as a powerful and trusted data source for customer engagement efforts. As such, together with our customers, we hold the enormous shared responsibility of protecting and preventing abuse of this data.
As data processors, we continuously provide our customers with the infrastructure as well as education on best practices, compliance, policies and industry trends in order for them to provide the optimal experience for users — which includes protecting against data breaches, infringement on privacy and other concerns.
We have established a world-class, ever-growing privacy and security program with certifications from the strictest regulatory bodies on the globe.
Privacy education is part of the onboarding process for every new employee, as are continuous education on the subject and frequent technological updates.
Most importantly, we welcome the movement towards more stricter regulation on data privacy, and proudly align ourselves with global regulations. We work to help our customers be compliant as well, providing them with what they need from a privacy perspective to be compliant.
GDPR caused a serious jilt in the business world, but frankly, we were long prepared for it, along with other privacy regulations that had already been implemented worldwide.
One year on, 145,000 complaints have been filed for violation of GDPR. Over €57 million in fines has been dolled out. While organizations famous for collecting and storing personal data have been the first to suffer the brunt of the law, AdTech companies have gotten off easy, for the most part.
This is set to change, and very soon. Starting January 2020, the California Consumer Privacy Act (CCPA) will take affect, enforcing similar regulations on businesses aimed at protecting California residents. CCPA is forcing organizations to—once again—change the way they promote user privacy. We have already witnessed wind shifts in mobile privacy, such as Apple’s recent announcement banning 3rd-party advertising tools in apps directed at children. Expect additional changes and harder crack-downs, because they’re sure to follow.
Ahead of the GDPR, AppsFlyer banded together with 3 other industry leaders—Braze, Amplitude, and mParticle—to create the standardized, open protocol that establishes a common framework for GDPR data subject rights compliance, OpenGDPR. OpenGDPR provides a common specification for marketers and their technology partners to communicate and manage GDPR requests around data subject rights, including but not limited to data access, portability, and erasure.
OpenGDPR was just one of many proactive steps AppsFlyer took to help its customers (and the industry at large) prepare for compliance. As more laws and regulations are passed worldwide, we will continue to lead by example, growing our company with privacy in mind, helping our customers to do the same.
As we prepare for the next wave of privacy regulation, we will continue to lead by example. We foresee a regulatory future that is far more aggressive and strict, especially towards advertising. And we’re confident it will continue to usher in a new world of opportunities for marketers and their relationships with customers.
To hear more about the crossroads of personal and private, check out some thoughts from my keynote speech at Mobile Apps Unlocked in May 2019.