https://hbr.org/2022/02/the-new-rules-of-data-privacy
After two decades of data management being a wild west, consumer mistrust, government action, and competition for customers are bringing in a new era. Firms that generate any value from personal data will need to change the way they acquire it, share it, protect it, and profit from it. They should follow three basic rules: 1) consistently cultivate trust with customers, explaining in common-sense terms how their data is being used and what’s in it for them; 2) focus on extracting insight, not personal identifiable information; and 3) CIOs and CDOs should work together to facilitate the flow of insights, with a common objective of acquiring maximum insight from consented data for the customer’s benefit.
在经过20年的数据管理发展,公司通过个人数据获得商业价值的公司都需要改变,遵守这 3个基本准则:
1)慢慢与消费者建立信任,并向其解释如何使用这些数据,这些条款里有什么内容;
2)提取数据背后的商业趋势,而不是只获得个人身份信息
3)企业的首席信息官应和首席数据官一起合作研究客户同意使用的数据,洞察趋势,统一目标,最大程度的造福消费者。
The data harvested from our personal devices, along with our trail of electronic transactions and data from other sources, now provides the foundation for some of the world’s largest companies. Personal data also the wellspring for millions of small businesses and countless startups, which turn it into customer insights, market predictions, and personalized digital services. For the past two decades, the commercial use of personal data has grown in wild-west fashion. But now, because of consumer mistrust, government action, and competition for customers, those days are quickly coming to an end.
这些从消费者的个人设备收集的数据以及电子交易和其他来源的数据,为世界上最大的公司提供了基础。个人数据也是数以百万计的小企业和无数初创企业的源泉,它们将其转化为客户洞察、市场预测和个性化数字服务。在过去20年里,个人数据的商业应用野蛮式增长。但是现在,由于消费者的不信任、政府的行动和对消费者的竞争,野蛮增长的日子很快就要结束了
For most of its existence, the data economy was structured around a “digital curtain” designed to obscure the industry’s practices from lawmakers and the public. Data was considered company property and a proprietary secret, even though the data originated from customers’ private behavior. That curtain has since been lifted and a convergence of consumer, government, and market forces are now giving users more control over the data they generate. Instead of serving as a resource that can be freely harvested, countries in every region of the world have begun to treat personal data as an asset owned by individuals and held in trust by firms.
在数据经济诞生的大部分时间里,它是围绕数字帷幕构建起来的,意在遮挡立法者和公众看到该行业的做法。数据被认为是公司财产和专有机密,即使数据来自客户的私人行为。但这一帷幕已经被掀开,消费者、政府和市场力量的融合,让用户对自己生成的数据有了更多的控制权。世界上每个地区的国家都已开始将个人数据视为个人拥有、公司托管的资产,而不是一种可以自由获取的资源。
This will be a far better organizing principle for the data economy. Giving individuals more control has the potential to curtail the sector’s worst excesses while generating a new wave of customer-driven innovation, as customers begin to express what sort of personalization and opportunity they want their data to enable. And while Adtech firms in particular will be hardest hit, any firm with substantial troves of customer data will have to make sweeping changes to its practices, particularly large firms such as financial institutions, healthcare firms, utilities, and major manufacturers and retailers.
对于数据经济来说,这将是一个更好的组织原则。赋予个人更多的控制权,有可能遏制该行业最严重的过度行为,同时引发一波新的以客户为导向的创新浪潮,因为客户开始表达他们希望自己的数据能够实现什么样的个性化和机遇。虽然广告技术公司将受到最严重的打击,但任何拥有大量客户数据的公司,尤其是金融机构、医疗保健公司、公用事业公司、重要制造商和零售商等大型公司,都将不得不对其业务进行全面改革。
Leading firms are already adapting to the new reality as it unfolds. The key to this transition — based upon our research on data and trust, and our experience working on this issue with a wide variety of firms — is for companies to reorganize their data operations around the new fundamental rules of consent, insight, and flow.
随着行业的展开,行业领军企业已经开始适应这种新变化。基于我们对数据和信任的研究,以及我们在这个问题上与各种公司合作的经验,这一转变的关键是让公司围绕新规则如客户同意、行业洞察和流动性去重组他们的数据操作。
Converging Forces
We see three distinct pressures currently driving change in the personal data industry. All three are quickly becoming widespread and intertwined, causing seismic ripples across the sector.
1. Consumer mistrust.
The idea of “surveillance capitalism,” which its author Shoshana Zuboff describes as “an economic system built on the secret extraction and manipulation of human data,” has become common coinage, capturing consumers’ increasing awareness that their data is bought, sold, and used without their consent — and their growing reluctance to put up with it. People are starting to vote with their thumbs: in the core North American market, both Facebook and Twitter are facing declines in their daily active users.
数据变革推动力
我们看到,目前有三种不同的压力正在推动个人数据行业的变革。这三种情况正迅速蔓延并相互交织,在整个行业引发地震般的涟漪。
1. 消费者的不信任。
监视资本主义的概念,它的作者Shoshana Zuboff将其描述为一种建立在秘密提取和操纵人类数据基础上的经济体系,已经成为普遍的词汇,让消费者越来越意识到他们的数据被买卖,在未经他们同意的情况下使用而且他们越来越不愿意忍受。人们开始用拇指投票:在北美核心市场,Facebook和Twitter的日活跃用户都在下降。
2. Government action.
Federal lawmakers are moving to curtail the power of big tech. Meanwhile, in 2021 state legislatures proposed or passed at least 27 online privacy bills, regulating data markets and protecting personal digital rights. Lawmakers from California to China are implementing legislation that mirrors Europe’s GDPR, while the EU itself has turned its attention to regulating the use of AI. Where once companies were always ahead of regulators, now they struggle to keep up with compliance requirements across multiple jurisdictions.
2. 政府的行动。
联邦议员正在采取行动限制大型科技公司的权力。与此同时,2021年,各州立法机构提出或通过了至少27项在线隐私法案,监管数据市场,保护个人数字权利。从加州到中国,立法者正在实施与欧洲GDPR类似的立法,而欧盟本身也将注意力转向监管人工智能的使用。过去,企业总是走在监管机构的前面,而现在,它们很难跟上多个行政司法管辖区的合规要求。
3. Market competition.
Last year, Apple’s upgrade to its iPhone operating system allowed users to shut down data harvesters’ ability to track them across their many apps. It was a refreshing change, providing customers with power and agency over their data. It also bit hard into companies that rely on cross-app tracking: it cost the major social media sites $10 billion in lost revenue in the second half of 2021. Facebook’s parent company, Meta, expects it will cost another $10 billion to them alone in 2022. Apple has made privacy protection a market differentiator: device manufacturers and app developers now use privacy features to draw new users.
3.市场竞争。
去年,苹果公司升级了iPhone操作系统,允许用户关闭数据采集器的功能,以便在多个应用程序中跟踪他们。这是一个令人耳目一新的变化,为客户提供了直接处理或代理数据的直接权力和代理权。它还对依赖跨应用跟踪的公司造成了冲击:2021年下半年,主要社交媒体网站的收入损失达100亿美元。Facebook的母公司Meta预计,到2022年,仅这两家公司就将再花费100亿美元。苹果已经让隐私保护成为一个与众不同的市场:设备制造商和应用程序开发商现在使用隐私功能来吸引新用户。
This is a remarkable confluence of forces, and they are converging towards a clear endpoint where individuals will soon exercise full control over their personal data. While consumers still seek the conveniences and benefits that flow from their data, they will be the ones to set the terms over what data they share and who they share it with. People want that protection, governments have their backs, and technology firms are already falling in line, with competition over data privacy now impacting financial bottom lines.
各方力量不可忽视的影响使得它们正朝着一个明确的终点汇合,在这个终点上,个人将很快对自己的个人数据行使完全控制。虽然消费者仍在寻求数据带来的便利和好处,但他们将是决定共享哪些数据以及与谁共享数据的人。人们想要这种保护,政府支持他们,而科技公司已经开始跟随,因为数据隐私的竞争正在影响财务损益表现。
Challenges Ahead for Large Firms 大公司的挑战
For established companies, these changes present a new set of data challenges on top of the ones they already have. Most large firms already suffer from a series of internal tensions over customer data. They typically have a Chief Information Officer whose role is to keep data in: collect it, encrypt it, and secure it from hackers. They also have a Chief Digital Officer whose role is to push data out: mine it, model it, and use it to entice users. Some have also added Chief Data Officers — a notably unstable position due, unsurprisingly, to lack of definition for the job — as well as Chief Information Security Officers and Chief Privacy Officers.
对于老牌公司来说,这些变化给他们带来了一系列新的数据挑战。大多数大公司已经因客户数据而遭受一系列内部压力。他们通常都由首席信息官CIO(Chief Information Officer)负责保存数据:收集数据,加密数据,防止黑客攻击。他们还有一个首席数字官(Chief Digital Officer)负责发布数据:挖掘数据、建模数据,并利用数据吸引用户。一些公司还增加了首席数据官(Chief Data officer),毫无疑问,首席数据官(Chief Data officer)的职位并不稳定,因为这一职位缺乏定义, )、首席信息安全官(Chief Information Security officer)和首席隐私官(Chief Privacy officer)也是如此。
All these overlapping roles are embedded in organizations with expansive data collection operations, multiple legacy systems, a complex web of bilateral and multilateral data-sharing agreements and, quite often, an ongoing lack of clarity on how to integrate data into their businesses. Based on our experience, up to 90 percent of current IT budgets are spent simply trying to manage internal complexities, with precious little money actually spent on data innovation that improves either productivity or the customer experience.
The new data economy won’t tolerate this state of affairs for long. If your organization generates any value from personal data, you will need to change the way you acquire it, share it, protect it and profit from it.
在广泛的数据收集、多个既有系统、复杂的双边和多边数据共享协议网络的组织中,所有这些重叠的角色都嵌入到公司组织中,而且通常在如何将数据集成到业务中持续缺乏清晰的认识。根据我们的经验,当前高达90%的IT预算都投入在管理内部复杂性上,很少有钱真正投入到提高生产率或客户体验的数据创新上。
新数据经济不会长期容忍这种情况。如果你的公司从个人数据中产生任何价值,你将需要改变获取它、共享它、保护它并从中获利的方式。
The New Rules of Data 数据新规则
Our new rules of the data economy are fairly straightforward, all of them derived from the basic principle that personal data is an asset held by the people who generate it. But each rule entails the breaking of entrenched habits, routines and networks.
Rule 1: Trust over transactions.
This first rule is all about consent. Until now, companies have been gathering as much data as possible on their current and prospective customers’ preferences, habits, and identities, transaction by transaction — often without customers understanding what is happening. But with the shift towards customer control, data collected with meaningful consent will soon be the most valuable data of all, because that’s the only data companies will be permitted to act upon.
我们的数据经济新规则相当简单,所有这些规则都源自一个基本原则,即个人数据是由生成它的人持有的资产。但每条规则都需要打破根深蒂固的习惯、惯例和网络。
规则1:信任高于交易。
第一条规则是关于同意的。到目前为止,公司一直在尽可能多地收集有关他们当前和潜在客户偏好、习惯和身份的数据,一笔一笔地进行交易,而客户往往不知道发生了什么。但随着客户控制的转变,经过有意义的同意而收集的数据将很快成为最有价值的数据,因为只有这些数据,公司才会被允许采取行动。
Firms need to consistently cultivate trust with customers, explaining in common-sense terms how their data is being used and what’s in it for them. Firms can follow the lead of recently-created data cooperatives, which provide users with different options for data sharing and secure each user’s consent for the option they are most comfortable with. The more robust and thorough your consent practices are, the more valuable your customer database becomes.
公司需要始终如一地培养与客户之间的信任,用生活常用语向他们解释数据是如何被使用的,以及这些数据对他们有什么好处。企业可以效仿最近成立的数据合作组织,为用户提供不同的数据共享选项,并确保每个用户同意自己最喜欢的选项。你的许可同意实践基础越好、越彻底,您的客户数据库就越有价值。
Rule 2: Insight over identity.
Firms need to re-think not only how they acquire data from their customers but from each other as well. Currently, companies routinely transfer large amounts of personal identifiable information (PII) through a complex web of data agreements, compromising both privacy and security. But today’s technology — particularly federated learning and trust networks — makes it possible to acquire insight from data without acquiring or transferring the data itself. The co-design of algorithms and data can facilitate the process of insight extraction by structuring each to better meet the needs of the other. As a result, rather than moving data around, the algorithms exchange non-identifying statistics instead.
规则2:洞察身份。
企业不仅需要重新思考如何从客户那里获取数据,也需要重新思考如何从企业彼此那里获取数据。目前,公司通常会通过复杂的数据协议网络传输大量的个人身份信息(PII),损害隐私和安全。但如今的技术,尤其是联合学习和信任网络,使得无需获取或传输数据本身就能从数据中获得洞察力成为可能。算法和数据的协同设计可以通过构建各自的结构来更好地满足对方的需求,从而加快洞察提取的过程。因此,这些算法交换的不是移动数据,而是非识别统计数据。
For instance, many of Google’s apps, such as the Swipe typing facility, improve phone performance by analyzing customer data directly on their mobile phones in order to extract performance statistics, and then use those statistics to return performance updates to the phone while safely leaving the PII on the customers’ phone. Another firm, Dspark, uses a similar solution for extracting insights from highly-valued but deeply-sensitive personal mobility data. DSpark cleans, aggregates and anonymizes over one billion mobility data points every day. It then turns that data into insights on everything from demographics to shopping, which it markets to other companies — all while never selling or transferring the data itself.
例如,许多谷歌的应用程序,如刷卡输入设备,通过分析客户数据去提高手机性能,直接在手机提取性能统计数据,然后使用这些统计数据,反过来支持性能更新,而安全地将客户个人信息留在手机内。另一家公司Dspark采用了类似的解决方案,他们从高价值但高度敏感的个人移动数据中提取洞察力。DSpark每天清理、聚合和匿名处理的移动数据点超过10亿。然后,该公司将这些数据转化为从人口统计数据到购物数据等方方面面的见解,并将这些见解推广给其他公司,而自己却从不出售或传输这些数据。
Rule 3: Flows over silos.
This last rule flows from the first two, and doubles as a new organizing principle for internal data teams. Once all your customer data has meaningful consent and you are acquiring insight without transferring data, CIOs and CDOs no longer need to work in silos, with one trying to keep data locked up while the other is trying to break it out. Instead, CIOs and CDOs can work together to facilitate the flow of insights, with a common objective of acquiring maximum insight from consented data for the customer’s benefit.
For instance, a bank’s mortgage unit can secure a customer’s consent to help the customer move into their new house by sharing the new address with service providers such as moving companies, utilities, and internet providers. The bank can then act as a middleman to secure personalized offers and services for customers, while also notifying providers of address changes and move-in dates. The end result is a data ecosystem that is trustworthy, secure, and under customer control. It adds value for customers by relieving them of a burdensome checklist of moving chores, and by delivering a customer experience that’s less about mortgage rates and more about welcoming them into their new home.规则3:超越竖井(数据孤岛)的流动。最后一条规则源自前两条规则,同时也是内部数据团队的新组织原则。一旦你的所有客户数据都获得了有意义的同意,你就可以在不转移数据的情况下获得洞察力,CIO和CDO就不再需要各自开展工作,一个试图留痕抓取数据,另一个试图打破数据。相反,CIO和CIO可以一起工作,以促进数据洞察的流动,共同的目标是为了客户的利益,从授权同意地数据中获取最大限度的洞察分析。
例如,银行抵押贷款部门可以获取客户的同意,与搬家公司、公共事业公司、互联网公司等服务公司共享客户新地址帮助客户搬家。然后,银行就可以充当中间人,为客户提供个性化的服务和服务,同时通知供应商地址变更和迁入日期。最终的结果是一个值得信赖、安全且受客户控制的数据生态系统。它为客户增加了价值,为他们解除了搬家的繁琐清单,并提供了一种客户体验,这种体验与抵押贷款利率无关,更多的是欢迎他们来到自己的新家。
The Data-Sharing Future
That last, hypothetical example is just one of the many data innovations that become possible in a new data economy based on consent, insight and flow. New companies are already springing up to provide the structures needed to facilitate these kinds of data-sharing arrangements. The emergence of data representatives, agents, and custodians make it possible to manage consent at scale, serving as trusted hubs for users’ personal data and acting as their user agent in the marketplace. Data cooperatives are becoming common in some parts of the United States.
数据共享的未来
最后一个假设的例子只是众多数据创新实践之一,它是在基于共识、洞察力和数据流动的新数据经济中可能出现的。新公司已经如雨后春笋般出现,提供促进这类数据共享形式所需的结构。数据代表、数据代理和数据保管人的出现,使大规模管理用户授权同意成为可能,成为用户个人数据的可信任中心,并在市场中充当用户代理。数据合作社在美国的一些地区越来越普遍。
The end of the old personal data economy will not spell the end of its value creation and wealth generation; that wealth will just be distributed better and more equitably, and carry fewer privacy and security risks. People will not hoard their data assets. Instead, they’ll invest them in companies that provide them with a return in the form of more and better personalized services. They may even allow those companies to share insights drawn from their data — provided the benefits accrue to them.
旧的个人数据经济的终结并不意味着其价值创造和财富创造的终结;这些财富将得到更好、更公平的分配,并带来更少的隐私和安全风险。人们不会囤积他们的数据资产。相反,他们会把这些钱投资到能为他们提供更多更好的个性化服务的公司。他们甚至可能允许这些公司分享从他们的数据中获得的见解,只要这些见解对他们有利。