For years, the U.S. Congress has been working to pass a bill concerning data privacy and protection. For years, they’ve been unable, or unwilling, to pass anything. But now it looks like this right to privacy bill may happen (“may” being the operative word).
If enacted, the bipartisan “American Data Privacy and Protection Act” would become the national standard, regulating what personal data companies can legally collect from individuals and how they’re allowed to use that data. And, according to a majority of Americans, these protections couldn’t come soon enough.
A 2021 KPMG survey on corporate data responsibility found that 86% of the population consider data privacy a growing concern; meanwhile, 75% of business leaders say they’re comfortable with the amount of data their company collects. That’s a sizeable disconnect, and one that needs to be addressed.
In addition, according to a Pew Research Center study, a vast majority of Americans believe their online and offline activities are being tracked and monitored by both businesses and the government. And 81% consider the potential risks of data collection outweigh any benefits. On average, consumers tend to distrust organizations with their personal data.
Let’s take a look at how we got here, the impact on businesses, and most importantly, what this means to consumers. (And, prepare yourself for some serious acronym fatigue.)
Who Owns Your Data?
Consumer data has historically been shared and used without the individual’s knowledge and permission. However with the sheer amount of data being circulated, issues of privacy have become top of mind. The majority of Americans are taking the inherent risks of data collection quite seriously.
That’s where ADPPA comes in. The U.S. proposed legislation is similar to Europe’s General Data Protection Regulation, or GDPR, enacted in 2018. It protects consumer data privacy and imposes new data protection requirements on businesses.
Much like the GDPR, ADPPA would also impose new data protection requirements on enterprises, forcing them to implement policies to protect “covered data” from access by unauthorized individuals. Briefly, covered data is defined as “individually identifiable information about an individual collected online,” such as name, SSN, phone number, and email address.
But up until this point, there has been no such national standard. This has given individual states and even industries broad latitudes to pass their own laws. Although some of these laws protected financial and health information, they were fragmentary without national regulation.
California’s Consumer Privacy Act, or CCPA, has provided comprehensive consumer protections for companies doing business with the state, serving as something as a model for ADPPA. Similar to the GDPR, CCPA requires companies to be transparent on how it collects and shares user data.
So, for now, that’s where we are with ADPPA. The reason all of these data privacy laws, potential laws and other regulations are being considered and enacted is because of the one thing that everyone wants ownership of. You guessed it. Data.
Data Collection & Consent
The GDPR language is very specific in the area of consent. The law requires that marketers and websites must obtain explicit consent from the user before any data is collected and/or stored. A record of that consent must be maintained and individuals have the right and ability to withdraw this consent at any time. If companies fail at any of these guidelines, they can be subject to large fines.
U.S. citizens, however, are currently opted in automatically when they visit a website and then must go through the trouble of opting out, which very few people actually do.
All that being said, many of us are willing to swap personal data for a more personalized digital experience. Perspectives on consumer privacy vary across generations and are a testament to acceptable comfort levels:
- Baby Boomers are the most concerned about privacy. Almost half of this older group reports being “very concerned” about data collection and privacy.
- Gen X is slightly more comfortable although 35% also say they’re very concerned.
- Millennials are close to Gen Z’s positions on privacy with 29% being very concerned.
- Gen Zers are, not surprisingly, more amenable to trading more data for increased personalization. Just 28% report being very concerned about consumer privacy.
With Great Data Comes Great Responsibility
It’s imperative for businesses to understand the different types of data. There’s first-party data which is collected directly from the consumer; second-party data collected from social media sites; and third-party data from sources with no direct relationship to the user, such as a data broker. In order to be in compliance with AADPA, your company must know which data you’re collecting, how you’re collecting it, and why you’re collecting it.
Despite conventional wisdom, there is a case for collecting less data on your customers. For one, you’re probably collecting way more data than you need. In fact, 55% of data collected is likely “dark data.” This refers to data that the company is collecting but ends up never using. You may not even know you’re sitting on this stockpile of unused data. And if you want consumers to trust you, you need to show them that you use their data responsibly (should they choose to give it to you).
Second, the more data you collect and store, the higher the risk. Third, your audience is looking for more data transparency. And finally, collecting less data and being vocal about it helps differentiate your brand from your competitors, thereby opening the door for a more authentic and consumer-centric experience.
Data makes the digital world go round. But with the passage of the American Data Privacy and Protection Act on the horizon, collecting and using personal data will be more strictly regulated and more difficult to access. That said, responsible and transparent companies will reap the benefits, gaining consumer trust and loyalty. Once you have that trust, they may be willing to share more personal data in exchange for a more personalized experience.