How the privacy ballad can be danced around with users’ data while still complying with regulations

- April 12, 2023

Software manufacturers and hardware companies are struggling to get consumer usage data to improve their products and services, but researchers say there are still ways to legally leverage data.

User data has become the cornerstone of almost every company trying to create value in the digital space. 

By 2025, according to McKinsey, chief data officers (CDOs) will transition from a compliance-focused role to a core business unit of companies with profit-loss responsibilities tied to revenue generated from data. 

In recent years, it has become an undeniable motto that companies that invest in user data analysis are more likely to create products that meet the needs of their users, resulting in greater user satisfaction, increased revenue, and a competitive advantage in the marketplace.

However, as more data privacy regulations like GDPR are established globally, software manufacturers and hardware companies are struggling to leverage user data that can help improve their products and services. Some companies even shuttered early on as GDPR took direct aim at their business model.

While some companies have allowed users to opt in or have even paid users to share their data, there are some other tricks industry researchers are touting that help companies leverage data legally.

The regulation hurdles for companies 

The full potential of user data analysis has been hindered — with good reason — by regulations that aim to protect user data, and they’re getting stricter by the day. 

To be clear, these regulations work in good faith in order to give users the final decision on the way their data is being collected and employed. 

State, national and international legal frameworks protect user data, consumer privacy and children’s online safety, among other important digital privacy rights.

The European Union’s General Data Protection Regulation (GDPR), for instance, protects EU citizens by requiring companies to obtain explicit consent from users before collecting their data and gives users the right to know how their data will be used by the company. 

In the U.S., California’s Consumer Privacy Act (CCPA) gives California residents the right to know what personal information companies are collecting about them and to request that their data be deleted. 

And the Children’s Online Privacy Protection Act (COPPA), a nationwide law in the U.S., aims to protect the personal information of children under 13 years old, requiring companies to obtain parental consent before collecting personal information from children among other measures.

While essential for safeguarding the online privacy of consumers, these laws can make it tough for firms to collect and use user information for product improvement.

But despite these regulations, businesses can still legally leverage user-generated data to develop new products and improve upon existing ones — they just need to be calculating in how they go about it. 

Privacy-As-A-Service steps in

The privacy-as-a-service (DPaaS) sector is expanding and provides cloud-based software services to businesses as privacy solutions. 

There are many providers in the DPaaS market that provide services including data protection, secure data storage, and privacy compliance. 

Just to mention a few, big consultancy firms like Deloitte and EY are present in the space, while smaller companies such as OneTrust, TrustArc, BigID, Ethyca, and WireWheel, are also servicing commercial clients. 

DPaaS suppliers frequently offer scalable options that can be modified to satisfy a company’s unique privacy requirements. 

But according to researchers from Japanese telecom giant NTT, software manufacturers and hardware companies are struggling to get consumer usage data to improve their products and services. 

During a roundtable discussion in San Francisco last month, researchers pointed out that consumer privacy is a challenge as many consumers do not want to be tracked and some data cannot be collected due to privacy concerns.

For NTT researchers it’s clear that, to address this challenge, companies can explore opt-in tracking or paying customers for their data. 

Nevertheless, privacy rules make it challenging to request such data; as a result, businesses may wind up with little or no data that is of significant use.

Researchers proposed some solutions like leveraging aggregate user statistics while protecting the personal data of individuals. 

This can be achieved through a Private Telemetry System that uses cryptographic technology to leverage aggregate data while protecting user privacy. The system enables the hiding of values while enabling aggregation, and can be implemented as a Privacy-as-a-Service solution.

Using this technology, companies can access previously unattainable data without exposing the personal data of individuals. 

The potential application settings for such tools include network companies, mobile phones, advertisers, car manufacturers, software vendors, manufacturers of TVs and entertainment devices, kitchen appliance makers, and employee productivity statistics.

Researchers say these tools can provide valuable statistics such as mean and standard deviation, max and minimum, and Top N most common values. 

While the PaaS market is anticipated to expand as businesses strive to enhance their privacy policies and adhere to stricter privacy laws, the possibilities for using data are endless.

It’s up to companies to explore and implement this technology to improve their products and services while still protecting consumer privacy.