Editor’s note: Paul Neto is chief marketing officer at computer software firm Measure Protocol, London.
The January 2020 deadline for compliance with the California Consumer Privacy Act (CCPA) is looming. Why should we take note of a single state’s legislation? This move, with its many similarities to GDPR, has left those of us in the U.S. scrambling to comply (again). The truth is that California has long been a leader in implementing regulations that then become more widely adopted. Most recently, the state has called for fairer labor laws surrounding the gig economy, that would require treatment of certain contractors as employees. Other progressive laws have surrounded everything from marijuana legalization to raising the minimum wage, inspiring similar moves in other states.
In the market research industry, any legislation concerning personal privacy should have us paying close attention. After all, we have traditionally used personal information to identify and recruit survey participants. After putting measures in place to deal with GDPR requirements, we are a few steps closer to compliance when it comes to things like consent.
If you take a bird’s-eye view of the CCPA, it is striving to give consumers more control over what information is collected about them and how it is used. It takes it a step further, requiring that consumers have access to self-serve tools to take control of their information, as well as being able to hold businesses accountable for misuse of their personal information. Businesses must further these goals through compliance, and limiting their own access to consumer information. The CCPA is also very clear on a consumers’ ability to opt out of personal data sales and to include a “Do not sell my personal information” link on their website.
It’s really no surprise that regulations like this are taking hold. A recent study by Bitdefender estimated that six in every 10 businesses have experienced a breach at some point during the last three years. Most consumers have been touched in some way by these data breaches, and their awareness about the vulnerability of their personal information, plus their demands to protect this information, are taking center stage.
What can market research do about it?
We must go back to the drawing board when it comes to the way we interact with respondents. Remodeling old ways of doing things will not suffice in the onslaught of privacy legislation that is likely coming our way. In truth, people deserve to have control over what is rightly theirs in the first place – and their own data is quickly becoming one of their most valuable assets.
Luckily there are technologies and methods out there that allow us to take a fresh approach to the way we collect and use consumer information. Here, I will focus on blockchain and other cryptographic techniques.
Liability
Market researchers can actually do their jobs without direct access to unencrypted data or drawing from a central database that contains consumer’s private information. Under new legislation, data has become a liability and an indisputable record of permissions and transactions is required to safely navigate these new waters.
There are a couple of different ways to think about this. One is to practice data minimalism and refrain from storing large centralized hordes of data, and instead provide users the ability to store their data on-device or on-the-edge. Every piece of data we collect on an individual is a liability, so collecting fewer pieces makes good sense. While this introduces a number of inconveniences for data companies and buyers, this can be accomplished utilizing advanced cryptographic techniques to ensure every transaction is under the control of and initiated by the user. A good rule of thumb is that if you can’t be totally transparent on collection and use of a piece of data, you probably shouldn’t collect it.
Looping back around to the cryptographic techniques I mention above, these approaches – of which blockchain is a part – now provide us with new opportunities to address the challenges surrounding personal data. While a user’s personal data should never be stored on a public blockchain directly, these technologies provide an opportunity to provide an immutable record of utilization, consent and denial. In short, blockchain offers the transparent accounting backbone for recording ownership for every data transaction. New protocols are on the horizon that go beyond the display and sharing of data, and will provide attribution, ownership and transactional support for data and content. Blockchain can provide a foundation for responsible data acquisition, quality and usage.
Front lines
As market researchers, we are on the front lines of compliance with consumer data protection regulations. California’s new act marks what many believe will be a snowball effect, as more states and nations begin to take a closer look on how consumer data is being used, protected and stored.