The data collected on individual consumers is rapidly increasing in scope and depth, and this trend will undoubtedly continue as technology becomes a larger part of our lives. The ethical collection of this data within this shift is an important issue that businesses need to take into account, as there is a fine line between the use and misuse of data in many cases.
The Purpose of Data Analytics
Data analytics is the practice of collecting, analysing, and interpreting customer data to detect trends and patterns, with the aim of enhancing business productivity and revenue.
In most cases, businesses are collecting data for dual purposes, not just to increase business profits and market more effectively, but also to provide a more tailored and focused customer experience. With 94% of customer insights and marketing professionals agreeing that personalisation of customer experience is “‘important,’ ‘very important,’ or ‘extremely important’”, this type of approach is the key to remaining competitive.
For example, the customer service provided by the Ritz-Carlton is well-known for being over-the-top extreme, for the customer’s benefit. Their CRM system is extensive, and entirely designed to put the care and comfort of their guests first.
However, the CRM is not always useful in every situation: in one case, “a waiter overheard a gentleman musing with his wife, who was in a wheelchair, that it was a shame he couldn’t get her down to the beach. The waiter told maintenance, who passed word, and the next afternoon there was a wooden walkway down the beach to a tent that was set up for them to have dinner in.”
In that situation, the customer experience was still the only thing that mattered, but the fact that the information had been obtained by overhearing a private conversation was put to the side. This is where the question of ethics comes in – is it okay to do something for the benefit of a customer (or even the benefit of the business) without the customer being aware that you are using their data to do so?
Ethics and Privacy
Most of the issues with data analytics arise as a result of a lack of information provided to customers. This can be in the form of non-disclosure of what is being collected, what the purpose of the collection is, or who is collecting the data. This is the point at which collecting customer data can stray from what is ethical.
The reality is that all organisations are “just people”, and different people will have different ideas about what is ethical.
“The ethics around gathering customer information are at best gray,” notes business growth expert Meridith Elliott Powell. “Given that this is a new, somewhat unchartered area, there is still a lot of leeway companies have in the methods they use—and perhaps lines they cross—when gathering data.” A large gulf may also exist between what the customer views as ethical, and what the company views as ethical – so who decides what the right thing to do is?
This is where the law comes in. At a baseline, if you are complying with relevant data privacy laws intended to protect consumers, you can have more certainty that what you are doing is in line with the ethics of what most consumers would expect. Let’s take a look at the laws in the US and EU as examples of what kind of requirements you may expect.
Data Collection Laws
In the US, the most well-known data protection law is the California Online Privacy Protection Act (CalOPPA). This law applies to website operators or online service providers who are dealing with the data of California residents.
In the EU, the EU Data Protection Directive is currently in force, and applies to businesses based in the EU that are collecting the data of EU citizens. Its requirements are similar to CalOPPA, but are far more extensive. It requires that data must be kept only as long as necessary, must only be collected for specific, lawful purposes, and the data must not be transferred to a country outside the EU unless that country is deemed to provide “adequate” protection for the data.
However, the EU Data Protection Directive will soon be replaced by the EU General Data Protection Regulation, which will include more stringent requirements on notifying individuals about data collection, new roles such as the Data Protection Officer role, and broader scope, in that it will apply to anyone collecting the data of EU citizens, not just businesses based in the EU.
It’s also important to remember that collecting more data is not necessarily better. Particularly when relevant laws are also considered, it is clear that from a policy perspective governments expect businesses to collect only what they need to serve their purposes, and not excess unnecessary information. Another question to consider is what industry standards apply – for example, when collecting healthcare information there is a whole other set of laws, regulations, and standards that are relevant and important for health organisations to consider.
Internal business ethics should also play a role, and should be established from the CEO to set a company-wide expectation of ethical behaviour. For instance, businesses should have in place procedures where customer data is accessed on a need to know basis only, and CRM information is not available across the organisation.
- Disclosing the identity of who is collecting the information
- Providing a notice that personal data will be collected fairly and only for stated purposes
- Describing what information you are collecting
- Outlining how customers can keep their personal data up-to-date and correct, or make other changes
- Listing contact details for:
- your business,
- your Data Protection Officer
- any relevant supervisory authorities
- Specifying for how long you will keep data
- Explaining how the customer can access the data
- Clarifying whether the data might be transferred outside of the US or EU, and if so, where it could go and how it would be protected
- Including the effective date of the agreement
- Describing how “do not track” requests will be handled and respected
- Providing details about any third parties which may also collect user data via your website or service, or who may access data collected by your business
Here is an example of browsewrap from Evernote:
Here is an example of clickwrap from YouTube:
Bio: Leah Hamilton is a qualified Solicitor and writer working at TermsFeed (https://termsfeed.com), where businesses can create legal agreements in minutes using the Generator.