Hello "There" 👋!
Welcome to Mind the Gap #3, on world bicycle day 🚴♀️! This time we'll dive into some interesting examples of companies that are finding (technical) solutions to minding the gap between legal and data.
I referred to World Bicycle Day because we're Dutch - but also because I believe there's a trend in personal mobility that has some serious privacy issues coming.
As personal mobility is being equipped with more and more sensors, the kind of data generated is very personal (even if collected for very legitimate purposes, such as the location of a bike-sharing bike so you can pick it up).
Even without any direct identifiers attached, just a few days of data on a user expose where they live and work. Lifestyle data like religion, affluence, and where you're having an affair - it's all discoverable in location data. The same holds for basically any data on regularly occurring events like health tracking, Netflix views, online shopping and search behavior (remember the AOL files?).
It's this kind of secondary identification that becomes more important in a connected society. A paper investigating privacy-preserving data sharing approaches argues it's also exactly where most solutions in the privacy space fail to deliver on the promise of balancing data utility with privacy. And that's just one of 5 privacy domains organisations should focus on according to Gartner (we also touch a few of them with our product).
Mind the Gap between ... policies and tracking practices
Read on for an interesting perspective on (consenting to) privacy policies, and how you can really move away from third party tracking WHILE earning advertising revenues.
Sidenote: "There" is probably not your name. I think it's against marketing wisdom that we don't greet you by your name. But we simply didn't collect it in the first place - STRM is about Privacy by Design after all!
Have fun reading, and let me know what you think of Mind the Gap.
-Pim at STRM
The world's privacy laws and regulations all start from one dominant perspective: be explicit about how you collect data and for which purposes, so I can yes/no to it. And that doesn't include dark patterns.
In The Washington Post, Geoffrey Fowler argues how this sensible starting point leads to an amount of information no consumer (or even human) is able to comprehend. Let online dutifully consent to. His point of departure: an admirable effort by Twitter to turn the policy into a video game for better understanding.
Despite Twitter's stride on this front, Fowler does a tour around experts to unwind how the real solution won't be found in better comprehension of policies, but in changing the practices surrounding data collection:
“You can’t abuse, misuse, leverage data that you haven’t collected in the first place.”
Regardless: hats-off to Twitter for developing this approach. I'm curious to see if they can go beyond the policy and really change practices. We know for sure Twitter learned how valuable purpose-binding collected data is... (Twitter settled for $150 million 🚨 on violating the purposes data was originally collected for).
Tweakers.net shows it can be done: advertising without tracking, a technical perspective
On to an example of a business that is actually, truly, really changing the practice of data collection:
The Dutch technews platform Tweakers.net removed all third-party tracking (while they can still offer advertising!). One of the involved engineers explains the width and breadth of that project in a very interesting how-its-done.
The essential driver: they simply didn't want to feed more data into advertising networks, and so decided to make sure third parties could not collect it on their platform. It also helps they address an audience (the IT-savvy Dutch population) that cares deeply about this kind of practice.
It's a great example of privacy's balancing act and a real-world case for a cookieless future. Their leverage: we can still offer relevant (contextual) advertising opportunities to our advertisers without sacrificing the privacy of our users (e.g. through ads surrounding specific content you can already target the intended audience).
🙌 High five to Tweakers.net for proving this can be done, and as they are part of the largest Dutch media conglomerate we're curious to see if more of their (less forward-focused) brands will follow suit. The example has been set after all.
(the article is in Dutch, I'm including an English version on Big G's Translate for our international readers that removes some images👇)
And that's it!
And that's it! No release news this week as we're further polishing that Data Plane of ours. Curious how it works and how we can help translate your privacy policies into data through our platform?