Collection and analysis of personal data on a mass scale are essential for businesses to enhance their decision-making processes, better understand their customers and serve them personalized services.
While individuals enjoy reaping the benefits of personal services, there is a growing concern over privacy. According to Pew Research, 81% of Americans report they feel a lack of control over their personal data and are highly concerned about how their data is used and shared.
To give individuals more control over their data, a new model called the “personal data store” is proposed.
What are PDS?
Personal data stores are a central access point for individuals to upload, share, store, update and delete their personal information, such as addresses, passport numbers, credit history, health records and any other information. Of particular importance is the ability to grant and withdraw consent to third parties for access to data about oneself.
The PDS model enhances privacy in a variety of ways.
First, personal data is not scattered across many different organizations but rather stored and accessed from one single point that is exclusively controlled by the individual.
Second, individuals have greater oversight on who accesses their data, when they access it and what data they collect.
Why aren't PDS a big thing yet?
Just like any two-sided markets, PDS faces the mass-adoption problem.
For individuals to fully reap the benefits of stronger privacy protection and greater control, a sufficient number of businesses need to adopt and use the PDS, as well; otherwise, PDS will be useless for individuals.
While the benefits of PDS to individuals are self-evident, the same cannot be said for businesses that already access personal information from various sources without much hindrance.
There are a few reasons why it may be hard to convince enterprises to integrate with PDS solutions and abandon their current business model. First, most corporations, digital service providers and advertisers already collect far more personal data than individuals can control or keep track of. Therefore, PDS does not serve the interests of enterprises. Second, PDS would make it easier for users to delete personal data or restrict the sharing of data with third parties, leading to less personal data for businesses to use in their business operations. Third, PDS may increase the exercise of data privacy rights provided to individuals under relevant privacy laws, such as the EU General Data Protection Regulation and California Consumer Privacy Act. Considering PDS makes it easier to make a data deletion request and give them the opportunity of oversight on sharing of data, it is more likely to see a spike in the number of individuals exercising their digital privacy rights and causing extra burden to businesses in the form of financial cost and time.
However, the benefits of integration with PDS are substantial and can easily outweigh these concerns.
3 benefits for businesses
PDS reduce privacy law noncompliance risks
Switching to PDS infrastructure can have two substantial benefits for enterprises in terms of their privacy law compliance efforts.
First, consent-based management of personal data minimizes the risk of unlawful collection and use of personal data that can lead to monetary fines worth millions of dollars. With the PDS model, individuals have the exclusive control over who can access their data, what data they can access, for how long and for what purpose.
Under the GDPR and CCPA, which directly affects multinational companies, the individual’s consent is one of the safest ways to minimize the risk of unlawful processing of data. Under the GDPR, for instance, consent of data subject is a lawful basis to collect and share personal data and, so long as the consent is obtained lawfully, it is the least ambiguous and easiest to implement to comply with the GDPR. Likewise, the CCPA requires prior consent for selling personal information and obtaining an individual’s consent through PDS, making it the most practical and least risky way to achieve compliance. Asking for consent in other ways and documenting it would be more challenging compared to the PDS model.
Second, by making it easier to exercise digital privacy rights, such as the rights to erasure and access, PDS can provide a convenient place for businesses to manage individuals’ requests and comply with data privacy laws under relevant jurisdictions.
PDS can facilitate exercising these rights as individuals can complete such requests automatically with just one click and their request will be immediately communicated to the business.
Deletion requests via other means, such as email, online form or phone call, may take longer to respond to, go unnoticed or noncompliance may occur due to bureaucratic complexities within the organization.
Instead of receiving the request, searching through databases and deleting personal data from all records manually, businesses can fulfill deletion requests promptly and automatically because personal data is stored in a central location controlled by the user.
The PDS model can reduce costs and save a significant amount of time with its easy update feature
Having stale personal information costs businesses billions each year. Every text message sent to an old phone number, every email delivered to a previous address is a waste of resources for businesses.
For example, non-updated address data is such a huge cost to businesses that the U.S. Postal Office makes a profit of $8 million a year licensing its change-of-address data to businesses. PDS can save businesses from the cost of paying for updated addresses.
PDS also reduces other costs due to inaccurate data. Inaccurate personal information cost businesses 12% revenue on average in the form of wasted advertising spending, resources and lost time spent chasing phantom customers, such as duplicate contacts or redundant email accounts.
Individuals are unlikely to put in the effort to notify hundreds of marketers, pharmacies, hospitals or magazines of personal information changes because doing so would be time-consuming.
With PDS, however, individuals will have the convenience of updating their personal information from a single-point promptly, and such an update will be shared with all third parties immediately, reducing the wasted resources due to inaccurate data.
PDS can help businesses collect more data
One common argument for why personal data stores do not serve the interests of businesses is that PDS will reduce the amount of data collected.
However, this argument ignores the effects of the restored trust of individuals due to having more control over their data.
The majority of consumers express their reluctance to share their personal details because of a lack of knowledge over how and by whom their data is used. By empowering individuals, PDS can lead to individuals sharing more data.
Conclusion
As people become more aware of privacy and demand more efficient tools to manage their data, the PDS industry is expected to grow more. The market potential for PDS in Europe, for instance, is estimated at about 90 billion euros.
For individuals to fully reap the benefits of PDS, however, the participation of the business side in the PDS model is a must, and this integration can only be achieved by demonstrating the tangible benefits for businesses.
Photo by fabio on Unsplash