GDPR - the importance of trust and transparency
by Oli Clifford
on May 10, 2018
In the eyes of the average person today, the word data is at once emblematic of our most private secrets, and the currency of a criminal underworld of Bondesque villains.
Already this year there have been some data-related disasters that are far from insignificant, two of which concern the world’s monopolists of modern communication as we know it.
With the enforcement of GDPR regulations fast evolving from a blip on the horizon to an unwanted barrage of emails in your inbox, there are certainly some lessons that can be learned regarding data, trust and transparency following the recent news stories surrounding Facebook and Twitter.
The bear poked you back
Probably the biggest data-related scandal came about in March, when Cambridge Analytica whistleblower Chris Wylie went to the press to reveal that, while 87 million Facebook users had had their data harvested and sold onto companies peddling manipulative political propaganda, Zuckerberg and the rest of his team had left the situation unreported and unaddressed for a number of years.
While the references to entrapment and illegal privacy violations represent very clear, immoral actions, the other content of the Cambridge Analytica exposés left me feeling nonplussed.
And I’d bet good money that many other marketers felt the same.
In this particular interview, Chris Wylie started by telling reporters that he and his team had gathered user data for research purposes, before running this “through an algorithm that learns who you are.”
I thought, that’s funny, we do that at work.
Then he started talking about “profiling personalities on a massive scale”.
That’s funny, we do that at work too.
Finally, he revealed how the data harvested was then used by propaganda experts to “microtarget different personality types with bespoke, emotionally resonant messages.”
Am I the devil?
When I tried to pinpoint what truly appalled people about Cambridge Analytica’s abuse (alleged abuse, I mean alleged abuse) of such a massive volume of private information, I realised that it wasn’t their use of the data at all – it was the lack of transparency surrounding it.
Having your data harvested is a bit like a flatmate using some of your butter unannounced – you probably won’t notice it’s happened, and there’s no point asking for it back – it’s the principle of the matter that horrifies you.
Now I’m not excusing the shadier actions of Cambridge Analytica, or saying by any stretch of the imagination that they should go uncondemned. Entrapment is wrong, and the fine line between persuasion and manipulation has certainly been crossed.
But most people who shop online have a basic grasp of how their purchase data will shape the ads they are targeted with in the future. And manipulative messaging is certainly not a new arrival to the battlegrounds of political warfare. It is having this data stolen and sold on for the purposes of manipulation that makes it feel a bit more like a Black Mirror plot line.
It took Mark Zuckerberg ten hours of questioning in Congress to realise the importance of transparency. But Facebook’s initiative of haemorrhaging billions of dollars to manually regulate political ad content and fake news was a case of too little, too late.
Twitter makes a hash of things
As if having one social network expose sensitive data on an enormous scale wasn’t enough, last week, Twitter revealed that the login details of all 330 million of its users had been stored in an internal log in an unhashed state – ie clear to see, and potentially, to steal.
While the situations of Facebook and Twitter are worlds apart from an ethical standpoint (or at least, Twitter’s PR has been done well enough that it feels that way), the key difference between the two situations to note is – you guessed it – transparency.
Twitter and its C-level officials took to both their own platform and the press immediately, making as many users as possible aware of the situation. They also advised all users, even those who hadn’t had their account locked, to change their password.
Twitter CTO Parag Agrawal released a blog on the day announcing the mistake, explaining both how it happened and what it meant in layman’s terms.
The fact that Twitter simply advised its users to change their passwords rather than forcing them to do so (as they did to those affected by their 2016 hack) suggests that the level of real threat here was relatively low.
Agrawal certainly didn’t hesitate to mention that Twitter weren’t obliged to share this information, it was just the right thing to do.
While this was laying it on a bit thick in terms of moral high ground – and likely an underhanded jab at Facebook – it was the right thing to say, and given the freshness of fears around data usage, it was the right time to say it.
Skepticists, computer scientists and developers among you are probably thinking that while Twitter have donned a veil of openness here, this can’t be the whole story.
Given that Twitter refused to comment on conjecture that the bug may have been let in by neglectful developers, you might be right.
But, as we’ve discussed in our other blogs on PR wins, Twitter did right by acting quick, owning the moment and controlling the conversation around it.
Despite Twitter's situation being much less severe in terms of those affected, and less damaging to their reputation, they addressed it with the clarity and honesty of a social network CEO being grilled relentlessly by tech-illiterate congressmen.
Renowned security blogger Graham Cluley even said it was “quite encouraging that Twitter both found the problem internally, and informed its users quickly and transparently”.
So, to return to the discursive mention of GDPR at the start of this piece, modern fears surrounding data security and privacy should be at the front of every marketer’s mind. The need to be transparent in your communications could not be more starkly apparent.
Of course, complete transparency is a fallacy – there’s no reason to go publishing your monthly expenses for the sake of looking honest. But you should aim to cultivate an air of openness around your business.
What was so great about Twitter’s announcement was that it was clear and concise, and also translated quite a complex internal concept in terms that the average person could understand.
Differentiate yourself from the morass of reductive and ambiguous “opt in” email blasts. If you expect someone to crown you the gatekeeper of their online information, the least you can do is reward them with coherent communication, and aim to establish a mutual element of trust and understanding.
Be there for your customers and clients – express genuine empathy and concern for them, their privacy, and the security of their data.
Better yet, let that empathy be made clear by explaining how your business is changing to be more GDPR compliant, and be transparent in your explanation of what these changes will mean for your customers.
For more information about using GDPR in your marketing activities, download our FREE GDPR ebook by clicking here >>