Embracing an Ethical Approach to Open Data

Claire Deprez-Pipon, International Product Manager, Identity Trust & Authentication at Worldline, shares her thoughts on the current impact that privacy and transparency are having upon industry, how businesses can embrace it, and what needs to be done to safeguard the end user in this digital age.

How is growing consumer awareness impacting the concept of privacy and transparency?

Privacy and transparency regarding customer data have become a hot topic in recent years, with the fallout from significant data breaches and misuse of data from internationally recognised companies such as Facebook, Amazon and Google throwing the issue into the public consciousness.

Consumers are more aware than ever of their data and its implications. Apps and smart devices now require users to opt-in to share their data, and companies are now required to provide an easily viewable and comprehensive data policy to their partners and customers. A big shift in the balance of power regarding customer data was the introduction of the GDPR in 2018. “The GDPR is an important component of EU privacy law and human rights law, particularly Article 8(1) of the Charter of Fundamental Rights of the European Union. It also addresses the transfer of personal data outside the EU and EEA areas,” shares Deprez-Pipon. “It's a good step toward data privacy, especially through harsh fines against those violating its privacy and security standards, with penalties reaching upwards of millions of euros.”

Personalisation is an ever-more crucial component of creating innovative and compelling customer experiences through apps, online services or physical experiences. Open data is driving new ways of customer interaction, but it also raises concerns over how this data is handled and safeguarded. With our global community and economy, data can be shared internationally, so having strict, far-reaching laws in place can drive the effective use of data while ensuring compliance with ethical and legal practices. “The GDPR was adopted on 14 April 2016 and became enforceable beginning on 25 May 2018. As the GDPR is a regulation, not a directive, it is directly binding and applicable. It allows certain aspects of the regulation to be adjusted by individual member states. Its primary aim is to enhance individuals' control and rights over their personal data.”

The world is digitising. Does this pose opportunity or challenge?

The rapid evolution of technology and its increasing integration into everyday life has opened the door to ever more efficient invasions of privacy and data theft. With smartphones controlling our lives, and many of our passwords, personal details and personal data centralised and easily accessed, the amount of data in easy reach of businesses, legitimate or not, has never been greater, as Deprez-Pipon states. “Within smartphones, it's surprising how much personal information is stored, manipulated and displayed. It's also quite shocking how easily malware and bad agents can access it through central systems. Companies need to be responsible and transparent about what is collected to gain user trust."

Anybody can collect data from users, from website traffic and behavioural analytics, personal data, purchase histories and more. For this reason, brands and companies have to establish and maintain the trust of their customers. Brand image is everything – why should an individual give consent for their data to be used by a company If they don’t trust or believe in that brand?  To be ethical and compliant, companies must clearly inform their customers about what data they will collect from them, what it will be used for, and who will have access to it. Thanks to regulations such as GDPR, the rights of the individual and their data is assured. This bolsters data security whilst at the same time, encouraging positive developments through the appropriate use of data.

The importance of data – how is it used by businesses?

Consumer data, with consent, can be used to develop new and safe solutions, products and services that cut across industries. Customers increasingly demand efficient and relevant services from the companies they choose. Customer service methods, such as chatbots, automated replies, self-service portals and even telephone systems, need to be robust and responsive to take full advantage of each interaction. Data can open the door to automation and help businesses build brand loyalty and trust. "Data is key within many advancements within business, from customer acquisition through to the overall user experience,” says Deprez-Pipon. “It's powerful, especially when it's used in the right way. For instance, you can effectively balance security, fraud protection, and user experience by using data appropriately.”

Some of these applications are already used with success within the hospitality industry, an industry struggling with increased competition and lower customer numbers following the COVID-19 pandemic. Thanks to open data, customers can be offered more personalised experiences during their stay via mobile apps or integrated entertainment systems inside their accommodation. Processes such as payment for extras, ordering and booking, or purchasing can be completed directly within these systems, without the need for the customer to open banking apps or multiple internet tabs.

Brand image and customer loyalty are becoming ever more crucial in the digital era. Building a network of trust with customers and partners is key to growing or maintaining a business. Open data offers a multitude of benefits for reaching new customers and improving the experience and journey of existing ones, but the responsible use of this data is equally beneficial to company image and customer trust. Consumers place their trust in businesses by agreeing to the sharing or collection of their personal data. Taking a public stance and clearly outlining ethical business practices and awareness of the use and storage of data should not only be a legal and moral consideration, but also a one of brand image.

How should businesses approach data within their strategy?

As with any corporate strategy, outlining data goals and incorporating all essential privacy aspects from the start is key to the success of a business and the compliance of processes and services. When it comes to creating better customer experiences and engagement platforms, businesses will do better to design these with privacy compliance in mind from the start, rather than having to adjust them retroactively.

This approach is known as Security by Design. By doing so, businesses establish context, ensure effectiveness and flexibility, and reduce the impact of future adjustments. Deprez-Pipon provides more context: "Security by Design principles help to avoid data breaches and give control to the user with a clear explanation of data collection. Following them also clearly outlines the obligation to obtain consent. For instance, in the revision of electronic Identification, Authentication and trust Services (eiDAS), a regulation covering electronic transactions, this point is key; to give the user the control over deciding which data should be shared with, and by, third parties."

Does the individual have enough control over their data?

Now, more than ever, individuals should be aware of their data and its implications. Data is big business and is increasingly driving digital technology and engagement methods. However, data can also be weaponised with unscrupulous agents such as hackers gaining access to and selling private data to the highest bidder. "Individuals must know and decide which data will be shared, with who and for what purpose," says Deprez-Pipon. "Data can be used for different purposes and is often monetised. Now, companies must declare how data will be used and which third parties will have access to it. This is all part of being GDPR compliant. All new services and products need to have a thorough assessment on data privacy and transparency."

Thanks to stricter regulations and greater social awareness, individuals now have greater control over their data. However, as our world becomes more interconnected and the devices we use become even further integrated into our lives, the lines between private and public become blurred and, with it, our personal information. It is therefore essential that education and awareness continue to keep pace with technological and process advancements.

What's next?

With more and more of our world becoming digital, the conversations around data are unlikely to fade. With strict regulations in Europe and the rest of the world protecting personal data, its importance has been solidified. As companies seek to create more impactful personal experiences, data is likely to become key to strategy and product development.

From the viewpoint of the financial industry, the same challenges of increased competition and evolving customer demands are likely to continue to drive the development of new and unique products and offerings, in part driven by customer data.

The future of open data looks bright, so long as regulations continue to be upheld and the crucial conversations regarding safety, security and ethics accompany any further developments.