Apr 26, 2021

← Back to Articles

How the Privacy Paradox affects Business Growth

DMI member DeAndre Harriott contributed this insightful piece on ways to think about privacy. Feel free to join in with your thoughts on the Forum. And if you want to feature in the DMI library, share your own work for publication in our Community Insights!

According to the International Association of Privacy Professionals (IAPP), Privacy is defined as “the right to be left alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how personal information is collected and used.”

Imagine having all your customers and potential customers say ‘they wish to be left alone’. As a marketer responsible for executing a customer growth strategy, that would be a nightmare. We are operating in a very interesting time in business where the rapid advancement in technology has led to large-scale adoptions of aggressive digitization strategies.

Artificial intelligence (AI) and predictive technologies are becoming commonplace in every industry: with these we are able to predict trends, changes in consumer behaviors and the effects emerging technologies will have on our Business Development strategies. And at the center of this customer growth strategy is data - customer data, `the new oil’.

Being able to communicate one-on-one with your customers in a personalized manner, sharing with them only the things that are of interest to them, always being able to answer their questions even before they ask, providing real value long before the first sales conversation begins are all the things that every sales and marketing executive dream of doing. Imagine meeting with your CEO to explain your customer growth strategy and showing how you have created value and connected with each customer as though they were a childhood friend. Can you say promotion? Huge end of year bonus?

Both customers and executives expect a value-adding growth strategy to include only relevant and timely information communicated in the precise way your customers would most prefer to receive it. However, to make this a reality, customers are required to allow a company access to a lot of personal information, and this is where the Privacy Paradox is introduced.

What is the Privacy Paradox?

The ‘Privacy Paradox’ is a term coined back in 2001 by Barry Brown in a study done on the experience of internet users. In this study of early online shopping, Barry found that there was a paradox that existed between customers’ concerns about their privacy and their desire to still use supermarket loyalty cards that had the ability to track their behavior. The Privacy Paradox simply says this ‘Customers do not trust organizations with their data; however, they still expect to benefit from a personalized shopping experience’.

The biggest challenge your customers face is that while they know their information is valuable, they don’t quite know how much it is valued. They receive value from doing business with your organization but there is no tangible or audible experience associated with parting with their personal data and as such, customers don’t feel the impact of the transaction in the same way they do when there is a transfer of funds associated with a product or service. Organizations have been collecting and storing customer data and using it to predict behavior for decades, sometimes for the benefit of the consumer but other times to their detriment. In order to protect the human right to privacy, many governments and regulatory bodies around the world have been creating and implementing privacy laws and regulations around how organizations should collect, process, store, transmit, and destroy personal data, returning the power of privacy to the hands of the consumer.

Privacy Regulations and Their Impact

By this point, we have all heard of the General Data Protection Regulation (GDRP) coming out of the EU. Similar regulations have been enforced in different jurisdictions while many others are pending, including the CCPA (California), CPA (Australia), PIPEDA (Canada), and PDPA (Singapore). All of these are extraterritorial regulations, which simply means that they are valid across all jurisdictions. There is a common misconception that privacy is an IT or Security issue – this could not be further from the truth. Privacy is an organization-wide issue and Marketing, Sales and Customer Service are all warriors on the front-line. Almost all privacy regulations stipulate some basic rights, all of which affect how we engage with our customers. Some of these rights include:

  • Right to Consent – Access to process personally identifiable data must be clear and intentionally given.
  • Right to Data Protection – Personally identifiable data should be protected with adequate and effective security controls.
  • Right to Access and Rectification– Individuals should be able to, upon request, review all information collected and to correct it, where applicable.
  • Right to be Forgotten – All data that has been collected should be permanently deleted upon legal request, including archived data.

All four concepts above in addition to others not named here, place the responsibility of data collection, protection, and use squarely in the hands of the organization, regardless of how it may have been obtained. With this responsibility comes very large fines for the misuse or inability to adequately protect this critical data. For us business development practitioners, this creates a bottle-neck of competing interests. No longer can we store or use customer information without clear legal interest that matches the use of data to the purpose for which it was collected.

So What’s Next?

Data privacy regulations should be viewed as a gift, not a curse. Following proper privacy regulations will lead to us collecting, storing and using less meaningless data as the less data we have, the lower the chances are of violations occurring. This creates a more competitive customer growth strategy as collecting less data means we need to collect more targeted data, and the more targeted the data, the more efficient our data use must become. Even without regulations customers are becoming smarter and more cautious about their data and expect a reasonable explanation for the use of their personal information. However, for most consumers, it’s about how the data is collected and used, and not necessarily what data attribute is being collected.

For example, I might not mind the fact that you remind me that my yearly subscription is coming to an end a month or weeks in advance. What I do mind is you sending me an unsolicited email telling me that the shirt I wore to work today would look great with your new pair of designer slippers. Companies that combine data privacy with data use will, in the long-term, benefit from creating value through relevant communication all while increasing consumer trust over time.

Now, imagine meeting with your CEO to explain your customer growth strategy two days before she receives regulatory fines for privacy violations related to a recently concluded email campaign? Can you say no to a Promotion? Or would you be crafting your resignation letter because you might be out of a job?

Learn more about GDPR in the DMI short course on GDPR.


DeAndre Harriott

DeAndre Harriott is the Digital Marketing Strategist at Symptai Consulting Ltd., working with a team of highly skilled professionals within the Business Assurance, IT Audit and Security industry. He previously worked as a Marketing Associate with the University of the West Indies Mona Sports Development Department on event planning, content creation, and photographs.

Upgrade to Power Membership to continue your access to thousands of articles, toolkits, podcasts, lessons and much much more.
Become a Power Member

CPD points available

This content is eligible for CPD points. Please sign in if you wish to track this in your account.