Few would disagree that we are accelerating ever faster toward a world where data about people and things plays an increasingly important role in our lives, society, and economy. Today I want to share some ideas on how America can do a better job in dealing with this abundance of data. Data shapes virtually every interaction between companies and consumers. The vast areas of the internet that rely on ad revenue support millions of jobs, contribute over a trillion dollars to GDP, and enable access to free services and information online. Advertising and marketing are the best cross-subsidization of free speech that exists. And third-party data is not only essential to sustain a free internet, it also helps to prevent fraud and create a level playing field for companies of all sizes to provide world-class customer experiences.
Our country is rooted in deep beliefs about personal freedom and choice, fairness, the ability for anyone with a great idea to succeed as entrepreneur, freedom of the press, and the need to prevent monopolies from having too much control over our lives. We are rapidly approaching a moment of great importance in our society – in the wake of recent congressional testimony and data scrutiny there has never been more support for legislation that addresses accountability for the uses of data and increases consumer control. How we apply our beliefs and values as a country in this moment is critical. We need to get this right.
Acxiom, like many other conscientious companies, believes that everyone who handles data must be transparent and accountable for ensuring it is used in ways that benefit consumers and protects them from harm. We have been a leader in ethical data practices for decades, because innovation typically outpaces law making, and we believe it’s our responsibility to ensure ethical outcomes for data use. Beyond merely addressing what is legal, our policies encompass what is just to prevent individual harms and what is fair to ensure all stakeholders – including consumers, societies, and economies – benefit from how data is used. And we enforce our policies through governance practices that are rigorous, demanding, and effective.
Although many data privacy bills with excellent elements have been proposed in recent months at the state level, having different requirements for each state can create a lot of complexity. Imagine how much confusion it would create for farmers and consumers if each state had its own food safety rules and equivalent of the FDA. We can’t have a recipe for chaos. Privacy legislation should take place at the federal level to protect all consumers equally, enable a diverse free press, and enable businesses of all sizes to thrive in a data-driven world. We wholeheartedly embrace and welcome legislation that brings real protections to consumers, while staying true to the values and beliefs that are so core to what makes our country, and our economy, unique and strong in the world. To support these goals, we believe the policy debates taking place now should center on five key principles:
1. Consumers must have effective controls. We have always believed that legislation should include clear requirements for meaningful transparency, notice, choice, and control. We need to get to a place where consumers can view data about them that an organization collects or uses, privacy notices are as simple to read at a glance as traffic signs, and individuals can easily opt-out of data uses that don’t involve protecting others from harm. While “traffic sign clarity” for notices may be the answer for small screens, we also have to innovate equivalent controls for no-screen applications, like the Internet of Things – this goes to accountability rules for data collection and use. We need thoughtful legislation that addresses this reality. The answer isn’t in building thicker walls and giving more power to the largest technology companies – this would harm every other company in the world. Rather, everyone wins when data is democratized, so that it can be more freely shared within the boundaries of effective governance and consumer control.
2. Data collection must follow ethical practices. If data cannot be collected, innovation will be stymied – and that’s bad for everyone. Stronger guardrails will allow for progress yet also create stronger protections. Data must be collected in accordance with published privacy policies, and organizations should be responsible for validating that external data suppliers collect data ethically and govern that data in accordance with permissions and prohibitions for its use.
3. Data uses must be ethical and deliver clear consumer benefits. Data can be used for incredible good, but can also be used nefariously. Just as home thermostat settings can be used by power generators to forecast peak power use and better conserve energy, so too can that data be used by thieves to determine when people might be on vacation. We must find a way to accelerate progress while protecting against malfeasance. Data should be used in accordance with the promises made to the consumer at the point of origination, and any additional uses must be enabled in an accountable manner. Europeans call this “legitimate interest” and other countries refer to this as “beneficial purpose.” This accountable use should involve passing a balancing test for providing value to consumers, societies, and economies.
4. Organizations must ensure policies are enforced. Given the ubiquity of data, data ethics cannot simply be the obligation of a select few – it must be the responsibility of all who utilize data. Just as democracy requires the participation of all citizens, the democratization of data needs similar cooperation in order to optimize outcomes. Organizations should be required to implement accountability-based governance programs that include hiring a data privacy officer, enforcing controls through Data Protection Impact Assessments (DPIAs), educating employees, and performing independent risk audits.
5. Organizations must protect the data that’s in their care. Data is valuable and essential, and its utilization should also carry an expectation and obligation of responsible stewardship. Organizations should pass annual third-party audits of their security practices and be required to notify consumers of a breach within a specified amount of time.
These are not new principles for Acxiom, and I’ve made similar appeals in the past. Today we are renewing our commitment to supporting change in the data industry and raising our hand to help lead the charge. We welcome the opportunity to collaborate with policy makers, consumer advocates, industry players, technologists, and others committed to righting the data governance ship.
Crisis can be a catalyst for change, and we must not let this moment pass us by. We have an opportunity to democratize how data is used in our society by increasing visibility and control for consumers and by ensuring that everyone in our data-driven economy has an equal opportunity to collaborate and thrive. It’s up to all of us to ensure this happens, and we must take action to create this future starting now. Let’s democratize data and change the world for good.