• by Rick Mandler , March 14, 2019

Recently, Facebook CEO Mark Zuckerberg published a new company manifesto called “A Privacy-Focused Vision for Social Networking.” 

Zuckerberg acknowledged Facebook’s poor privacy track record: “Frankly, we don't currently have a strong reputation for building privacy protective services.”

He outlined a new approach for the company, in which Facebook built services that allow people to communicate privately. Apart from acknowledging the extreme examples of terrorism and exploitation, he doesn’t say how he will address the real concern.

Nor is he changing Facebook’s basic model of hoovering up data and using it for marketing.

The Facebook CEO is responding to the growing concerns about how the digital world impacts our privacy. Here’s how they should be addressed.

Let me start with two questions. Have you ever read a company's terms of service or privacy policy? Have you navigated through your social-media service’s privacy settings to establish what data they can collect and how they can use it?

For most people, the answer is “no.” According to Deloitte, 91% of us don’t read the terms of service. Most are not equipped with the knowledge base or willing to spend the time needed to navigate through privacy policies. In 2008, one study estimated it would take a typical internet user 244 hours a year to do so!

When we use a “free” service, the real “cost” involves giving a company access to our data.  But we don’t know what we are giving up; we are not in a position to assess whether it’s a good deal. Spoiler alert: it’s not.

Without knowing the terms of a deal, how can one ensure fairness?

As my colleague Pooja Midha says, with transparent value exchange, everybody can win. 

Free services like Facebook and Google don’t offer content, they offer functionality. And they offer it in exchange for consumers’ time and attention paid to advertising. But the unique, bidirectional nature of internet-based services allows for a second source of value to flow to a service provider: data. 

And data is where the real money is.

A recent MarTech survey asked consumers whether they would be willing to share their data for a price and what price. A majority (57%) said it was worth a minimum of $10. This stands in stark contrast to the true value of their data.

Facebook’s average annual revenue per user in the U.S. and Canada was reported to be near $112 in 2018, per Daze.

Consumers have to choose whether they are willing to abide by the myriad privacy policies of various companies they engage with over the internet. It puts the burden on the party with the least information, and in the worst position to understand what they are getting into.

I have a better idea: My data, my rules.  

Imagine if you could go to a central site and establish what data can and cannot be collected from you, and at what price.  This becomes your privacy policy.  It follows you around the web; any service you interact with has to abide by it.  If your privacy policy is too restrictive, a service may not be willing to work with you, or work with you for free. But that’s OK!  The value exchange is transparent. You both know what you are giving up and getting -- unlike today.

This would make the digital world easier to navigate and the costs more transparent.

In a my data-my rules world, the consumer is empowered and the value exchange is clear, with information and understanding similar on both sides.  In that world, marketers can be confident the data they use is permissioned.  This reduces their exposure to brand damaging charges of “surveillance capitalism.” 

Like marketers, in a my data-my rules world, technology companies can engage with consumers more safely, knowing collected data is permissioned, reducing the risk of ugly articles in The New York Times and political fallout.

There are two ways this change can happen. The first is government regulation. 

The second is for a few key players to adopt this policy, refusing access to any entity that doesn’t abide by a consumer’s stated privacy policy.  

For example, what if Apple or Google established rules that no app could be available in the app store unless it abided by the user’s stated privacy policy?  Or if a large network operator, like Comcast, Verizon, or AT&T, required everyone engaging with their customers to abide by that customer’s privacy policy? 

With one large player having established this as standard operating procedure, it would be hard for other companies not to follow. What consumer wants to use a service that refuses, as a matter of policy, to follow their preferences?

It is time for a change. Let’s stop hiding behind opacity and complexity. Let’s all live by a simple principle on the internet: my data, my rules.