Why This Year’s Data Privacy Day is Different
- Einat Etzioni
- January 28, 2020
Since Data Privacy Day (Data Protection Day in Europe) was first observed on January 28, 2007, the holiday’s themes have only become more urgent – themes of education, awareness, and safe practices among both businesses and individuals.
But this year is different.
That’s partially because of technological trends and partially because of consumer sentiment. But most of all, it’s because this is the first year in which companies must contend with strict consumer privacy laws in both Europe and the United States.
Like Data Privacy Day itself, the trend toward increasingly strict privacy laws started in Europe, where the European Union’s General Data Protection Regulation (GDPR) went into effect in May of 2018. The very next month, the State of California passed the California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020.
Both the GDPR and the CCPA are worded to regulate even companies based beyond the borders of the EU and the State of California respectively, and both laws threaten potentially severe fines for any violations. Moreover, these laws have inspired similar legislation in other U.S. states and in countries around the world.
In other words, the legislative push to restrict the collection, sale, and use of consumers’ personal information is both global and forceful. That makes protecting individuals’ privacy a more financially critical matter for companies this year than ever before.
But at the same time, today’s technological landscape makes complying with consumer privacy laws an increasingly complicated and time-consuming process. In large part, that’s because today’s websites rely so heavily on embedded third- and fourth-party services.
How embedded services challenge consumer privacy
Rather than spend time and resources developing sophisticated web apps in-house, today it is common for companies to integrate third-party services into their websites. These services can add sophisticated functionality to webpages, such as displaying embedded videos, social sharing buttons, and paid ads. They can also make webpages more interactive and gather useful data about end users’ behavior.
But while this model of web development can be very efficient, it can also create serious consumer privacy risks. By default, a service embedded into a given webpage can access any data from that page – including its URL, cookies, and storage. As a result, sensitive information can be vulnerable to data breaches if it is left unencrypted on a webpage in which third-party services are embedded.
And the risk doesn’t stop with third-party vendors.
As the variety of available third-party services has grown, it has become common for these services to themselves integrate other third-party services. As a result, today many companies’ websites rely on fourth-party services provided by vendors that these companies may not even be familiar with. In fact, we at Namogoo have found that roughly 40% of websites’ embedded services are provided by fourth parties rather than third parties.
The bottom line is that any company puts its customers’ personal data at risk if leaves that information exposed or fails to keep tabs on what its website’s embedded services are up to.
Keeping track of those services is no small feat (although it can be made far more efficient and reliable with technology such as our Customer Privacy Protection solution). But it is a necessary undertaking for any business committed to ensuring its customers’ privacy.
Here at Namogoo, we’re taking the time today to reflect on why that mission of protecting consumers’ privacy is so critical. And we keep coming back to three main reasons.
Why businesses must prioritize consumer privacy
There’s no question that the consumer privacy laws of today (and undoubtedly tomorrow) make it important for companies to comply so as to avoid the risk of significant legal penalties. If there was any doubt that violations of the GDPR would be taken seriously, last year’s proposed $229 million fine of British Airways made it clear that the law has real teeth. And while we have yet to see how the CCPA will be enforced in practice, it enables individuals to sue (either individually or collectively) companies that have violated their privacy – with potential penalties reaching up to $750 per individual violation (or even higher, should actual damages exceed that amount).
At the same time, it’s increasingly clear that keeping consumers’ trust regarding their privacy is good for business. The 2019 edition of an annual study by IBM and the Ponemon Institute found that the average data breach costs the affected company $1.42 million in lost business alone (out of a total cost of $3.92 million). And in a 2017 survey by PwC, a whopping 88% of consumers said their willingness to share personal information with a company would depend on how much they trust that company.
But most importantly, we believe that ensuring your customers’ privacy is simply a matter of treating them right. While data breaches and privacy violations can be expensive for businesses, they can be truly traumatic for the individual people who see their trust violated and their personal details exposed. And for those of us who work for companies that rely on collecting and using customer data, it is important to remember our obligation to those who entrust us with their sensitive information.
For us at Namogoo, that commitment to treating customers right is a core part of who we are. Because today’s websites rely so heavily on embedded services, ensuring consumers’ privacy requires detailed, real-time insights into those services’ collection of data. By providing companies with the information they need to protect the privacy of their customers, we are proud to help make the internet a little safer for both businesses and individuals.
On this Data Privacy Day, we hope you’ll join us in taking time to reflect on the importance of customer trust – not just of gaining that trust, but of continuing to earn it day after day.
What information is being collected by the third-party services embedded in your website? And what data are you exposing to them? To find out whether you could be compromising your customers’ privacy, get a free privacy risk analysis today.