When consumers are shopping online for items like luxury clothing, shoes, and accessories, they don’t just need to trust that the prices are accurate or that their purchases will arrive on schedule.
They also need to trust that their personal information — including their names, their addresses, and their credit card numbers — won’t fall into the wrong hands or be used inappropriately.
Many consumers are increasingly aware, for instance, that keying in their data could leave them open to a barrage of marketing tactics from brands that share it with third parties without their consent. In other cases, a failure to protect customers’ private information could mean they are targeted with phishing schemes to steal more data or even ransomware attacks that cause them financial harm.
Privacy by design is a framework that allows brands to deliver on the expectation they can be trusted with customer data. In doing so, they can avoid significant privacy risks while building confidence and loyalty at the same time.
What Is Privacy By Design?
Privacy By Design offers a consistent set of principles that allow any organization to approach information protection, personal consent, and other issues surrounding the collection, storage, and management of data.
Though it might seem obvious why we need these principles now, it took foresight to develop them before e-commerce had become as common as it is today. It was former Information and Privacy Commissioner for the Government of Ontario Ann Cavoukian who recognized an emerging need and acted accordingly.
“With the shift from industrial manufacturing to knowledge creation and service delivery, the value of information and the need to manage it responsibly have grown dramatically,” she wrote in a white paper first published in 1995. “While we would like to enjoy the benefits of innovation − new conveniences and efficiencies − we must also preserve our freedom of choice and personal control over our data flows.”
The problem, Cavoukian noted, was that technology tends to evolve at such a rapid pace that safeguards to protect personally identifiable information (PII) have sometimes failed to keep up. This means that both brands and their customers can be caught off-guard by how private data is exposed.
Though it had its origins in Canada, Privacy By Design became an international standard in 20210 following a resolution by the Global Privacy Assembly, which represents privacy commissioners from around the world.
Why Is Privacy By Design Important?
If e-commerce is to become more than a simple series of transactions, brands need to be able to gather customer data and use it to personalize the experiences they offer. This could include recommending additional or complimentary items when a customer is making a purchase, for instance, or approaching them with a special promotion or discount offer at a time when they’re most likely to be interested.
Personalization is only possible, however, when customers aren’t worried that their privacy will be compromised as a result. Unfortunately, privacy violations that have made headline news, coupled with incidents they may have experienced personally, have created greater suspicion about privacy risks by a growing segment of the public.
Earlier this year, for instance, the Boston Consulting Group released the results of a research project it undertook in partnership with Google that focused on consumers’ privacy perceptions.
Based on a survey of more than 1,000 people across the U.S. and Canada, the study found that 57 percent of consumers suspect brands are actively selling their data, even when this is not the case. There was also concern about what kind of information brands are collecting. Only 20 percent were comfortable with brands monitoring their activity on the company’s website, and even fewer (11 percent) were willing to share their activity on other brands’ websites.
On the other hand, people were open to sharing specific information with a company if they felt confident their privacy would be respected. This includes their gender, age, zip code, and email addresses.
Privacy By Design is not only a way to strike the balance between information collection and use that the public wants. It’s also an approach that helps achieve compliance with an ever-growing number of regulations and laws intended to mitigate privacy risks.
In the European Union, for example, the arrival of the General Data Protection Regulation (GDPR) in 2018 introduced new rules around how firms handle personally identifiable information (PII), notify customers about breaches, and transfer data. GDPR not only applies to brands based in the E.U. but those who do business there.
The California Privacy Rights Act (“CPRA”), meanwhile, will expand the California Consumer Privacy Act (“CCPA”) beyond consumer protection by granting employees additional rights over their personal information. Canada has similar rules in place, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Canadian Anti-Spam Legislation (CASL).
Failure to adhere to these rules can lead to significant penalties, which is all the more reason to explore Privacy By Design’s seven principles today.
Privacy By Design Principles
In some respects, the principles in Privacy By Design are based on common sense and provide an early example of truly customer-centric thinking. They are freely available to read online, but here’s a summary of each one, with an eCommerce context in mind:
1. Privacy Should be Proactive, Not Reactive; Preventative, and Not Remedial
If you only discover you’ve set up an eCommerce customer journey that puts privacy at risk after an incident has occurred, you’re too late. Privacy should be thought through at the outset of any project where a customer experience is being designed.
2. Privacy As The Default Setting
When you buy a smartphone or tablet, you’ll find areas like the brightness of the screen and the notification, sounds have already been set for you. Similarly, privacy controls should be in place without customers having to make adjustments on their own to protect their data.
3. Privacy Embedded Into The Design
Ecommerce experiences will continue to evolve, whether it’s offering goods through additional channels or the way customers can learn more about each product.
That may involve using their data in new ways or asking them to provide more of it. Either way, privacy can’t be something that is bolted on or added after the fact. You should be able to build upon the privacy protection you’ve already included in the design of your experience, even as it changes.
4. Full functionality — Positive-Sum, Not Zero-Sum
Consumers should never have to feel like they’re giving up their data as a trade-off for getting access to the best features of your service.
Similarly, you should be aiming to offer digital experiences that are both private and secure, not suggesting that these things are somehow opposing goals.
5. End To End Security — Full Lifecycle Protection
Consumers may have privacy top of mind when they are keying in data, but the same level of protection needs to be in place throughout their journey. This includes ensuring that data that doesn’t need to be stored is securely discarded. There should never be lingering questions among your customers about what happens to their data at any stage of their relationship with a brand.
6. Visibility And Transparency — Keep It Open
GDPR offers a good example of this principle: Shortly after it was introduced most websites introduced a banner on their homepage which makes it clear that a brand will use “cookies” to collect third-party data, and ask visitors to agree or not. Never assume customers will fully understand all the ways their private data might be used. Better to over-communicate, and to verify that consumers understand.
7. Respect For User Privacy — Keep It User-Centric
Do you have a preference center that allows people to choose whether they want to receive e-mail, text notifications, or other outreach? Do your efforts at personalization truly aim to enrich the experience of your customers, or simply serve your business objectives?
Acting in a user-centric way means you’ll walk a mile in your customers’ shoes, which makes it easier to identify where privacy could be improved.
Benefits Of A Privacy By Design Approach
In its most recent Global Consumer Privacy Survey, consulting firm EY found 54% of consumers are more conscious of the personal data shared through digital communication than they were before the start of COVID-19. They also know they have a choice of whom they want to share that data — and which organizations they’ll avoid altogether. Besides secure collection and storage of their data, which was cited by 63%, having control over what data they share is one of the most critical factors in consumers’ minds.
Privacy By Design solves these issues with principles that keep customer interests at the heart of digital experiences. It offers added benefits by being broad enough to be applied in a wide variety of contexts.
Whether the future of eCommerce happens through websites, mobile apps, or even the metaverse, the seven Privacy by Design principles can inform a privacy-first approach to experience design.
Finally, Privacy By Design’s endorsement from the international privacy officer community means it will provide an onramp to complying with both existing and future regulations.
The current explosion of eCommerce growth makes this an opportune moment to embrace Privacy By Design — not simply behind the scenes, but in a public way that serves as an example for others to follow.
When shopping for marketing or marketplace integration solutions, therefore, always evaluate the way vendors approach privacy and compliance in addition to the actual functionality and capabilities of the platforms. Feed management solutions are inevitably intertwined with customers’ personal information, be it order data and/or pixel information. Hence, always make sure customer data is processed according to channel privacy requirements.
Contact Highstreet.io for more information.