Start with the individual. It is seductive to argue that each person should have ownership rights over their data. Yet unless laws change radically, in practice it is hard to wrest control back from the tech platforms, because an individual’s bargaining power is woefully weak. Fortunately, other options are surfacing.

One is a subscription model, along the lines of Netflix or Spotify. Another option is to start gathering data on behalf of the individual from all sorts of sources. Inrupt, for instance, is working with the government of Flanders, a region of Belgium, to give every citizen a “pod” to store personal data. It hopes private firms will build user-friendly apps around the data, with people’s consent, says John Bruce, its co-founder. The better the apps, the more eager people will be to furnish it with their data. In India something similar is happening in financial services. Individuals’ and firms’ financial data can be transferred to financial-services firms via “account aggregators” that obtain the owners’ consent. This can help speed up credit-scoring and loan underwriting. It could also be an alternative to huge data guzzlers such as Ant Financial, a Chinese fintech firm.

Consumers are taking more control of their personal data, and it is beholden on businesses to give them the tools they need to do that. Blaine Carter, Chief Information Security Officer of Franklin Covey, said that privacy and consent have become product differentiators. “We’ve seen that with Franklin Covey. We’ve seen a lot of customers who do want to feel like they can trust you with their information.”

Trust, consent, and a genuine value exchange sit at the heart of the new relationship between buyer and seller, he said. “When we’re talking about value exchange, we started rolling out features where we’re very honest and upfront with how we offer value in exchange for personal information.”

In the past, he said, it would have been rare for him to meet with the Chief Marketing Officer. Marketing always seemed to be too busy to meet with Information Security. Together, Marketing and Information Security understood that they really needed to be honest and upfront with how they were gathering information, as well as what kind of choices needed to be made.

With Google’s latest decision to strip Search Terms data insights from advertisers (some agencies have reported around 25%-30% or more of data loss), the frustrated outcry has caused some to begin throwing around lawsuit language. 

Specifically, there seem to be three main reactions to this change: 

Those who believe that advertisers own the data outright, or at least the data is part of what they are paying for, and thus have every right to all data. These are the most likely to be outraged, as they believe their rights have been stripped away with decisions such as this.
Those who believe Google (or the platform) owns the data, and that advertisers are simply playing within the elected program. These are the most likely to ignore the recent hubbub (or even this article!) and simply believe that advertisers should roll with the changes.
Those somewhere in the middle. They may not have a hard and fast opinion on who does or does not own the data, but they also believe that advertisers do have certain rights and the platform cannot simply do what it wants without potential legal ramifications or oversight.

A new consensus is emerging about the value of data. It carries immense potential in supporting analytics, personalization and other imperatives. Today’s consumers, especially younger individuals, increasingly expect products and services tailored to their needs. One survey found that 70% of customers say understanding how they use products and services is very important to winning their business. In fact, data is becoming so important that in many ways it can be considered an emerging currency.

As new data privacy laws emerge and people become more aware about the use and value of their data, the responsibilities of data collectors are increasing. Fundamental to the value of data is maintaining its security and integrity. Implementing proactive security measures such as public key infrastructure (PKI) can be a crucial foundation to safeguard data. PKI uses digital certificates to encrypt data in transit; authenticate devices to users, servers and other devices; and ensure that only authorized and signed code runs on the device to prevent malware and other attacks. PKI helps identify users and their devices to provide important protection.

Looking beyond technology, transparency is another key responsibility. Consumers must remain informed and demand greater transparency into how their data is being used. Businesses and manufacturers should build security and transparent collection of data into their practices. At the same time, companies should inform their customers of the processes used to keep them safe. Together, businesses and the consumers they serve can succeed in protecting the confidentiality and integrity of data, as it becomes more valuable in our dynamic, data-driven world.

By 2023, 65% of the world’s population will have its personal data covered under modern privacy regulations, up from 10% in 2020, according to Gartner, Inc. “Security and risk management (SRM) leaders need to help their organization adapt their personal data handling practices without exposing the business to loss through fines or reputational damages.”

SRM leaders should adopt key capabilities that support increasing volume, variety and velocity of personal data by putting in place a three-stage technology-enabled privacy program: establish, maintain and evolve.

The establish stage includes foundational capabilities of a privacy management program. The maintain stage allows organizations to scale their privacy management programs. The evolve stage includes specialist tools that focus on reducing privacy risk with little or no impact on the data utility. 

Currently, consumers feel duped or intentionally kept in the dark by companies who use their data: 89% of US consumers think companies are deliberately vague about how the “data for benefit” exchange really works, according to 2019 findings from Wunderman Thompson Data.

Consumers are clamoring for agency over how their info used—and part of that agency includes an assessment of their data’s worth. This is spurring a new value exchange—one that operates with data as the primary currency.

As the data economy develops, brands will need to give consumers a clear and fair appraisal of their info.

"The decision to kill off third-party cookies is widely regarded as a necessary evil, but who gets to determine their replacement?

The uncertainty has prompted some companies to develop turnkey solutions that are privacy compliant. Google—whose decision to eliminate third-party cookies from Chrome by 2022 created the vacuum—also has a solution, as does ad retargeting kingpin Criteo.

Whichever technology emerges, it will address critical advertiser capabilities including ad targeting, frequency capping, user privacy and attribution. And it will enable an enormous advertising market; last year, third-party cookies helped fuel nearly 30 percent, or $38 billion, of all U.S. digital ad spend."

evervault is the Dublin-based internet infrastructure company founded by Shane Curran. It has closed a $16 million Series A investment round led by Index Ventures. Existing partners Sequoia Capital, Kleiner Perkins and Frontline Ventures also participated — alongside angel investors including Dylan Field (CEO, Figma), Kevin Hartz (co-founder, Eventbrite), Olivier Pomel (CEO, Datadog) and Alex Stamos (former Chief Security Officer, Facebook). The new investment takes the total raised by the company to over $19m.

evervault is building the API for data privacy. The core API functionality is privacy cages, which empower developers to process highly sensitive data in a fundamentally new and better way which is simple, scalable and privacy-preserving. evervault allows companies to focus on doing what they do best: building their product.