Give It Away
Most consumers care about their personal data privacy but don’t know how to: a) take back their data, and b) monetize their data. Not only are governments stepping up regulations to protect consumers, but awareness around the value of personal data is starting to proliferate across the media. As consumers realize the value of their personal data, they may be inclined to protect it and find a way to monetize it.
Here is what happens when we use social media, applications and websites. In exchange for free access, we provide (often voluntarily) details about who we are, what we do, where we are, our interests, apps we use, Internet pages we visit, who are friends are… you get the point. Companies create a profile about you from your personal data, which is then packaged by companies like Oracle and sold to brands and data companies. The providers of personal data collect fees for selling your info (Facebook made about US$30 per American and Canadian in Q1F19). Even the largest social media companies use third-party data to enhance their profile about you because you are not only a user and promoter of their platforms, but you are also their product.
They monetize your personal data, and you get squat. Worse, we know that many of the largest companies aren’t good stewards of our personal information. Your data is circulating around the Internet and stored in data centers waiting to be hacked, the consequences of which can be devastating as this man discovered seven years ago.
Consumer Privacy is Paramount
Data breaches are a regular occurrence. The Yahoo! attack in 2013 exposed names, email addresses, dates of birth and impacted 3 billion user accounts and compromised the phone numbers of 500 million users. This past April, UpGuard, a provider of cybersecurity research, reported that two, third-party Facebook apps it analyzed exposed 540 million records. Separately, an app called At the Pool exposed databases that appeared to include data about Facebook user IDs, friends, photos and location check ins, as well as unprotected passwords for 22,000 users.
These types of breaches are one catalyst that prompted the European Union to implement the General Data Protection Regulation (GDPR) in May 2018 to protect the data and privacy of citizens. Organizations, both European and non-European, breaching GDPR can be fined up to the greater of 4% of annual global turnover or €20 million. A company can be fined 2% for not having their records in order, not notifying the supervising authority and data subject within 72 hours of a breach, or not conducting impact assessments. Okay – these fines aren’t onerous for larger non-compliant firms, leading us to believe that the bigger reason for GDPR is to inform consumers about how companies are collecting, using and monetizing their personal data.
Take it Back!
Although the United States doesn’t have a comprehensive national law like GDPR that regulates the collection and use of personal data, the Data Care Act of 2018 introduced to the U.S. Senate in December 2018 seeks to incentivize “online service providers” into protecting certain types of personal data.
California has taken the lead in the U.S. with the California Consumer Privacy Act, (CCPA), giving consumers new privacy rights to control their personal information. The Act used GDPR legislation as its foundation and goes live on January 1, 2020.
CCPA Section 1798.102 applies to California businesses that is any ONE of: a) generating annual gross revenues of $25 million or more, b) receiving or sharing personal information of at least 50,000 California residents annually, or c) 50% of their annual revenue comes from selling the personal information of California residents. The Act grants consumers the right, at any time, to opt out of the sale of their personal data by any business. The Act also specifies that businesses cannot deny goods or services to customers that opt out of the sale of personal data.
But there is a bigger problem than just California for companies doing business in the United States; many U.S. states are in the process of enacting GDPR-like legislation, including: Alabama (SB 318), Arizona (HB 2145), Colorado (HB 1128), Iowa (HF 2354), Louisiana (Act. No. 382), Nebraska (LB 757), New York (Senate Bill S5642), Oregon (SB 1551), South Carolina (H4655), South Dakota (SB No. 62), Vermont (H.764), and Virginia (HB 183). An online survey published by TrustArc in March 2019 found only 14% of companies surveyed were CCPA compliant. With potentially 50 different data privacy regulations, companies operating in the United States that handle personal data may be facing a logistical nightmare.
Don’t Worry Be Happy
Companies are rightfully spooked by personal data laws. Think about the California-based goliaths that will have to comply not only with CCPA for Californian consumers come January 1, 2020 but also all the other states enacting laws to protect our personal data. Several firms stopped doing business in Europe because of GDPR (California’s Drawbridge, Factual and Verve). We haven’t heard how these firms plan to comply with California’s CCPA. Keep the Internet Free, an Internet Association project (see members here), has suggested that CCPA may cause many free advertising supported websites to start charging users for access. This may be a scare tactic to get consumers to back down from opting out of personal data monetization. Or, maybe they are scared and trying to get CCPA amendments because they know the Act will disrupt their business models.
Mining and Selling Your Personal Data
Most people understand that brands pay to place advertisements on websites frequented by their targeted markets. Brands also collect personal data for marketing their products. For example, CVS allows its pharmacy customers to earn up to $50 on prescription refills in exchange for waiving some rights to health care privacy. Grocery store chains, banks and even charities are using and/or selling personal data. What many people may not know is that many brands sell the data they collect to data aggregators known as “data brokers”.
Data brokers track and collect personal information from multiple sources to resell. They collect your data from your online habits, location, surveys, loyalty programs, and even your public records. They then use this data to create profiles and sell lists of profiles that match the targeted markets of brands, so that brands know who to send advertisements. All of this is legal. And it’s a big business, currently worth $76 billion growing to an estimated $200 billion by 2022.
Your Data’s Worth to Digital Advertisers
Our lives constantly change. Today, we’ll buy a new gadget online; tomorrow, we’ll search for a local plumber because a pipe burst at our rental home. This changes our value to data aggregators because our changing lives introduce new data that appeals to new brands. More brand appeal means more money for both the data aggregators and the websites getting paid by brands to advertise to us.
Data Makes Possible, by Western Digital, estimated the worth of personal data to brands by dividing the total U.S. digital advertising spend by the number of Americans accessing the Internet. The 2018 estimate was $341.08 per American. How much are you getting? We’d bet nothing.
Trouble Ahead for Data Brokers
We believe that a major disruption is about to occur in the advertising industry. Your data is the raw marketing material for all companies and suppliers to thrive. Consumer privacy protection laws like the California Consumer Privacy Act allow consumers to opt out of the collection and monetization of their personal data. We believe that the firms collecting and selling data will bear the onus to manage consumer opt-outs. They are the ones who will likely see revenues affected by data privacy laws.
What we find interesting is that data privacy laws have helped consumers to understand that their personal information has monetary value. They’re also increasingly realizing that they aren’t getting paid for their personal info. Consumers may start to ask how they can control and monetize their personal info. In Part III of Give it Away – The Million You Never Made, we’ll share how Freckle (TSXV-FRKL), a Sophic Capital client, has an app called Killi that allows consumers to control and monetize their personal data. We know of no other public vehicle for investors to participate in the consumer privacy rights disruption.
A Speckle of Personal Data Compliance
Freckle is the only personal data company that adheres to consumer compliance regulations like the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR). Freckle accomplishes this through its Killi application, where users select what personal information they choose to add and then monetize. Brands, platforms and companies pay Killi users to complete consumer surveys that add additional layers of behavioural data to their persona. The more personal information Killi users share, the more money they can earn. Killi users can change their privacy preferences, supplying as much or as little personal info they choose at any time. Should the Killi user choose to forego future monetization of their data and delete the application, all personal data used by Killi is also deleted.
Killi does not prevent data brokers from collecting user data; there are thousands of companies amalgamating data unbeknownst to the consumer. However, data sources used by data brokers will be responsible for managing the opt-in and opt-out rights for consumer data collection and monetization. Since there is no U.S. national standard concerning data privacy and several U.S. states are drafting their own legislation, many data sources are likely to generate less revenues going forward rather than deal with the unique data privacy requirements of potentially 50 states. But legislated consumer opt-out rights are not the only negative catalyst that the data sources and data brokers will likely endure as consumer data privacy legislation goes live.
Just like Uber enables consumers to monetize their vehicles and Airbnb allows consumers to monetize their homes, Killi enables consumers to monetize their personal data; the data that publishers, platforms, and data brokers have long exploited for profit without paying you. We previously stated that most consumers have not cared about their personal data, but as they become aware of the value of their personal data and Killi’s ability to monetize it, we believe more consumers will opt-out of the collection and monetization of their personal data through data sources and data brokers. Killi allows consumers to control what data they choose to share. Because Killi users choose what personal data to share and monetize, they effectively opt-in and can opt-out at any time. This means that Killi is GDPR and CCPA compliant. Brands love privacy compliant, high-fidelity, consumer data and will pay Killi users for it. Killi and the consumers split revenues 50/50.
Another Piece Making Killi More Valuable
Offline attribution allows brands to accurately quantify how effective their advertising campaigns have been in driving targeted customers into desired locations. Freckle does this, sourcing location data from 190 million mobile devices generating 100 billion consumer location events each month. Combining location data with the data underpinning advertising, Freckle’s analytics can determine what advertisement, what advertising medium and what vendor drove a consumer to a location. While there are others that also provide this service, they all have their own algorithms. However, by Freckle adding Killi’s high-fidelity, consumer data, they are able to add an identity layer that is compliant with current and proposed privacy regulations that adds more insight than other companies in the space. This is a major competitive advantage that Freckle has not seen elsewhere.
To scale Killi, Freckle plans to acquire more users. Currently the Company is focused on driving higher average revenue per user (ARPU), reducing churn, improving retention/lifetime value and lowering the cost per acquisition (CPA) of a new user. At a certain point there is an “ah-ha” moment when CPA falls below ARPU and retention increases, making every dollar spent on CPA accretive to the bottom line. These metrics are improving, and the Company is getting ready to expand Killi rapidly in both North America and internationally.
To retain users, Freckle will incorporate international partners to increase the number of survey opportunities for consumers. The bi-product of more surveys is that consumers receive more money, closing the gap between CPA and ARPU. All downstream metrics for a KIlli user improves in direct correlation to an increase in money to consumers, meaning for each new penny acquired by a user there is a corresponding reduction in churn, a corresponding increase in retention, as well as a corresponding improvement in lifetime value and virality. The Company, currently operating Killi in USA and Canada will also look to expand internationally to add additional markets to this matrix thereby creating additional options for lower CPA – bringing CPA and ARPU closer and closer together. The Company may also ask users for richer data like a driver’s license, credit card information, and other personal data that can easily be uploaded to the application, which can increase ARPU for the consumer. All personal data that is currently collected and sold can all come under the control of the consumer for them to monetize. People like getting paid, and offering more money is an incentive to keep them using Killi. The longer a Killi user monetizes their data, the more revenue generated (i.e. total lifetime value).
Competitive Landscape is Shrinking
Freckle has three main competitors. Foursquare acquired Placed from SNAP for an undisclosed sum (Bloomberg reported that SNAP paid $125 million for Placed). Placed determines the efficacy of certain ad campaigns by tracking users’ real-time movements, paying users or offer other types of rewards. Factual is an offline attribution competitor as is Cuebiq.
Viewability measurement companies have all been acquired, creating a direct parallel to what we believe will happen to those operating in the offline measurement space.
Viewability Measurement Companies:
- Oracle acquired Moat, a provider of measurement, analytics, and intelligence, for an estimated $850 million;
- Vista Equity Partners acquired a majority stake in Integral Ad Science, technology that maximizes the ability of every brand impression to capture consumers’ attention. The investment size was not disclosed but speculated to be $850 million;
- Providence Equity Partners acquired a majority stake in DoubleVerify, a provider of marketing measurement software, data and analytics that authenticates the quality and effectiveness of digital media. The deal size was estimated at $200 million.
Offline Attribution Companies:
High Insider Ownership
One of Sophic Capital’s key investment tenets is high insider ownership. We like businesses where management has invested a significant amount of capital alongside shareholders. Freckle checks this box nicely. CEO Neil Sweeney, who ran 3 prior start-ups including JUICE Mobile, which was sold to Yellow Pages for $35 million, invested approximately $7 million of his own capital into Freckle. Management and insiders own about 76% of the Company, meaning they are motivated to make the business succeed and make the best financing decisions alongside investors.
THE Reason to Invest
We know of no other way to invest in the growing consumer data privacy regulatory space. Many companies are exploiting consumer data without permission and without compensating consumers. Privacy regulations like GDPR and CCPA are causing third-party data sources, data brokers, and brands to re-evaluate their operations to become compliant. Freckle’s Killi app is the only GDPR-, CCPA-compliant identity tool that we’re aware of that allows consumers to monetize their data.