Give it Away
Most consumers care about their personal data privacy but don’t know how to: a) take back their data, and b) monetize their data. Not only are governments stepping up regulations to protect consumers, but awareness around the value of personal data is starting to proliferate across the media. As consumers realize the value of their personal data, they may be inclined to protect it and find a way to monetize it. And they may realize that they have zero visibility on who has what of yours, and how they are using it.
Here is what happens when we use social media, applications, and websites. In exchange for free access, we provide (often voluntarily) details about who we are, what we do, where we are, our interests, apps we use, Internet pages we visit, who our friends are, and much more. Companies create a profile about you from your personal data, which is then packaged by companies like Oracle and sold to brands and data companies. The providers of personal data collect fees for selling your info (Facebook made about US$48 million on Americans and Canadians in Q1F21). Even the largest social media companies use third-party data to enhance their profile about you because you are not only a user and promoter of their platforms, but you are also their product.
Brands and websites monetize your data while you get squat (except for annoying ads).
Social media, apps, and websites monetize your personal data, and you get squat. Worse, we know that many of the largest companies aren’t good stewards of our personal information. Your data is circulating around the Internet and stored in data centers waiting to be hacked, the consequences of which can be devastating as this man discovered years ago.
Consumer Privacy is Paramount
Data breaches are a regular occurrence. The March 2020 attack on adult website Cam4 exposed 10.88 billion records that included subscriber names, email addresses, chat logs, and payment logs. And a year later, data breaches have not subsided: a January 2021 data breach at Chinese social media company Sociallarks.com exposed 200 million records; clothing store Bonobos saw 12.3 million records breached in January 2021; also in January 2021, a breach dating app MeetMindful affected 2.28 million users. Perhaps the Facebook breach in April 2019 that affected 533 million users in 106 countries was the most prominent in the media, especially after all the data was leaked for free. You can read Facebook’s response HERE.
Well before these data breaches occurred, some governments took action to hold enterprises responsible to not only safeguard consumer data but also require consent to collect, amalgamate, and monetize personal data. The European Union implemented General Data Protection Regulation (“GDPR”) in May 2018 to protect the data and privacy of citizens. Organizations, both European and non-European, breaching GDPR can be fined up to the greater of 4% of annual global turnover or €20 million. A company can be fined 2% for not having their records in order, not notifying the supervising authority and data subject within 72 hours of a breach, or not conducting impact assessments. Okay – these fines aren’t onerous for larger non-compliant firms, leading us to believe that the bigger reason for GDPR is to inform consumers about how companies are collecting, amalgamating, and monetizing their personal data.
Although the United States doesn’t have a comprehensive national law like GDPR that regulates the collection and use of personal data, the Data Care Act of 2018 sought to protect personal information online and penalize companies that fail to safeguard the data. However, it was never acted upon by the Committee tasked to study the Act. However, Senator Brian Schatz from Hawaii reintroduced the bill on March 23, 2021 and proposes that the Federal Trade Commission the enforcement authority.
In parallel, Representative Suzan DelBene from Washington reintroduced the Information Privacy and Data Transparency Act that would adapt state privacy laws and proposals into a national standard for data privacy. The lack of U.S. national data privacy laws did not prevent states from implementing their own laws. On January 1, 2020, California took the lead with its California Consumer Privacy Act, (“CCPA”), giving consumers new privacy rights to control their personal information. Virginia passed its Virginia Consumer Data Protection Act (“VCDPA”), scheduled to go live January 1, 2023. Colorado passed its Colorado Privacy Act on June 8, 2021 and takes effect in July 2023. And as Exhibit 1 shows, most U.S. states are in the process of establishing data privacy laws (Exhibit 1). However, most bills have failed in committees (the initial stages) and will likely be reintroduced, similar to what happened in Virginia and Colorado. But the key takeaway is that consumer data privacy is top-of-mind for U.S. politicians.
Exhibit 1: The majority of U.S. states are actively looking to pass data privacy laws
Canadian lawmakers also want to strengthen consumer privacy laws. The Personal Information Protection and Electronic Documents Act (“PIPEDA”) sets the rules for how private-sector organizations collect, use, and disclose personal information in the course of for-profit, commercial activities across Canada. However, Bill C-11, the Digital Charter Implementation Act, 2020, would repeal parts of PIPEDA and replace them with a new laws governing the collection, use, and disclosure of personal information for commercial activity in Canada. The Bill would enhance the role of Canada’s Privacy Commissioner in overseeing business compliance.
Businesses at Risk
Many business models are dependent upon the collection, amalgamation, and monetization of our personal data, so businesses – including the largest tech enterprises – are concerned. Their main data inputs are at risk, and our next report will explain why.
The information and recommendations made available through our emails, newsletters, website and press releases (collectively referred to as the “Material”) by Sophic Capital Inc. (“Sophic” or “Company”) is for informational purposes only and shall not be used or construed as an offer to sell or be used as a solicitation of an offer to buy any services or securities. In accessing or consuming the Materials, you hereby acknowledge that any reliance upon any Materials shall be at your sole risk. In particular, none of the information provided in our monthly newsletter and emails or any other Material should be viewed as an invite, and/or induce or encourage any person to make any kind of investment decision. The recommendations and information provided in our Material are not tailored to the needs of particular persons and may not be appropriate for you depending on your financial position or investment goals or needs. You should apply your own judgment in making any use of the information provided in the Company’s Material, especially as the basis for any investment decisions. Securities or other investments referred to in the Materials may not be suitable for you and you should not make any kind of investment decision in relation to them without first obtaining independent investment advice from a qualified and registered investment advisor. You further agree that neither Sophic, its, directors, officers, shareholders, employees, affiliates consultants, and/or clients will be liable for any losses or liabilities that may be occasioned as a result of the information provided in any of the Material. By accessing Sophic’s website and signing up to receive the Company’s monthly newsletter or any other Material, you accept and agree to be bound by and comply with the terms and conditions set out herein. If you do not accept and agree to the terms, you should not use the Company’s website or accept the terms and conditions associated to the newsletter signup. Sophic is not registered as an adviser or dealer under the securities legislation of any jurisdiction of Canada or elsewhere and provides Material on behalf of its clients pursuant to an exemption from the registration requirements that is available in respect of generic advice. In no event will Sophic be responsible or liable to you or any other party for any damages of any kind arising out of or relating to the use of, misuse of and/or inability to use the Company’s website or Material. The information is directed only at persons resident in Canada. The Company’s Material or the information provided in the Material shall not in any form constitute as an offer or solicitation to anyone in the United States of America or any jurisdiction where such offer or solicitation is not authorized or to any person to whom it is unlawful to make such a solicitation. If you choose to access Sophic’s website and/or have signed up to receive the Company’s monthly newsletter or any other Material, you acknowledge that the information in the Material is intended for use by persons resident in Canada only. Sophic is not an investment advisor nor does it maintain any registrations as such, and Material provided by Sophic shall not be used to make investment decisions. Information provided in the Company’s Material is often opinionated and should be considered for information purposes only. No stock exchange or securities regulatory authority anywhere has approved or disapproved of the information contained herein. There is no express or implied solicitation to buy or sell securities. Sophic and/or its principals and employees may have positions in the stocks mentioned in the Company’s Material and may trade in the stocks mentioned in the Material. Do not consider buying or selling any stock without conducting your own due diligence and/or without obtaining independent investment advice from a qualified and registered investment advisor. The Company has not independently verified any of the data from third party sources referred to in the Material, including information provided by Sophic clients that are the subject of the report, or ascertained the underlying assumptions relied upon by such sources. The Company does not assume any responsibility for the accuracy or completeness of this information or for any failure by any such other persons to disclose events which may have occurred or may affect the significance or accuracy of any such information.
The Material may contain forward looking information. Forward-looking statements are frequently, but not always, identified by words such as “expects,” “anticipates,” “believes,” “intends,” “estimates,” “potential,” “possible,” “projects,” “plans,” and similar expressions, or statements that events, conditions or results “will,” “may,” “could,” or “should” occur or be achieved or their negatives or other comparable words and include, without limitation, statements regarding, projected revenue, income or earnings or other results of operations, strategy, plans, objectives, goals and targets, plans to increase market share or with respect to anticipated performance compared to competitors, product development and adoption by potential customers. These statements relate to future events and future performance. Forward-looking statements are based on opinions and assumptions as of the date made, and are subject to a variety of risks and other factors that could cause actual events/results to differ materially from these forward looking statements. There can be no assurance that such expectations will prove to be correct; these statements are no guarantee of future performance and involve known and unknown risks, uncertainties and other factors. Sophic provides no assurance as to future results, performance, or achievements and no representations are made that actual results achieved will be as indicated in the forward looking information. Nothing herein can be assumed or predicted, and you are strongly encouraged to learn more and seek independent advice before relying on any information presented.