Give It Away
Most consumers care about their personal data privacy but don’t know how to: a) take back their data, and b) monetize their data. Not only are governments stepping up regulations to protect consumers, but awareness around the value of personal data is starting to proliferate across the media. As consumers realize the value of their personal data, they may be inclined to protect it and find a way to monetize it.
Here is what happens when we use social media, applications and websites. In exchange for free access, we provide (often voluntarily) details about who we are, what we do, where we are, our interests, apps we use, Internet pages we visit, who are friends are… you get the point. Companies create a profile about you from your personal data, which is then packaged by companies like Oracle and sold to brands and data companies. The providers of personal data collect fees for selling your info (Facebook made about US$30 per American and Canadian in Q1F19). Even the largest social media companies use third-party data to enhance their profile about you because you are not only a user and promoter of their platforms, but you are also their product.
They monetize your personal data, and you get squat. Worse, we know that many of the largest companies aren’t good stewards of our personal information. Your data is circulating around the Internet and stored in data centers waiting to be hacked, the consequences of which can be devastating as this man discovered seven years ago.
Consumer Privacy is Paramount
Data breaches are a regular occurrence. The Yahoo! attack in 2013 exposed names, email addresses, dates of birth and impacted 3 billion user accounts and compromised the phone numbers of 500 million users. This past April, UpGuard, a provider of cybersecurity research, reported that two, third-party Facebook apps it analyzed exposed 540 million records. Separately, an app called At the Pool exposed databases that appeared to include data about Facebook user IDs, friends, photos and location check ins, as well as unprotected passwords for 22,000 users.
These types of breaches are one catalyst that prompted the European Union to implement the General Data Protection Regulation (GDPR) in May 2018 to protect the data and privacy of citizens. Organizations, both European and non-European, breaching GDPR can be fined up to the greater of 4% of annual global turnover or €20 million. A company can be fined 2% for not having their records in order, not notifying the supervising authority and data subject within 72 hours of a breach, or not conducting impact assessments. Okay – these fines aren’t onerous for larger non-compliant firms, leading us to believe that the bigger reason for GDPR is to inform consumers about how companies are collecting, using and monetizing their personal data.
Take it Back!
Although the United States doesn’t have a comprehensive national law like GDPR that regulates the collection and use of personal data, the Data Care Act of 2018 introduced to the U.S. Senate in December 2018 seeks to incentivize “online service providers” into protecting certain types of personal data.
California has taken the lead in the U.S. with the California Consumer Privacy Act, (CCPA), giving consumers new privacy rights to control their personal information. The Act used GDPR legislation as its foundation and goes live on January 1, 2020.
CCPA Section 1798.102 applies to California businesses that is any ONE of: a) generating annual gross revenues of $25 million or more, b) receiving or sharing personal information of at least 50,000 California residents annually, or c) 50% of their annual revenue comes from selling the personal information of California residents. The Act grants consumers the right, at any time, to opt out of the sale of their personal data by any business. The Act also specifies that businesses cannot deny goods or services to customers that opt out of the sale of personal data.
But there is a bigger problem than just California for companies doing business in the United States; many U.S. states are in the process of enacting GDPR-like legislation, including: Alabama (SB 318), Arizona (HB 2145), Colorado (HB 1128), Iowa (HF 2354), Louisiana (Act. No. 382), Nebraska (LB 757), New York (Senate Bill S5642), Oregon (SB 1551), South Carolina (H4655), South Dakota (SB No. 62), Vermont (H.764), and Virginia (HB 183). An online survey published by TrustArc in March 2019 found only 14% of companies surveyed were CCPA compliant. With potentially 50 different data privacy regulations, companies operating in the United States that handle personal data may be facing a logistical nightmare.
Don’t Worry Be Happy
Companies are rightfully spooked by personal data laws. Think about the California-based goliaths that will have to comply not only with CCPA for Californian consumers come January 1, 2020 but also all the other states enacting laws to protect our personal data. Several firms stopped doing business in Europe because of GDPR (California’s Drawbridge, Factual and Verve). We haven’t heard how these firms plan to comply with California’s CCPA. Keep the Internet Free, an Internet Association project (see members here), has suggested that CCPA may cause many free advertising supported websites to start charging users for access. This may be a scare tactic to get consumers to back down from opting out of personal data monetization. Or, maybe they are scared and trying to get CCPA amendments because they know the Act will disrupt their business models.
Up Next… The Million You Never Made
Sophic Capital client Freckle (TSXV:FRKL) has an application called Killi that addresses GDPR and CCPA data privacy issues. It allows users to control and sell their personal data directly to brands and platforms and be compensated in cash, bypassing the firms who have been selling this data unbeknownst to the consumer. In Part 2 of Sophic Capital’s Give it Away – The Million You Never Made, we’ll explain how brands and data brokers make money from your personal data.
The information and recommendations made available here through our emails, newsletters, website, press releases, collectively considered as (“Material”) by Sophic Capital Inc. (“Sophic” or “Company”) is for informational purposes only and shall not be used or construed as an offer to sell or be used as a solicitation of an offer to buy any services or securities. You hereby acknowledge that any reliance upon any Materials shall be at your sole risk. In particular, none of the information provided in our monthly newsletter and emails or any other Material should be viewed as an invite, and/or induce or encourage any person to make any kind of investment decision. The recommendations and information provided in our Material are not tailored to the needs of particular persons and may not be appropriate for you depending on your financial position or investment goals or needs. You should apply your own judgment in making any use of the information provided in the Company’s Material, especially as the basis for any investment decisions. Securities or other investments referred to in the Materials may not be suitable for you and you should not make any kind of investment decision in relation to them without first obtaining independent investment advice from a qualified and registered investment advisor. You further agree that neither Sophic, its employees, affiliates consultants, and/or clients will be liable for any losses or liabilities that may be occasioned as a result of the information provided in any of the Company’s Material. By accessing Sophic’s website and signing up to receive the Company’s monthly newsletter or any other Material, you accept and agree to be bound by and comply with the terms and conditions set out herein. If you do not accept and agree to the terms, you should not use the Company’s website or accept the terms and conditions associated to the newsletter signup. Sophic is not registered as an adviser under the securities legislation of any jurisdiction of Canada and provides Material on behalf of its clients pursuant to an exemption from the registration requirements that is available in respect of generic advice. In no event will Sophic be responsible or liable to you or any other party for any damages of any kind arising out of or relating to the use of, misuse of and/or inability to use the Company’s website or Material. The information is directed only at persons resident in Canada. The Company’s Material or the information provided in the Material shall not in any form constitute as an offer or solicitation to anyone in the United States of America or any jurisdiction where such offer or solicitation is not authorized or to any person to whom it is unlawful to make such a solicitation. If you choose to access Sophic’s website and/or have signed up to receive the Company’s monthly newsletter or any other Material, you acknowledge that the information in the Material is intended for use by persons resident in Canada only. Sophic is not an investment advisory, and Material provided by Sophic shall not be used to make investment decisions. Information provided in the Company’s Material is often opinionated and should be considered for information purposes only. No stock exchange anywhere has approved or disapproved of the information contained herein. There is no express or implied solicitation to buy or sell securities. Sophic and/or its principals and employees may have positions in the stocks mentioned in the Company’s Material and may trade in the stocks mentioned in the Material. Do not consider buying or selling any stock without conducting your own due diligence and/or without obtaining independent investment advice from a qualified and registered investment advisor.