I am working on a project at Sony related to customer data consent that I made way too complicated. As a customer, you control what vendors can do with the information you provide them. In most of the United States, purchasing a product or service requires you to opt-in to a data agreement for the company using your data before you can make the purchase. California and Europe have laws that require vendors to allow you to opt-out of letting them use it. While nobody wants their personal information sold so another company can send you unwanted advertisements, vendors often use your information to customize your experience with their product. For instance a video streaming service can use your previous viewing history to recommend new movies or shows that you may be interested in watching.
The conversations I participated in a few weeks ago led me to believe that my team would want to keep track of various levels of data tracking for our customers. I felt we should have a number of different flags for how much data we can share. For instance, we should keep track of if people will let us sell their personal data to receive advertising e-mails. Ultimately we don't need to keep track of that because:
- Nobody in their right mind would want to receive more junk e-mail
- Sony doesn't sell our customer data to other companies
I created a number of other consent flags I thought people wanted to keep track of only to discovered they similarly are not needed. Ultimately all my team needs to do is keep track of being able to customize our users' experiences or not. People that opt out of letting us use their data get the most popular recommendations while everyone else will have more a more personalized experience.
California has the California Consumer Privacy Act (CCPA) and Europe has the General Data Protection Regulation (GDPR) that impose very strict requirements on what companies can do with your data. They came about because certain companies decided they could make more money by selling customers' data than actually selling products. These laws are there to protect you from such bad actors. Unfortunately that means companies that sincerely have your best interest in mind have to do a lot of explaining so that you will allow them to use your data for your benefit.
Laws meant to protect ultimately complicate things. I am discovering that I need to then unravel the complexities and try to keep things simple. Simple systems work, complex ones tend to be much more fragile.
No comments:
Post a Comment