Post co-authored with Oded Cnaan, Director Innovation Business Development.
As I said in a previous post, the topic of social media is one I’ll be returning to often.
“There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time.”
George Orwell from “1984″
In the “old days”, before social media sites governed the earth, people were passive spectators in the great “WWW” show. Surfing the Web was about searching and consuming content with very little personal exposure. Back then, passionate discussions were held about the potential danger of cookies as they could reveal your IP address, and most people did not even consider disclosing their email address in public sites.
But this is all water under the bridge. Today, with more than 500 million Facebook registered users and 105 million Twitter users and 370,000 added daily, the rules of the game have definitely changed: most social network sites require users to provide personal profiles. Some sites, like Twitter, ask for only basic information while other, like LinkedIn and Facebook, offer a very detailed profile that includes personal details, employment and education history, likes and interests and more.
Many service providers are already exploring ways for leveraging social media in their business but still hesitate to harness its full power due to privacy limitations. As usual, technology advances much faster than laws. The existing legal and regulatory frameworks in Europe and the US date back to the 1980s and 1990s, and do not provide the necessary means to handle the new era of communications.
European laws and regulations are far more restrictive than those found in the US. Unlike the US which has adopted the “opt-out” model, where people need to explicitly opt-out of services, European legislators have taken the opposite approach of “opt-in”. In Europe for example, it is forbidden to collect or store sensitive private data without specific user consent. Moreover, European laws prohibit the transfer of private information about EU citizens outside of the EU (except for several exceptions like authorized territories and Safe Harbor agreements).
Recently, a new bill, submitted in the US on July 2010, suggested adopting the EU approach and restricting the collection, storage and transfer of information without explicit user consent. It’s not clear when (or if) the bill will pass, but it certainly brings a different and more consumer oriented approach to privacy laws in the US.
To add to the headache, privacy laws are very much territory-sensitive. Although there are federal privacy laws in the US, more than 40 states have legislated their own laws, sometimes adding limitations to protect their residents. In the EU, each country may develop a local set of laws in addition to EU regulations.
Impact on Service Providers
Currently, service providers are using social media primarily to engage with their customers via Facebook pages and applications, broadcast new offers and services, publish real-time service problems, and even receive care requests. Although it is possible to harness social media for more advanced services while complying with relevant laws and regulations, service providers are taking a very prudent approach as social media attracts a lot of public attention.
There is huge potential value in integrating social awareness into service providers’ systems and business processes. Social media creates rich data about users as they plug in information about themselves, their interests and activities, and their friends. It also exposes social insights that can be leveraged to improve user experiences that drive real business value. These social insights can be used by service providers to better identify and understand customer problems, improve offerings based on their actual interests and needs, and identify those who are at risk for switching providers. Insights can be translated into targeted promotions and advertising, by offering each customer suggestions or ads on the service provider’s website based on what they have, and what they need. And this is just the tip of the iceberg. Service providers can use social media to leverage the “wisdom of the crowd”— not only for support and care, but also for customer feedback and innovation. It can become a major channel for communications with customers in a way that humanizes service providers and creates new service experiences that combine content and social awareness.
The Bottom Line
When investigating international privacy principles, it seems to us that the key to socially aware applications lies in user consent. In most cases, if the user has expressed his explicit approval to what the service provider plans to do with his or her data, and if the user has a clear view into what type of data is being collected, then the provider is in the clear. On top of that, users should be offered a simple way to opt-out of the service (and have all their data erased) even after they’ve consented. Adopting this approach will open up a wealth of opportunities to service providers and allow them to tightly integrate social media applications and insights into their business processes.
Important disclaimer: Oded nor I are lawyers – it’s just what we have discovered, as layman, about the legal issues that surround the domain. Therefore, don’t use this or misunderstand it as a legal opinion – get your own, if needed.
Incidentally, as background, I (Tal) am active in a working group of the World Economic Forum concerned with “rethinking personal information” – attempting to create a win-win-win situation for government, business, and individuals, in this new era of personal information. Oded is in charge of our strategy regarding social media solutions.
Now, it’s your turn
Do you think it’s possible to reconcile the geographic differences and find a universally workable (and legal) solution to harnessing personal information?
If so, how?