The internet used to be the wild west. You could buy and sell anything, write anything, collect or say anything. There was little to no regulation, websites were given tremendous leeway, and nobody really worried about data, privacy, or laws related to the web. It seemed a place of free reign, with built-in privacy (and a lot less ads).
Time has shown this to not last.
After the invention of the secure socket layer (SSL) enabling safe online transactions, the ecommerce boom began. Suddenly buying and selling online wasn’t just some niche business—it was the business. Jeff Bezos is occasionally the richest man in the world because of his company Amazon, built entirely on the backbone of ecommerce and a buying and selling platform for billions of customers. It’s very likely you’ve bought from them before. Facebook is a massive social network where millions of companies, buyers, sellers, and customers mingle to share not only money, but their data. Google is based around dynamic search, PageRank, and RankBrain, or tailoring searches to what you’re likely looking for based on your search history and other factors.
All this is to say that our online world is dictated entirely by data and different parties having variable levels of control and ownership over it. Amazon became what it is today by facilitating convenient, safe, fast transactions, all built on an addictive recommendation engine that shows you products likely tailored to your interests. Facebook shows you ads in your feed based on your likes and your personal demographic history. Google became the search engine of choice by owning ads and the ad platform of Google Ads. Netflix has a highly customized and personal recommendation system that wants you to binge their content.
In our modern Web 2.0, the infrastructure of multi-hundred-billion-dollar empires is built on the backbone of personal user data and what it can be used for. Google, Facebook, Amazon, Netflix, Apple, Twitter, and Airbnb rely on knowing all about you. These services are free to use because you’re the product. You are what’s being sold. Or, more precisely, the data you generate on these services.
This likely doesn’t come as a surprise, nor should it. No such thing as a free lunch, after all. We always knew Facebook let us connect with millions of people around the world for the expense of seeing a few ads. We didn’t always question it. We didn’t really care about distinctions between first, second, and third-party data or its accumulation and use. We didn’t have anything to hide—why would we care?
We’ve since learned that we don’t like being products. We value privacy; we want our digital rights, and we want to know we’re safe online and not being taken advantage of based on highly personal traits. If you were to read something like The Age of Surveillance Capitalism or Who Owns the Future?, you’d see arguments about online behavioral modification, societal change, and aggressive consumerism built on the information we gave away for free without realizing we owned in the first place. It feels invasive. It feels both highly impersonal and too personal at the same time. For many of us, it feels wrong.
Let’s break it down a little more:
- First-party data is data you collect directly from customers
- Second-party data is, more or less, first party data you get from someone else
- Third-party data is data you buy from outside vendors who also did not originally collect the data
All three are important, but the two most highly prized and discussed are first and third-party data. Industries have been built on both. Some examples of collected first party data include:
- Data you collect from a CRM
- Social data
- Subscription data
- Email data
- Any data collected from your website or app based on user behavior or interests
First-party data is incredibly valuable. It stands out because of its high quality. This is data you collect directly from customers or users based on their personal feedback. It’s relevant to your business, and since it came from your customers directly to you, it’s clean and untampered with. You don’t have to worry that it’s fallen into someone else’s hands or been sold and replicated and devalued willy-nilly. Most importantly, it represents a snapshot of your current customer base and their interests.
From this data, you can not only analyze and predict behavior but possibly tailor content, products, and styles to your customer base. You can see if they click on ads, and if so which type and style. You can see if they prefer blogs or outside news stories collected in an RSS feed; you can determine if emails would be more successful for customer retention in the long run or if your particular audience doesn’t need such efforts. You can save money by knowing these answers.
If you’re interested in selling ad space on your site, or in increasing page views to monetize them, first-party audience data insights are an SEO goldmine. They’ve told you what works, what they want to see more of, and how much bigger you might potentially be able to branch out with your template or style. They’ll give you a window into which ads would work, and which wouldn’t. The data gives you a blueprint and a roadmap.
First-party data, being so unique and valuable, is thus a commodity. It can be bought and sold for numerous purposes. First-party data can be sold in a package of other data and then sold again or given to data aggregators, who sell it along with data from other platforms. This data accumulation can be sold to marketers, advertisers, researchers, or many others who’ll use it for various purposes, the most common of which is broken down audience segmentation for selling ads. This segmented audience data can then be sliced up and used in programmatic advertising, which is a massive online industry.
You might be seeing a possible concern with this process. For example, why would a platform be allowed to sell your data, but you aren’t? For that matter, why are they allowed to buy it at all? What are they using it for? And is that data being used for a good purpose, or is it just for outside companies and vendors to make obscene profit off the collected private data of millions of people? And is it ethical for these same companies to use this massive accumulation of data sets to try and modify our behavior to sell us more things and make them even greater profit?
You wouldn’t be alone in this concern. In the last few years, data privacy and its regulation has come front and center. Google has received much criticism for its use of data collection and the broad, largely unregulated nature of its data hoarding. Facebook has taken extraordinary criticism after the 2016 US election for its use of private data sold or lent to third parties for the purposes of influencing elections. Amazon has been known to record data through its home devices like Alexa; Apple has been the subject of numerous complaints for its plans to monitor and regulate private pictures and data on its devices and cloud storage service. TikTok has been the subject of ferocious criticism for its data accumulation by its Chinese parent company.
Tech companies and their empires of data accumulation face little to no regulation in the United States compared to Europe, where they are subject to the stringent GDPR. They’re regularly fined for infractions in various countries based on this sweeping law, though they fight it tooth and nail in court. Europe has been pushing for a proposed Digital Bill of Rights, clearing up the murkiness around what tech companies are allowed to collect, what they’re allowed to use, and how they’re allowed to use it. California, in 2020, passed the California Consumer Privacy Rights Act (CPRA), a law dedicated to monitoring, regulating, and preventing companies from misusing customer data. It’s set to take effect in 2023.
Numerous other states ranging from Colorado to Virginia, Texas to Florida have discussed and implemented different laws related to tech, data, and the platforms themselves. Both Texas and Florida have recently passed laws forbidding the de-platforming of individuals from social media services based on political beliefs, although many of these laws have had subsequent trouble in court. Other countries like Brazil have also attempted such laws.
Last week, Facebook, and by extension its owned subsidiary Instagram, had to put their plan for a new Instagram platform for younger children on hold based on consumer and lawmaker feedback. Parents are much warier about letting their children exist online if that data is going to be collected and used for purposes unknown. We didn’t think about these sort of data issues in 2010—but we do now, and we want more control over our resources that have proven so valuable for billion-dollar companies.
Various new systems and ideas have been proposed to mitigate or regulate the infractions of data privacy. DuckDuckGo is a search engine based around searcher privacy. They don’t collect first-party data. The Brave browser has been experimented with to replace other internet browsers, like Chrome, that are considered blatant data harvesters. Brave also utilizes a different ad sale system called Basic Attention Tokens (BAT), a new paradigm to our current programmatic advertising based on massive collected third-party data sets. Social networks like Mastodon, based on decentralized servers or the Fediverse, are a personal privacy invasion-free alternative to Facebook or Twitter. Open standards and interoperability between social platforms are usually mentioned in a Digital Bill of Rights, along with the right to inspect algorithms to see what they’re designed for.
Now more than ever, users and companies are aware of what is collected via cookies and what they’re seeing online. They’re wanting more transparency in the process and seeing more evidence that what’s being collected is being used for ethical purposes. Companies today often advertise that they don’t collect data, or they let you sign off on it beforehand to build trust for consumers. They simplify labyrinthine user agreements into basic tenets that anyone can understand and consent to. Users want the rules of the game to be more equitable, and companies and lawmakers are starting to agree with such oversight.
If you’re a marketer or a collector of first-party data, you’re probably wondering what the right thing to do is. You’re far from alone. The rules are changing all the time. What is known is that if you collect any user data of any kind, you have an obligation to control, secure, and use it correctly. It’s important to pay attention to the laws and the changing online regulatory landscape. Think not only about profit, but about user experience. Put yourself in the shoes of your customer: would you want this information about you stored and reused? Would you feel safe being asked it? Would you wonder what it’s being used for? Can you make a profit without collecting such private data?
Design online experiences with safety and privacy in mind. Evolve with the internet and current best practices. A good user experience is rapidly becoming one based on peace of mind and total transparency. Inform your users and have them consent to your strategies and services. Remember that customers are people and deserve to be treated as more than sellable data points. Customers will reward your trust with trust themselves. Data will become cleaner, and your business will thrive based on your good reputation. A great brand is always worth more than just numbers.