Unearth the power of declared data
Insights That Work
Brand & Retailer tickets for all IIeX events now start at just $99! Get or give one today!

Why Data Privacy Regulations Will Never Take Hold


We just wrapped the Market Research Data Privacy Debate, and it went really well. Thanks to a great panel and wonderful involvement by the attendees I think we made a great start in moving towards finding a path that makes sense for market research in the age of social media research.

I am certain that others will post recaps shortly, and I’ll probably circle back around with one myself when the recording becomes available. For now, my goal is to put in my two cents on the whole issue. I hosted the event but left the debate to others eminently qualified to discuss the issues involved.  However, I do have a point of view on the topic and I thought I’d put forth my reasoning on why I think the MR trade orgs have it wrong in their suggested guidelines governing the use of social media data in market research.

To be fair, the trade organizations seem to be trying to accomplish 2 things:

  1. Preemptively position market research as exempt from data privacy laws that might be implemented by government regulators.
  2. Uphold a consistent standard of traditional ethical guidelines that have been core differentiators of market research from marketing.

I appreciate the effort; it’s what our trade associations are supposed to do, but in this case I think they are misguided.

First, social media data is now an integral part of the global e-commerce structure. Facebook “likes” inform the search results of Bing and are being integrated into virtually every aspect of sales and marketing today. Social integration drives marketing efforts for just about every company around. Twitter has emerged as a major communication channel and measuring social influence via it and other channels is redefining the principles of brand marketing, political advocacy, social structures, and consumer purchasing (to name just a few examples). The era of “Big Data” is upon us and that is a genie that no government will be able to be put back into it’s bottle; the massive investments within both the private and public sector will only accelerate the need to aggregate and analyze correlational data sets to support the demands of the  global economic engine. Ray Poynter delves more into this topic on a post he did for the Smart Enterprise Exchange this week. Here is a salient point:

Big Data refers to the confluence of multiple rivers of data, including CRM; network analysis; social media; tracking research; behavioural targeting (for example, advertising company WPP Group’s plan to profile 600 million people in its Xaxis database); public data; and the harvesting of information from social activities such as geo-location platforms like foursquare and social shopping sites such as Groupon and Gilt Groupe.

For retail businesses, the initial deliverable from Big Data — and its relative, business intelligence — is granular knowledge about who is doing what and using that information to improve marketing offers and customer service. Often  quoted examples include: U.K. retailer Tesco and its customer loyalty card operation;, and its book recommendations; and Bharti Airtel, the Indian telco that has used network analysis on its more than 3 billion calls a day to reduce churn.

Second, Big Data is inherently borderless, which is another key consideration. The reality is that in the world of global commerce and social networking, data is global in nature to a large extent and any regulations passed by individual nations (or even collectives like the EU) will be unenforceable. There may come a day when universal standards may be implemented (although I doubt it seriously), but until then it’s simply foolish to assume that a law passed in the UK will have any bearing on what I do as a researcher in the U.S..

Lastly. in the U.S. (and I bet everywhere else) governments are investing in developing new social media tools themselves, not restricting them. Here is an recent article from the New York Times on a DARPA initiave to fund the development of new social media tools to monitor and manage social media activity from a national security perspective. The main take-away for me was:

As social media play increasingly large roles in fomenting unrest in countries like Egypt and Iran, the military wants systems to be able to detect and track the spread of ideas both quickly and on a broad scale. The Defense Advanced Research Projects Agency is soliciting innovative proposals to help build what would be, at its most basic level, an Internet meme tracker.

It would be useful to know, for instance, whether signs of widespread rebellion were authentic or whether they were being created by a fringe group with little real support. Among the tools the successful seeker of government funding might choose to employ: linguistic cues, patterns of information flow, topic trend analysis, sentiment detection and opinion mining.

Sound familiar? The United States want to utilize social channels the same way enterprise clients do; to understand the drivers of opinion and behaviors, to help shape them via engagement models, and to predict outcomes of various scenarios via advanced predictive analytics. How is that fundamentally different than market research? One key aspect of our job is to understand drivers of behavior and provide guidance so clients can capitalize on opportunities for growth. Social media is simply another channel of information to make that happen. What is unique about it is that it is already woven into the fabric of our global culture, and the nature of the open internet means that it is inherently ungovernable.  Legislative bodies may give lip service to privacy hawks, but no westernized government will cut itself, or the companies that drive tax revenue for them, off from this information; it would be economic and cultural suicide.

If my suppositions are true (and I believe they are), then we can do away with the reactionary “we’re protecting the industry!” aspects of what the trade orgs are proposing. I do believe they think there is a clear and present danger that regulations may be coming down the pike that will impact market research negatively and they are trying to head it off at the pass, but the chances of something truly restrictive like that occurring are slim due to basic economic self-interest and the nature of the social web itself.

That leaves us with the ethical considerations, and Reg Baker does a good job (as did Annie Pettit here and Ray Poynter here) in outlining what I think is a reasonable perspective:

I confess that I am not particularly persuaded by arguments that focus on the potential financial rewards (or punishments) that might flow from one ethical stand versus another. Ethics are the province of principles and in research I think there are at least two that are timeless:

  1. Do no harm, that is, participants should suffer no consequences for having been research subjects.
  2. Do not sell, that is, remember that our job is to help clients understand their marketplace not to deliver prospects.

At least in the abstract I don’t see how either of these necessarily conflicts with our ability to do good insightful observational research via social media. We should be able to define ethical practices for almost any kind of research and still be true to these principles. On the specifics of the current controversy, I think the MRS probably has gone too far in proposing that informed consent be required under any and all circumstances.  There are valid exceptions that many have pointed out. I am less sure about CASRO’s and ESOMAR’s masking requirements, especially where sound bites are concerned since masking them can easily dilute their meaning and research value. That’s a discussion worth having. Other forms of PII (names, pictures, etc.) are in my mind more clear cut.

Indeed, like Reg I think it comes down to “do no harm”, and those ethical guidelines from the trade orgs are something I can get behind. Anything else is likely to be a bridge too far and have negative consequences from a competitive and evolutionary standpoint.

So, ultimately this is a tempest in a teapot, although one that could wreak a lot of damage if we don’t recognize it for what it is. In this scenario, the real enemy is ourselves; by trying to prove our virtue by tying our hands behind our back, all we’ll be doing is positioning the market research industry of tomorrow for failure. I think it’s best if we forget all of these concerns regarding what is and isn’t research and what this country or that may do and instead honor the basic ethical principles of our industry (with some modifications) and move forward with all of the tools at our disposal to compete aggressively in a complex and changing global marketplace.

If you’d like a summary of the some of the other activity on the blogosphere on this topic, Brian Tarran at has a great one here. Jeffrey Henning also has a great wrap up based on Twitter activity here.

Please share...

5 responses to “Why Data Privacy Regulations Will Never Take Hold

  1. Hi Leonard,

    i’m going to continue to play devil’s advocate. Big Data has been developing for a long time – back to credit scoring and credit card fraud checking, and includes Dunn Hunby at Tesco and the development of direct marketing test and experiment practices and then into full-scale web-analytics and automated website optimisation techniques. Big scale database analytical skills have been honed by an industry (actually industries) that are a long way from survey research. For current survey researchers to compete we’ll have to see a big step up in terms of survey researchers’ technical skills (databases and data-collection design, bayesian statistics, web-development/optimisation options). How many survey researchers are thinking in terms of things like Hadoop or Hbase and other big data databases and systems, or dynamic website design? The same sorts of issues cropped up when CRM and telemarketing emerged but survey research agencies didn’t morph into CRM providers.

    The second point is where is the individual in the debate? It’s all very well saying corporations can do these things, but another to say there are no lines. ‘Do no harm’ depends on where the individual sees harm. Individuals are currently pretty green about what can and is being done but among those ‘in-the-know’ in the technical industries you see indviduals taking steps to protect and obfusticate their identities eg via adblock, noscript, and running multiple identities. It was this group that largely led to the demise of Phorm on privacy grounds. Obviously Facebook shows people currently generally don’t really care about privacy. But when two people each get four years jail for a Facebook post, perhaps people become more aware of these things. We also see the emergence of Anonymous as a semi-political movement.

    And obviously data crosses borders (even though EU rules try to prevent this) but the cross-border nature of the data works both ways. It also brings legal risks to corporations – you can’t just steamroller the local legislation. Responsible organisation would have to modify their approach for every country they work in or risk lots of local lawsuits and privacy laws are not going to be watered down in Europe any time soon.

    “We can so we should” could be an argument but doesn’t seem very ethical. Telemarketing got it’s wings clipped with the ‘do not call’ lists. Spam got the CANSPAM act. Privacy is going to become a legal minefield, even in the US, as more ‘Personally Indentifiable information’ (PII) is mined.


    1. Hi Saul,

      Great points. I think the difference between now and then is that the walls have become blurry. EFM blurs the lines between CRM and MR, Social Media blurs those between research and web analytics, mobile blurs everything, etc.. is making a presentation at SXSW on Market Research using their integrated CRM/Social Media platform. WPP, Nielsen, Ipsos, Synovate, IRI, NPD, Omnicom, IBM/SPSS, Google, Facebook, Twitter, and hundreds of other companies are all investing serious effort in making a big data play that converges multiple data channels, including what we think of as market research, to provide advanced business intelligence that is far superior to anything a stand alone MR firm could offer. That shift is already occurring and the smart money is on that play, not traditional MR.

      As to the individual issue, I am a big believer that privacy is only a concern to an increasingly small percentage of the population. Consumers have proven that if they receive value from their openness they will continue to provide it. The very existence of Social Media and mobile apps by themselves bear that out. I believe this debate is best left to the consumer and the portal provider via the TOS; it is a private business transaction between them, not us.

      I understand that international law could be a significant issue here, but I still maintain that the U.S. and Asia will lead the world on this and the EU will have to loosen up in order to compete economically and socially. These laws are not progressive; they are repressive and it will cost them where it counts; tax revenues.

      The issues with telemarketing and spam were different; those were unsolicited contacts by businesses to consumers using the consumers own resources (telephone or internet connection). Social media is NOT; it is an opt-in process that takes place on the web portal provider’s technology platform and consumers have consented to giving that information. Interstate commerce laws don’t apply, nor do FTC regs unless they can make the argument that they own all means of access to the web, which is patently false. There simply is no basis for legislative action on this that I can see.

      Let’s keep up the great debate my friend!

Join the conversation