Insights on The Privacy Mandate

By Caleb Thien and Darryl Goh

On 15 September 2022, Advisory hosted The Privacy Mandate, co-organised with WE Communications — which marked the launch of WE Communications’ report on “The Privacy Mandate: New Normal, New Rules”. Speakers on the panel included:

  • Daryl Ho (Moderator), Managing Director, WE Communications Singapore
  • Ayden Ong, Associate Director, Digital Experience & Technology, WE Communications Singapore 
  • Derrick Chang, CEO, PSB Academy
  • Simon Dale, Managing Director, Southeast Asia & Korea, Adobe 
  • Justin Quek, Deputy President, External, Advisory

Below are some key points shared during the session:

I will be optimistic and say yes. During COVID-19, when we did another study, we found that consumers engaged with brands that built empathy into their communications. This means that if you are trying to personalise the experience, people will engage with you and may convert to becoming customers and brand loyalists. However, not every digital platform is there yet because they do not have the data or the ability to add up all of this information to the right point in time.

On the other hand, over-personalisation in this digital world may result in a lack of diversity of experiences and information. People may become narrow-focused and educated in terms of the way the world works. So, sometimes I have to bring my kids back into the real world from their devices to get those other experiences.

Companies often explain their data policy under the guise of following rules when that is not necessarily the case. After providing consent, consumers may not necessarily be conscious of how their data is being used while trusting the company to do so. Such trust is fragile and can easily be broken if companies are found to be misusing consumers’ data.

The richer the data profile of each individual, the better the personalisation. Although brands may try to build such profiles, the incentives may not exactly line up with that of customers. This depends on the product or service that the company is offering and whether the customer finds it relevant.

For example, the Mandai Wildlife Group has advocated for creating richer customer profiles to attract international visitors. This strategy is not only meant to persuade visitors to buy a ticket but also for the company to customise recommendations for how best to explore the zoo.

Additionally, Spotify has an end-of-year review for each user to summarise what they have listened to for the whole year. Such a strategy is a palatable and transparent method to reveal to consumers that the company has been collecting personal data throughout the year.

Currently, more personalised data is needed to ensure that marketing materials are targeted at the right audience, as consumers are increasingly fatigued by the overwhelming amount of marketing materials received. 

However, when large amounts of data are collected, some data may be deemed sensitive to consumers. As such, organisations need to be transparent about what the data is used for to allay any fears that may arise from its usage. This also helps to avoid unwanted surprises where a breach may reveal that they have collected data that consumers did not consent to reveal.

A positive example of such communication is Advisory’s mentee sign-up process, where there is a diversity and inclusion segment in the questionnaire regarding demographic and family background information. This segment is made optional. It also comes with a reassurance that the data is only meant for understanding the overall demographic of the mentee population, allowing the organisation to strengthen its commitment to diversity.

In recent years, there is certainly good progress on data privacy regulations such as the implementation of the General Data Protection Regulation (GDPR) in Europe and the Personal Data Protection Act (PDPA) in Singapore. Companies have also implemented ways to communicate why users may be served a pop-up advertisement.

Currently, one challenge is creating ease and educating users on how they may stop sharing data after initially consenting to do so. There should be better education on this.

The goal of PR professionals is to represent consumers and other stakeholders that the company is engaged with. They should be advocates for consumers’ data privacy. This can be achieved by understanding the risks of handling data and articulating them to the company’s internal stakeholders so that they can avoid making risky decisions. Additionally, during a data breach, it is always helpful to avoid being defensive. Instead, PR professionals should work closely with the spokesperson to reveal a humble and honest narrative of the events that occurred to reduce backlash from the public. After all, they are custodians of the company’s reputation. 

In the past, marketers did not pay close attention to handling personal data. But, there is now more education about this. So, we are more mindful of data privacy. For every event, even simple ones like giveaways or sweepstakes on social media, there are best practices on what to do and what is in alignment with the social media platform’s policies. If you work with the Singapore Government, there are clear processes in place that make you more conscious of handling personal data. 

Consumers no longer have the excuse of being less informed now that almost anything can be found on the internet. Before being vested in any investment or purchase, consumers must do their due diligence by researching on their own. Consumers cannot be over-reliant on brands to educate themselves. 

At the same time, businesses are pushing the responsibility of data privacy back to the consumer by asking them for consent to share the data. One such way is by making transparent distinctions between pre-log-in and post-log-in data collection. Pre-log-in data collection does not identify the data’s owner, while post-log-in data does. 

There could also be better education on the use of behavioural data, which is often overlooked as one aspect of data that is collected by companies. For example, such data measures how quickly you click on a button, or how long you stay on a page. If such data is used to improve user experience, it is acceptable. However, consumers must be aware of such a process in the first place.

Ultimately, there is a shift of responsibility from just one party to a situation of co-responsibility, where both consumers and brands are responsible for the protection of data. This issue is likely to increase in prominence as we move towards having more decentralised spaces such as web3.

Education on data privacy should not be limited to being taught in technology-related courses. Awareness and understanding of the topic should be raised in every course because data privacy issues are so ubiquitous nowadays.