MPPA style rating system for privacy

You probably know privacy is a thing of the past, that is unless you spend a lot of time digging for freshwater clams in marshlands of Loon Lake. Mark Zuckerberg said it years ago, but he thought it was a good thing. In the wake of the Equifax breach and Cambridge Analytica, the end of privacy is no longer scary. It’s neutral. We’ve reached a “Now What?” moment.

Is It the Algorithm or the Microphone?

We can all agree paranoia is bad for business, and there’s plenty to go around these days whether you’re on the marketing side of things, the breach side, or the consumer side.

With no expectation of privacy, we’ve become a little numb to the parade of stories–both reported by the media and anecdotal–of connected devices eavesdropping on us–serving ads for things mentioned in casual conversation. But we’re all online every day, and in the process leave a trail of cookie crumbs for marketers to find us. There’s no need for a hidden mic.

While many enjoy the convenience that facial recognition provides in retail micro-targeting products and services, others hate it. We’ve heard the cringe-worthy news about health apps sharing some of the more intimate details of our sex lives with Facebook, Google, and other third parties.

Some of us shrug it off. The convenience made possible by the forfeiture of privacy is worth it to them. For others, it is an unacceptable situation. This is unfortunate, because it’s not a situation. It’s new norm, and none of it inspires a feeling of security.

A worried customer or client is a hesitant customer or client. So, how do you ease that tension? I would argue that, ironically, you can do this by creating a high information environment, where everyone can make informed decisions about how they want to interact with businesses and services.

Moving Right Along…

The need to protect privacy no longer needs an introduction. There’s plenty of legislation. New privacy laws in New York and Nevada law will go into effect October, with California’s CCPA in January 2020. Maine and Vermont already have enacted stronger laws to that effect, and many states are expected to follow.

There’s a big “but” here. Without the right solutions provider navigating privacy law can be prohibitively expensive for small to medium-sized companies. Add to that the possibility of compliance costs in a marketplace with many different laws, and we have a potential company killer on our hands. Google may be able to weather a $170 million fine for non-compliance without flinching; most of us can’t.

A Modest Proposal

Once upon a time, Hollywood was faced with a similar situation. In the beginning, there was no ratings system and it was a problem. There were many family-friendly films and then there were those that would make Mae West blush, but there was no way for the audience to know which was which. The result was an opportunity cost. Some people avoided the movies because they were perceived as scandalous.

Enter the Motion Picture Producers and Distributors of America (MPPDA and later MPAA), which set guidelines later formalized as the movie rating system still used today. It’s not a perfect system, but the benefits outweigh its flaws. First of all, it’s voluntary. The MPAA created an opt-in industry standard, avoiding the need for legislation. The gaming industry also rates product.

Most importantly, it was end-user friendly. You don’t need to know anything about Rambo: Last Blood or Abominable to decide which is better for kids; one is Rated R and one is Rated G. A similar system might work for websites and apps.

Here’s a sketch of what that might look like:

P–Protected User: Data is either not collected or it is protected and in compliance with online standards such as the GDPR, CCPA, SHIELD, HIPAA, COPA or PIPEDA.

ND–Not Distributed: Personally identifying information is collected to personalize an experience (location, ad preferences, etc.) but it is not shared with third parties.

A–Anonymized: Non-identifying usage data is collected and shared with third parties. (Forget for the moment that there’s no such thing as anonymized data that can’t potentially be re-identified in today’s deep data environment).

S–Shared: User data is collected, shared, and/or sold to third parties. (Think: Naked in a glass house.)

If a collection of privacy and data use experts could get together on the creation of this rating system, privacy policies would no longer be so perilous.

Would it work? Online privacy is getting more complex with every new whizbang, regulation, law, court case, breach, compromise, and scandal. Any workable solution needs to counter that with a general approach that can be applied globally.

If this isn’t it, it’s time to figure out what is.