Privacy as a Competitive Advantage

During November, voters in California approved Proposition 24, a new law establishing further rules regarding how businesses gather data. As a component of the California Privacy Rights Act (CPRA), individuals are now granted the ability to prevent the sharing and selling of their personal data, and organizations are obligated to limit data collection to a “reasonable” extent to safeguard user confidentiality.

For organizations such as Apple, Facebook, Uber, and Google – all of which maintain their headquarters in California – these updated stipulations could appear as constraints on their current data-gathering practices.

However, a closer examination reveals a more complex situation: Businesses can set themselves apart from rivals and enhance profitability by not simply adhering to these new regulations, but by surpassing them, utilizing emerging technologies that empower consumers with control over their own data.

Consider Apple, currently the most highly valued technology company globally. While Google and Facebook – two of Apple’s primary competitors – faced criticism for utilizing customer data inappropriately, Chief Executive Officer Tim Cook recognized a chance to position privacy as a key differentiator.

The technology leader introduced a range of new features designed to maximize privacy, notably the Sign In With Apple function, which enables users to access applications securely without disclosing their personal details to the app developers. More recently, the company revised its privacy webpage to more clearly demonstrate how privacy considerations are integrated into the design of its core applications.

This increased emphasis on privacy also became a focal point in the company’s promotional efforts, with “Privacy Matters” serving as the core theme for its television commercials during peak viewing times and on more than 10,000 billboards worldwide.

Furthermore, the company occasionally directed pointed remarks toward its competitors who rely heavily on data collection:

“The reality is, we could generate substantial revenue if we treated our customers as the product,” Cook stated in an interview with MSNBC. “We have chosen not to pursue that approach.”

Apple’s dedication to privacy not only prepares them to meet the requirements of the new CPRA regulations. It also conveys a powerful message to an industry that has benefited from customer data, and an equally strong message to consumers: the time for respecting personal data is now.

The increasing importance of privacy

The heightened focus on protecting consumer data stems from a necessity to respond to escalating public anxieties, which have been frequently reported in the news lately. High-profile incidents like the Cambridge Analytica data privacy controversy, in addition to significant security breaches experienced by organizations such as Equifax, have caused individuals to question who they can rely on and how they can safeguard their information. Supporting data clearly demonstrates that individuals expect more from both businesses and governmental bodies:

Merely 52% of consumers express confidence in businesses, and globally, only 41% place their trust in their governments (Edelman).
A substantial 85% of consumers believe companies should be more proactive in protecting their data (IBM).
A majority, 61% of consumers, report that their concerns regarding the potential compromise of their personal data have grown over the past two years (Salesforce).

Predicting the precise economic consequences of this decline in trust is difficult, but we have already observed notable consumer actions, such as the #DeleteFacebook campaign, and a remarkable 75% of consumers stating they will refrain from making purchases from companies they do not trust with their data.

This issue extends beyond just major technology companies. From customer loyalty schemes and stock management to the development of smart cities and political campaigning, the extensive use of data to refine operations and influence behavior is pervasive and impactful.

As we enter a new decade characterized by data-driven approaches, we are beginning to understand the drawbacks of this intense competition for data: Consumers have diminished faith in both the private and governmental spheres.

Steps taken by the private sector, such as Apple’s increased dedication to privacy, coupled with legislative measures like the CPRA, offer the opportunity to not only restore consumer confidence but to exceed basic standards. Utilizing emerging technologies like self-sovereign identity, organizations can revolutionize their data privacy practices, while simultaneously lowering expenses, minimizing fraudulent activity, and enhancing customer satisfaction.

The Advantages of SSI

Self-sovereign identity (SSI) utilizes a streamlined layer of distributed ledger technology, combined with sophisticated cryptographic techniques, to empower organizations to validate customer identities while safeguarding personal privacy.

Essentially, SSI provides individuals with greater authority over their personal data. It enables them to digitally store and manage verified information – in the form of verifiable credentials – issued and digitally signed by trustworthy entities (such as governmental bodies, financial institutions, or universities). These credentials are designed to be immutable, preventing any alteration, exaggeration, or manipulation. Individuals can then selectively share this information with chosen parties, at their discretion, as proof of specific attributes.

While the concept of sharing digital records online isn’t novel, SSI introduces a significant advancement in two key areas:

Organizations can obtain the necessary data without excessive collection. Unlike traditional physical credentials like driver’s licenses and insurance cards, a digital verifiable credential can be broken down into individual, shareable attributes.

Consider the common scenario of presenting a driver’s license to a bouncer to confirm legal drinking age. The card reveals the required information, but also includes details irrelevant to the bar, such as your name and address. Verifiable credentials allow for the sharing of age verification without disclosing any other personal information.

In particularly sensitive situations, SSI even allows for cryptographic proof of a characteristic without revealing the underlying data itself. For instance, one could confirm being of legal age with a simple yes/no response, without disclosing their date of birth.

This data minimization offers a substantial privacy improvement for individuals. Simultaneously, it allows organizations to avoid the substantial risks and responsibilities associated with storing and securing unnecessary personally identifiable information.

Establishing connections between data points becomes considerably more difficult. Despite claims that complete privacy is unattainable, SSI offers protection against many of the concerns associated with other digital identity solutions.

For example, tools offering data portability, like single sign-on, often raise concerns about a central entity tracking online activity. The relevance of Facebook advertisements stems from their knowledge of every website and application accessed using a Facebook profile.

SSI eliminates this central intermediary. Those verifying an identity can cryptographically confirm its authenticity, without needing to consult the original issuer. The issuer remains unaware of when, where, or to whom a credential is presented. No identifiable signatures are shared, ensuring your digital identity remains under your control and private.

Consequently, consumers experience enhanced privacy and security, while businesses realize the following benefits:

Decreased instances of fraud, through improved and more precise data verification during account creation.
Streamlined processes, with a significantly faster registration experience.
Reduced expenses, stemming from time savings and more efficient Know Your Customer (KYC) compliance – which currently costs major banks over $500 million annually.
Increased operational efficiency, with less need for manual verification of third-party data.
Enhanced customer experiences, enabling personalized, omnichannel interactions without intrusive data collection.

This technology is not merely theoretical. Numerous governments, businesses, and non-governmental organizations have already implemented self-sovereign solutions. These include financial institutions such as UNIFY, Desert Financial, and TruWest, healthcare providers like Providence Health and the NHS, and major companies in the telecom and travel sectors like LG and the International Air Transport Association.

The timeline for widespread adoption remains uncertain, but it’s evident that privacy is rapidly becoming a key area of competition. Recent regulations like CPRA establish the necessary steps for companies, but evolving consumer expectations will ultimately drive lasting changes within organizations.

Businesses that proactively embrace this shift will gain significant cost advantages and opportunities for growth, particularly as customers increasingly prioritize those companies that respect and protect their privacy. Those who lag behind will face significant challenges as consumers demand greater control over their personal data.