Digital Consent Managers: Just what the data ordered

UK Digital Consent Managers Digi.me and Consentric offer businesses the tools to restore consumer confidence and a whole lot more. For customers, they are a vital wallet for a digital age. For businesses, they unfreeze a potential data winter

How many people would you trust with the keys to your house? Outside of family members and the family next door, not many. So how did we as digital consumers, and particularly digital natives, become so lax with who we shared our data with?

Partly on the promise of slick, personalised products and services. If having our locations tracked meant we accessed attractive, unexpected online discounts, we were happy to give it up however much it collided with our deep-felt beliefs.

In 2001, HP employee Barry Brown coined the term ‘privacy paradox’ to describe this phenomenon: how despite expressing concerns with privacy, customers seem perfectly happy for services to track their behaviour. In other words, we provide data because it is the price of using internet services – a deal others refer to as ‘the unconscionable contract’ of the 21st century.

But fast forward to 2018 and consumers are now aligning their habits with their hearts, empowered by regulations such as GDPR and disturbed by scandals like Cambridge Analytica. Recent research by Marketo revealed that 72% of consumers are now ‘unwilling’ to share their data.

Careful consumers building moats around their data present a problem for consumer engagement strategies that rely on good customer relationships. The less data fed in the less value comes out. Siloing harms not only the business but the consumer as well, who miss out on bespoke customer journeys and experiences.  

As an ICO report put it this year, we shouldn’t phrase the problem as a choice between privacy or data. Solutions need to be developed that get the best of both. This calls for creative solutions to rebuild trust around personal data and help the firms who leverage it for the right reasons. According to Boston Consulting, companies establishing this trust can increase the amount of data they can access almost ten times over, ‘meaningfully shifting market share and accelerating innovation’.

The exponential growth in customer data is set to shift yet another gear with the adoption of IoT, sharpening the imperative for businesses to soak it all up. Thankfully, ‘digital consent managers’ offer businesses the tools to restore consumer confidence (and a whole lot more).

Age of consent

A digital consent manager (DCM) is a transparent intermediary standing between parties who seek to use data and the customer it belongs to.  They aim to empower users through centralised control of their attributes (properties of a person provided by reliable sources like utility providers or credit unions). Having these verified attributes in one place can also shorten process times for regulations like KYC, cutting business costs and speeding up the consumer journey in equal measure.

A DCM indexes customer data from attribute providers (e.g. addresses from banks, numbers from mobile phone operators) and sorts and displays it in one stack. Armed with these insights, customers can then pick and choose which parties have access to their data – also known as content sharing.

Businesses may rightly be concerned, however, that a consumer equipped with these powers, and a vantage point from where they can see how data is being used, will become even more untrusting of reliant parties and simply opt to withhold more attributes and deny consent.

Simon Crossley heads engineering for UK-based DCM Consentric, whose SaaS consent platform launched to market in late 2017. Rather than drive down trust, Crossley predicts that ‘trust will accumulate with organisations that are more transparent’.

“Initially customers may be reticent to share data, but progressively managing trust as the customer becomes more comfortable results in opportunities to offer mutually beneficial services,” he adds.

Another UK-based DCM, Digi.me, released its first batch of consent apps in August. The apps allow users to gather and collate their own personal information before sharing it. Digi.me CTO Gavin Ray, says this ‘user-centric’ approach increases rather than reduces trust, and he agrees that transparency is now non-negotiable in a post-GDPR world.

“Obviously, the consumer-business relationship is constantly tested by a feedback loop based on how users judge a company’s actions against what they say they do. Companies that prove they are trustworthy and who act in ways that prove it will be rewarded with better customer relationships,” he says.

“Legislation such as GDPR is helping force businesses to be more open, but ultimately it is becoming clear that, whatever industry you work in, being transparent about collecting and using personal data is a business necessity. The new regulatory requirements simply emphasise this,” he adds.

Some DCMs complement content sharing with attribute management and storage. Attribute management provides customers with a little extra autonomy, enabling them to create, read, update, and delete attributes. If a DCM provider stores attribute themselves, it moves the data to its own secure data locker, making it essential that apt security provisions are in place.

Digi.me avoids this problem by allowing users to gather and collate their own personal information on the app itself – which essentially acts as a router between a user’s other apps and their data. As a result, Digi.me never see, hold, or touch any of the data themselves.

But even if DCMs do not hold user data, they must build trust in their own application’s security for their services to be widely adopted. DCM providers, like all other businesses post-GDPR, need to be fully transparent. To meet transparency demands, both Digi.me and Consentric publish regular explanations about the how their systems work in easy to understand guides, and have active blogs explaining related topics.

“Security via secrecy never seems to work,” adds Ray.

Providing a smooth user experience is another issue DCMs have to nail to increase their adoption. If users have to outline consent at every touchpoint, is there is not a risk that DCMs become laborious to manage for the end user; forcing them to review endless T&Cs? Let’s face it, no one wants to have to digest more of those legal volumes.

Crossley admits that Consentric is well aware of user reluctance to scroll through tomes of T&Cs, which is why it progressively manages consent within a ‘broader framework of a well-structured privacy notice’. Crossley says this gradual iteration allows interactions to focus on benefits rather legal tick boxes. Its an element DCMs have to get right, but an iterated approach to consent makes intuitive sense for easing the burden.

Just what the data ordered

Digi.me, and Consentric offer businesses the tools to restore consumer confidence and a whole lot more. Just as homeowners know the whereabouts of all cuts of their door keys, DCMs put sensitive data back in the hands of users. For customers, they are a vital wallet for a digital age. For businesses, they unfreeze a potential data winter.

For more information: consentric.io &  digi.me.