For years, enterprises have abused user privacy for the sake of bottom lines. The exploitation of user data has become so evident and extreme that countries and regulatory agencies have intervened. We’ve seen the EU’s GDPR, Brazil’s LGPD, California’s CCPA, and New York’s SHIELD Act. Moreover, additional regulations are likely on the way.
Because of recent government-mandated regulations and increased public awareness, companies have resorted to more nuanced, surreptitious methods of acquiring customer data. In some cases, surveillance companies place trackers on company websites to acquire the company’s user data—all without permission from the users.
In addition to the use of tracking codes from third parties, some enterprises have opted to collect customer data via social media share buttons. In essence, these share buttons function like digital Trojan horses. Zoho Chief Evangelist Raju Vegesna calls all these types of data collection “adjunct surveillance.”
Time and again we’ve seen this surreptitious capturing of user data via social share buttons and through cookies embedded on company websites. That said, Vegesna’s term has become a catch-all for any surveillance of user behavior on adjunct properties without the user’s permission.
Companies don't always have to tell consumers when they are collecting their data, how they use it, or to whom they are selling it. That doesn’t mean they should operate this way. There's a difference between behavior that’s legally acceptable and behavior that’s morally acceptable. One might make significantly more money by engaging in adjunct surveillance, however, it's morally objectionable. Here are five best practices for collecting user data in a fair and morally acceptable way:
- Free software should stay free.
While many social media and software companies market their products as free, in reality, the revenue often comes from the collection of user data. Ideally, all trials and free products should not have ads. Whenever a business includes third-party advertisements within its free software, those third parties are likely tracking that company’s users. To protect their own customers, companies should not allow this type of activity. Instead, companies should use free trials and freemium versions of software for the sole purpose of attracting customers and showcasing the promise of a particular technology.
- Acknowledge any and all user data collection.
If companies do collect user data and sell it to third parties, they should do so in a transparent way. In the wake of recent legislation, particularly nefarious companies may bury the legally-mandated data collection warnings in small print and legalese. Companies should not do this. All user data collection practices—especially the collection of users’ personal information, why the business collects it, and with whom you intend to share it—must get addressed transparently.
- Remove all third-party embed codes on websites.
Publicly-traded companies are often beholden to shareholders and outside investors, which can make it difficult to make the morally-correct choice. However, doing so will pay dividends in the long run.
It's likely that companies will slow down their adjunct surveillance practices over the next few years as government intervention, public awareness, and moral reckoning takes hold. It’s our hope that fewer and fewer companies will let third- parties embed tracking codes on their sites. Visit builtwith.com to see how many trackers any given company allows on its sites.
- Anonymize and delete user data as soon as they are no longer a customer.
As a quick caveat, it’s OK to track user data as long as the company does so to offer a better service, but never let that data pass on to third parties. Also, as soon as a given user no longer uses the company’s product, anonymize, isolate, and delete that user's data.
- Invest in internal hosting capabilities and in-house AI.
Consider storing user data in privately-owned data centers and engaging in internal AI initiatives. Because of an influx of data privacy laws and an increase in public awareness, we’re likely to see more business leaders speaking out about adjunct surveillance. That said, users can play an influential role by avoiding any company that obfuscates its data privacy policies. If users don’t know what’s happening with their data while they use a given software or service, they may switch service providers. Now more than ever, users are becoming aware of adjunct surveillance and the illusion of privacy.
Put simply, companies need to take user privacy seriously. By not engaging in such morally-questionable practices, companies can retain their users while also sleeping well at night.
John Donegan, enterprise analyst, ManageEngine