Consumer privacy is driving a lot of conversation around enterprise data policies today. New regulations such as the European Union's year-old GDPR (General Data Protection Regulation) and California's Consumer Privacy Act, which goes into effect in January 2020, come after a series of embarrassing breaches of consumer trust by Facebook, Cambridge Analytica, and others.
In an age when "data is the new oil," fueling innovation and growth, enterprises face all kinds of new challenges when it comes to handling consumer data. Should they follow the regulations from the strictest jurisdiction where they do business, or should they run multiple parallel programs? How do they handle a breach? What must be disclosed in their terms of service?
Beyond the regulations, there's the matter of consumer trust. Brands that are seeking customer loyalty may want to evaluate what they are doing to be worthy of that trust.
Experts and industry leaders have recommended greater transparency when it comes to the collection and use of customer data. After all, industry leaders are consumers, too. On one hand they may be charged with harvesting and leveraging consumer data. On the other hand, they may be less comfortable with having their own private data collected. (Read our story from data experts about how they personally protect their data privacy online.)
Still, the fact that some consumers seem to be acting to protect their privacy may mark a shift from the days where everyone blindly accepted multi-page terms of service from technology companies. Plus, consumers are being equipped with more tools. In 2017 the Electronic Frontier Foundation reported that it's Privacy Badger web browser extension that thwarts consumer tracking had surpassed one million users.
"We are reading all the fine print," he told InformationWeek in an interview. All those privacy policies are then scored by a team of 24 attorneys specializing in privacy law, based on 150 standardized questions about how the companies handle data. For instance, do they make their privacy policies available on their web page? Do they collect data from minors? If so, what parental consent mechanisms are in place?
The Privacy Monitor browser extension is available on a range of platforms including Chrome, Firefox, Android, and IoS. When you visit a web site, you can click on the icon and get the site's score.
The back-end of the system relies on an open source graph database (neo4j) that also enables Osano to track the interconnection of companies and how consumer data can be shared among trading partners, Gilbert said. For instance, GitHub is instantly sharing user data with 16 third-party vendors, and each of those vendors is then sharing that data with their partners. (Still, GitHub gets a "Good" score from the Privacy Monitor plug in, as does its parent company, Microsoft.)
Companies that get a "Very Poor" score from Privacy Monitor include Amazon.com and Facebook.
In conjunction with its launch this month, Osano created a "Misleader Board" of companies, used to pull out particular issues within privacy policies -- detail that the browser plug-in doesn't provide. The companies on the list are not ranked in any particular order, and they are not a list of the worst companies out there. Those on the list actually have ratings that range from "Very Poor" to "Very Good."
Osano has created the data set and will be offering three products based on that data -- the consumer tools that include the browser plug-in and Misleader list, APIs that are publicly available, and B2B tools for companies (the company is entering into a beta test with six companies starting in June for these). Then in September the company will release a version 1 of an enterprise product, Gilbert said. The tools for business will help companies better understand their data supply chains.
The tools build on the lessons learned at Gilbert's last startup, Meta SaaS, which was acquired by Flexera. The company provided a software asset management tool that was able to find licensing efficiencies in SaaS implementations, putting some power back into the hands of the buyers.
That's also the idea behind Osano and its portfolio of products, starting with the consumer browser plugin.
"Most people don't understand what is going to happen to their data," Gilbert said. Now, maybe people will get a little closer to understanding.
For more on data privacy, read these articles:
How to Operationalize Privacy and Data Governance for AI [New this morning]