It’s easy to criticize companies like Facebook or Google for their conduct when it comes to data, largely because they are so frequently the subject of widely-publicized reports and news articles. The stories documenting tech giant misdeeds (ironically, often displayed in Facebook’s newsfeed) demonstrate a growing awareness of surveillance capitalism and surveillance states, as well as the increased attention regulators and legislators are giving both issues. Also, Facebook has just been having a really, really bad month year three years.
Yes, it’s easy to criticize, but it’s much harder to draw the appropriate lessons from that criticism. Excoriating tech giants serves some purposes, and it certainly helps shed a light on practices that deserve attention. At the same time, it can cloud the real issues facing the rest of us, including the vast majority of businesses handling data (which is, quite literally, every business). We’ve mentioned before the counterintuitive principle that the negative attention on Facebook, for instance, can actually impede the progress of data privacy legislation, and might prevent meaningful change when it is needed most.
The problem is that, for better or worse (and it’s almost always for worse), businesses love to compare themselves to Google-Apple-Facebook-Amazon, as though any of the GAFA quartet are reasonable comparators. The thought goes that, if these massively profitable companies have adopted certain practices with respect to data, data partnerships, and the collection of information on customers and users, then if we adopt the same practices we’ll be massively profitable. In all but the rarest cases, that’s like suggesting you should measure your weekly run metrics against Usain Bolt’s. (Spoilers: he’s better at running than you are.)
This copy-paste approach to using data is not just the product of a faulty syllogism, it completely misses the point. GAFA companies employ hundreds of thousands of data scientists, AI and ML researchers, and specialists in consumer conduct. What makes business sense in that kind of realm is entirely different than what makes sense for even very large companies handling consumer data. And, remember: consuming and processing data is not a facet of Facebook or Google’s business, that is their business. Unless you’re monetizing consumer data for sales to advertisers, you’re imitating an entirely different business simply because it’s successful.
To employ a different metaphor, Exxon-Mobil makes huge profits from processing and selling petroleum products, including gasoline. Your business may consume gasoline (to deliver products in trucks, for instance) and it might use heating oil for the office in winter months. But you don’t mimic Exxon-Mobil’s practices or assume that their approach to customers or partners makes sense for you simply because you share a tangential connection through gasoline.
That’s not to say that we can’t draw lessons from GAFA companies – particularly when the lessons derive from mishandling data. But strategic decisions about how to structure data partnerships and data operations have to develop organically if they are to have any meaningful effect on your company. Put another way, you have to make decisions about the business as it exists, and not about a hypothetical hybrid between you, Amazon, Google, and Facebook. (I’m fairly comfortable that the Department of Justice, the FTC, and the European Commission for Justice would have something to say about that, anyway).
For clarity’s sake, then, what kind of lessons are we learning from GAFA companies that aren’t applicable? Largely, that the answers to our problems consist in deploying new technologies, casting mistakes as being about people (and not policies or business models), or throwing money at an issue. Here’s an example. The scandal du jour for Facebook is that staff had access to hundreds of millions of user passwords, stored in plaintext, for years. The response is, inevitably, going to be a change to internal written policies, someone will get fired, and there will be an announcement about new security practices and systems “to make your data even more secure.” It’s inevitable because that’s what happens in response to every Facebook scandal (or Google, for that matter).
These responses don’t alter the underlying problem, which is that there is an inevitable tension between privacy and a business model that commoditizes personal data (and, therefore, requires the maximum amount of data obtainable in all forms). They also have a tendency to fail in smaller businesses where 1) written policies are rarely comprehensive, 2) blaming staff can cause dangerous losses in talent and support, and 3) there isn’t enough money to throw around or meaningful technology to secure. That’s why these responses are affirmatively unhelpful when undertaken by businesses outside of Silicon Valley with a multibillion dollar market cap. In other words: pretty much everyone.
One lesson to draw from Facebook’s struggles (or any company in a data privacy mess, for that matter) is that you have to understand why data became a problem. Was there a breach, did someone lose valuable trade secrets, did a customer discover that their data was used for an undisclosed purpose — whatever the reason, it springs from a more fundamental error in approach. Typically, the mistake is forgetting the three values that we keep returning to: transparency, consistency, security. Without guiding principles to serve as a check against novel ideas, it’s easy to fall into a pattern where following novelty becomes a business method: if it’s new, or it if brings in more data, it must be good.
Theoretically, that might lead to innovation and success, but more often it simply leads to a haphazard adoption of new systems and technologies with no discernible benefit. It’s durability and long-term value that you should prefer. Remember that the key difference between a fad and a revolution is staying power. Build your business model around transparent, consistent, and secure data partnerships, and you’ll have learned the most important lesson.