This is a guest blog by Pieter Vegt, Privacy Advocate at Empathy.co & Ethical Commerce Alliance
2022 was an exciting year for countries, businesses, and consumers alike that focus on building privacy-first technology and digital trust. The Schrems II court rulings, as well as the growing awareness of data protection, have pushed the privacy conversation forward and brought changes to online experiences on many levels.
We’re highlighting 3 privacy trends from the past year and how they might evolve in 2023 to answer the question: Will this be the year privacy takes over?
- Countries are taking measures against big tech
- Consumers are gaining awareness of tracking and cookies
- Privacy-first technologies on the rise
Let's dive in!
Countries are taking measures against big tech
GDPR protects the data rights of individuals in the EU. But what happens when personal data is transferred to a country outside the European Economic Area?
The simplest way to transfer data outside the EEA is by relying on an adequacy decision. For this, the European Commission conducts an adequacy assessment of certain countries to check if it can grant safety and data protection measures. If it does, the Commission adopts an adequacy decision and essentially greenlights the country as a safe destination for data transfers. If a country doesn’t have an adequacy decision, companies will need to rely on a different mechanism to transfer data. The most common are standard contractual clauses (SCC). These clauses set some data protection rules to guarantee a safe transfer.
In the case of data transfer between the EU and the US, the Safe Harbor agreement was put in place in 2000 to guarantee data protection. However, the revelations of whistleblower Snowden in 2013 set into motion a domino effect of lawsuits and court rulings. These procedures aim to secure a more valid framework for data transfers between the EU and the US.
The latest verdict, known as the Schrems II ruling, invalidated the adequacy decision for the US and obliged companies to rely on other mechanisms (typically SCCs). On top of using SCCs, the EU Court of Justice required companies to implement additional safety measures for any EU—US data transfer.
This court ruling motivated the NGO noyb to file complaints against websites using US-based services, such as Google Analytics and Facebook’s parent company Meta. All the complaints are decided by data protection authorities (‘data watchdogs’) across different countries.
As a result, Austria, Denmark, France, Hungary, and Italy have ruled against Google Analytics.
While US president Biden signed a new executive order for data transfers last year, the road ahead is still long and uncertain. The new data transfer framework between the EU and the US will almost certainly undergo scrutiny in the European Court of Justice in the future. That’s why it seems that 2023 will not bring an end to the court procedures and fines. Only recently, the Irish DPB fined Meta € 265 million because of Facebook data breaches.
(Update: turns out we were right. In May 2023 the Irish privacy authority ordered Meta Ireland to suspend data transfers for Facebook and issued a record €1.2 billion fine. As a result of the suspension order, Meta is currently risking an EU-wide Facebook blackout. We discussed the decision and its implications in detail in this blog)
Consumers are gaining awareness of tracking and cookies
With the GDPR launching in 2018 as a legislative framework for online privacy, ecommerce businesses were faced with the challenge of implementing data protection measures.
Some implications of the GDPR for businesses included asking users for approval for collecting personal information, such as the cookie banner. This consent form was one of the more visible effects of the GDPR, making users aware of how their data is collected, stored, and shared.
This consciousness has grown, and so has the weariness. Customers are looking out for digital trust, and are cautious of online tracking and cookies. According to the Retail Trust Index, launched by Empathy.co in November 2022, 70% of UK consumers agree that cookies and online tracking are intrusive.
The research of the Retail Trust Index shows what this entails for online retailers. 60% of UK consumers prefer to shop in-store to avoid data tracking practices. To protect themselves, 50% of them are already changing their online shopping habits. That number will likely grow in the coming months as digital trust is increasingly discussed.
Influencers and celebrities, for example, have also joined the conversation, pointing out the importance of online privacy.
In ‘Data Privacy - Who Cares?’ YouTube influencer Amelia Dimoldenberg took to the high street to ask the public what they think is acceptable to share and whether they are worried about tech companies selling data. In HBO’s popular Last Week Tonight, host John Oliver showed how much data brokers actually know, and how they can (mis)use that information.
It’s clear in the 5 years since the GPPR has launched, the conversation has shifted from lawmakers and politicians to the average person. Consumers want to be part of the discussion and feel empowered to make their own privacy-first decisions when shopping online.
The data culture can no longer support the idea that ‘as long as it’s not observed or perceived by the user, it’s okay to collect and store data’. The current shift focuses on informing customers and ensuring trustworthy, joyful shopping experiences every step of the way. People want to feel safe online and are increasingly ditching brands that don’t act ethically with their data.
And this necessity for digital ethics will continue to shape business strategies in 2023.
Privacy-first technologies on the rise
While data privacy awareness is quickly growing, it offers opportunities for businesses to stand out and connect with shoppers. Research has shown that flexible businesses, that change their strategy and focus on transparency and digital trust, can boost their revenue by 10% and more.
With the right tools, they can optimize their performance and create unforgettable customer journeys to inspire shoppers, without compromising on the ethical handling of data. The sustainable use of data creates a win-win situation for both the shopper and the retailer.
This strategy of choosing technology with digital trust at its core is also supported by McKinsey & Company. The global consulting firm advises retailers to only collect the data they need to conduct business. By doing so, businesses show that they listen to their customers and their growing concerns about hacking and data handling.
Empathy.co is the leading innovator in privacy-first commerce Search & Discovery. Over 200 developers and search engineers support headquarters in London and Asturias. Trusted by global industry leaders like Carrefour, Kroger, Music Magpie and Inditex, Empathy.co gives brands everything needed to create trustworthy, understanding, joyful shopping experiences.