Mobile is the bridge between the physical and digital world and that bridge continues to grow stronger every day. With apps that take advantage of device capabilities, there is user behavior data captured that was never before possible. With so much data, there is also a great responsibility to ensure robust data privacy and security measures are in place so that the trust between brands and consumers is never violated.
While consumers generally understand that a personalized app experience leverages their data, what they often don’t realize is that the app collects data that it then passes on to several 3rd parties. The ecosystem of companies that help app developers run their businesses continues to expand. Analytics, attribution, crash reporting, push notification, user acquisition and engagement platforms all require access to user data to help app owners run their businesses. By embedding their SDKs into an app, these services collect the data that allow apps to improve user experience, stabilize apps, acquire new users, drive engagement, and more.
For app developers, this makes a ton of business sense. However, without a proper data and privacy framework in place, monitoring and controlling that data gets captured by each partner SDK is nearly impossible and in turn creates a potentially massive liability for your company. If you aren’t convinced, recall how Lyft was sued for sending sensitive user-level data to Mixpanel.
Particularly when it comes to the more sensitive data, companies need to put in place — and enforce! — a governance model that balances the needs of the business without sacrificing user privacy.
The core components of a robust privacy framework
A good privacy framework usually starts with an audit that examines, at a minimum, the three C’s — Consistency, Compliance and Control.
- Compliance: Are your partners compliant with the terms of the agreement you set forth? Are those agreements in compliance with your governing policies around privacy and data retention and the relevant local laws and regulations?
- Control: Are you able to filter certain data types to protect privacy and sensitive user data? Are you able to hash and encrypt data before transmission to third-party partners?
Through this process you are likely to identify a set of known gaps needing to be addressed. In addition, you will probably start to recognize the likely existence of both “known unknowns” and “unknown unknowns” which only a robust technology solution can help you mitigate.
Solving for the known knowns, known unknowns and unknown unknowns with data infrastructure
A customer data platform can help ensure privacy policies are protected and enforced on three levels:
The first level is data collection. A single data layer ensures that an app can control and verify all of the data captured inside of it and that any/all sensitive user-level data is hashed and encrypted before it gets transmitted. A data platform layer makes it easy to monitor and control the flow of data outward to various partners, before it’s too late, which is the key to respecting privacy.
Thirdly, at the data distribution level, a platform-based solution can enforce control. This is where significant liability exists for most apps since collecting data is very different than distributing data to third parties. The right construct will allow you to filter on certain events, device characteristics, or identities in order to respect user preferences (as well as any applicable regulations which may prohibit certain data transference to outside parties of any sort). This allows the app to ensure privacy and sensitive user-level preferences are always enforced.
With all of the innovation in the mobile app ecosystem, it’s critically important to respect user preferences and privacy in a way that not only enables your business but also safeguards against liability. That’s why a customer data platform is a critical safeguard and enforcement layer within any organization’s data governance strategy.