From privacy compliance to user data wins

30 January 2019

Open source program offices are a thing. What about customer data protection offices?

A little background: when the open source business as we know it was getting started, most of the original concerns about free software in business were about license compliance. Many people assumed that all software companies would pursue maximum restrictions using copyrights and patents, and users who wanted to use, modify, and redistribute software would be their adversaries.

Then, Tim O'Reilly and others started changing the conversation to talk about open source strategies. How can a small company release high-impact software by building on collaboratively developed work? Now, as open source has caught on all over the software business, it seems obvious that people think about

• business models made possible by open practices

• open source companies as market participants competing for users while cooperating on common work

But it was a big mental shift at the time.

Today, a modern open source program office has to handle issues of license compliance, including training developers to follow and apply licenses, and checking the licenses of inbound software for compatibility. But the big picture is about using open source for sustainable advantage.

Maybe, today, we're still thinking about privacy as a compliance problem. Users and regulators on one side, companies on the other.

But what about a company that has a solid first-party relationship with a customer? What if the person is known to open the email newsletter, come in the store, answer the surveys—you're not in an adversarial relationship with that person over their data. The company and the customer are on the same side. When privacy concerns and adoption of privacy tools help get the person protected from targeting by some fly-by-night competitor, that's a win for both.

If you're running a bank, you don't want some cryptocurrency scam picking off your high-value customers. Those people's lifetime value is going to go way down when they're selling off all their stuff because the bank bought a "custom audience" social campaign targeting them, and the data leaked. If the bank had a customer data office thinking a step ahead, instead of just checking compliance boxes, it would have considered the data leakage risk along with the social campaign's possible upside.

Or a healthcare brand might run what looks like a harmless campaign, but some clever data management platform can infer medical data from it, and a "miracle cure" racket uses the data to pick off the customers. Before you know it the customers stop filling their prescriptions and start loading up on colloidal silver or something. A customer data office would have had the data science skills to see the risk, and offset it, possibly by offering the customers a free service to help them opt out of high-risk data processing.

Even for just a regular product, when a VC-funded "direct to consumer" competitor comes in, with no customer list—how do they grow so fast? Buying targeting data on the open market, because the existing brand haven't learned to protect their interests. Where does a brand's interest in customer data coincide with the customers' own interest in privacy? Instead of purely focusing on compliance, a customer data office will understand the risks and opportunities.

Anyway, software freedom went from a contentious idea to the source of much value in a remarkably short time. What if something similar happens with privacy?