Imagine: you’ve finished designing the next internet-connected app or widget when you receive a feature request asking how much it would cost to add data collection capabilities to log end user actions. Unfortunately, this is a difficult question to answer.
You can estimate the time required to implement and test the necessary changes, but estimating the cost associated with the risk the collected data presents is significantly more challenging.
Collecting user data certainly can be helpful. This type of data provides valuable insight on usage and information about errors, thereby reducing a product’s support costs. It can also improve the user experience by making transactions more convenient and providing targeted data to the end user. But these benefits are counteracted by a set of risks with potential impacts that can far outweigh the benefits.
Risk: Data Sharing
When data is collected, users have an implicit assumption that the data will be employed for appropriate purposes and kept duly private and secure. For example, a department or grocery store may collect data on customers’ buying habits and use the data to provide coupons for the products they purchase. While some customers may find this a useful service, many might not feel the service worthwhile if the collected data would be sold to data aggregation companies, who in turn sell their aggregated data to others.
Many end users are unaware these data-brokering schemes exist.
The provisions for brokering are found in the service agreements, which few users read, and users are rarely notified that their data was sold and to whom. Collected data also includes data voluntarily given, like debit or credit card numbers. If that sensitive data is sold or disclosed, the company appears incompetent to the customer.
Risk: PR Damage
Data collection can also present a problem even when it is unintentional. In 2010 it was discovered that Google had inadvertently collected web traffic data from unsecured wireless routers during their Street View image collection. Even though a configuration error was to blame, it still generated a lot of bad press and resulted in a damaged reputation. In the European Union, where the privacy laws are stronger than in the United States, Google was fined for the legal infraction and required to destroy the errantly-collected data. This scenario risks repetition as businesses look to track customer movement in retail establishments, and it’s unlikely customer reaction would be any less severe.
It’s difficult to attach a price to damaged reputations, but some consumers feel strongly enough to consider alternatives, up to and including abandoning the service.
Risk: Improper Data Handling
Customer options to limit or mitigate data collection have traditionally been insufficient to assuage their concerns; limited to either no controls or explicit opt-out policies. The issue with explicit opt-out is that a customer has to explicitly take steps to remove themselves from data collection.
Even in cases where opting-out is done, how previously collected data is handled is usually not addressed.
Data lifetime is yet another problem, as many policies do not state how long the data will be retained or how a user can have the data destroyed. The best policy would be to collect data only from those who explicitly opt-in to a program, and to also provide a means for a user to issue a request for destruction of the collected data. It builds a good reputation and you can’t disclose data you don’t have.
User data collection has become a large privacy concern garnering more public attention.
Although companies have some legitimate needs for usage and behavior data, it is difficult to attach a cost to the sense of violation some customers can feel to data disclosures and inappropriately collected and/or shared data.
In short, adding data collection capabilities to an app, widget, or service might cost far more than it benefits the company.