By Maria Pallante
The growing use of generative AI over the last year has placed the use of consumer data and its regulations — or lack thereof — under a microscope. As a leader in managing the loyalty data of clients, Bond’s solutions operate and are founded within the ever-changing global regulatory framework. This framework touches many topics, including the use of consumer data, analytics, machine learning (ML), and artificial intelligence (AI).
In this article, we’ll uncover emerging themes, recommendations, and our own approaches to the global regulatory framework, keeping technology, operations, and people in mind.
First, Some Key Themes
Growing Data Protection Regulations – Regulations, such as GDPR in Europe and the California Privacy Rights Act (and its predecessor California Consumer Privacy Act), continue to evolve with growing requirements around how data is collected, stored, and processed along with customer access rights. Other markets are following their lead. Overall, these regulations outline an organization’s responsibility to manage a consumer’s data securely, transparently, and, ultimately, that the consumer has the right to access that data and ask for it to be removed; this is known as the “Right to be forgotten.” Giving the appropriate conditions, failure to comply can result in financial consequences. For example, failure to comply with GDPR requirements can result in fines of up to 4 percent of global revenues, with organizations such as Facebook having faced these for violating consumers’ privacy.
Data Location Matters – Depending on the geography and location of the customer, there are new requirements emerging related to where the data is captured and stored. Data residency is the location of the data and where it’s stored, while data localization is the requirement to keep data in its country of origin. In other words, it’s vital to keep your data localization requirements in mind depending on your data’s residency.
Consumer Manipulation Should Be Avoided – There are policies taking shape around an organization’s responsibility to avoid manipulating customers to take actions they would not normally take; for many, this simply translates into operating ethically. For example, making it difficult for a customer to unsubscribe from a subscription by having them navigate multiple screens and checkboxes would fall under this category of operating unethically.
The Desire for AI Transparency Is Real – As the use of AI technology changes by the minute, there is a growing desire for transparency from consumers on how their data is being used to create the end-result in front of them. How exactly are their shopping behaviors being tracked to deliver personalized birthday recommendations? For many consumers, the trade-off is worthwhile. In fact, 56 percent of Gen Zers prefer product recommendations that have been tailored to them (Survey Monkey). The opportunity for AI to help brands deliver more personalized experiences is undeniable, but those same brands will benefit greatly by helping their customers understand just how their data is being protected and used to improve their overall experience.
Our Answer to An Evolving Question
Privacy by Design – Bond applies this approach across our solutions for clients, from helping them design their engagement strategies through to technology solutions — including how we continue to evolve our proprietary technology, Synapze LX & XI. So, what does privacy by design look like? It means limiting data collection to strictly that which will drive value back to the customer. It means protecting that data in motion or at rest and ensuring that consumers can access the data we’re collecting — or, that we can support their request to be removed from a program or database. We’re also constantly monitoring other techniques, including Differential Privacy, which is being used by other organizations such as Apple.
Monitor Evolving Technology Policies – Bond continues to monitor evolving policies related to the management of data, including GDPR and CPRA, which tend to lead internationally in requirements. For those unsure of how policies and regulations may apply, we recommend seeking legal counsel on how these laws and regulations can apply to your organization. In doing so, you can determine if a self-audit and/or external audit requirement exists. Compliance can — and should — be treated as a differentiator within an organization’s competitive set.
Be Transparent About AI Usage – We’ve said it before, and we’ll say it again: transparency is key. It’s our true north when approaching this rapidly changing space. As such, we recommend the same for others:
Be clear on how AI is being used in your marketing and customer engagement activities along with the impacts, risks, and associated biases.
Always consider how the use of AI can be transparently shared with customers when asked, and monitor the direction of regulations, such as the EU Artificial Intelligence (AI) Act and the US Algorithmic Accountability Act.
On December 9, 2023, the EU reached a provisional agreement on the Artificial Intelligence Act. This regulation aims to ensure that fundamental rights, democracy, the rule of law and environmental sustainability are protected from high-risk AI, while boosting innovation and making Europe a leader in the field.
Keep Your People Informed & Processes Up to Date – From an operational standpoint, we have policies in place and have outlined expected practices for our employees, which is reinforced with compliance training. This helps employees understand expected practices around topics such as data collection, storage, deletion, AI, and more. Annual compliance training ensures that these expectations are reinforced annually, along with any new information or evolution of these policies.
The answer to the question of evolving technology policies and privacy ethics is nuanced and complicated. Perhaps unironically, it’s one that blends both human-centricity with technological agility. Approaching data collection, use, and storage without an equally as nuanced approach is to do a disservice to the trust built between brand and customer. The customer, along with their data, should be handled with an equal amount of care, discretion, and attention. This fundamental principle is core to how regulatory bodies are looking at policy evolution and will shape its future.
Maria Pallante is Executive Vice President, Technology Solutions of Bond Brand Loyalty.