NEW YORK – Customer data is a concept that most companies, especially those involved with health and health care, see as a threat rather than an opportunity. Most companies associate consumer data with “privacy,” seeing only expensive disclosure requirements, constraints on their ability to collect information about their customers, and a potential source of legal trouble.
So they consult lawyers and IT risk specialists to consider their options. To protect against being sued, they write lengthy disclosure statements that cover every possible use of consumers’ data. They then hand these statements to their marketing departments, who hide them behind little windows in small type.
In general, these companies see consumer data as something that they can use to target ads or offers, or perhaps that they can sell to third parties, but not as something that consumers themselves might want. In fact, many so-called privacy advocates have the same constricted vision. Most pundits on either side don’t consider that that rather than hiding from consumers or protecting them, companies should be bringing them into the game.
Over time, I’m convinced, successful companies will turn personal data into an asset by giving it back to their customers in an enhanced form – analyzed and visualized into something of value to the individuals themselves. I am not sure exactly how this will happen, but current players will either join this revolution or lose out.
Let’s start with the disclosure statement. Most disclosure statements are not designed to be read; they are designed to be consented to. But some companies actually want their customers to read and understand the statements. They don’t want customers who might sue, and, just in case, they want to be able to prove that the customers did understand the risks. A regretful customer is a vengeful one. (The very best companies want this because they like their customers to understand what they’re getting.)
So the leaders in disclosure statements right now tend to be financial and health-care companies – as well as my favorites, space-travel and extreme-sports vendors. Right now, some clinical trial operators and the “extreme” companies are doing the best job – perhaps in part because some of their customers actually appreciate the element of riskThe Personal Genome Project, for example, makes its research subjects take what amounts to a lengthy test on genetics. This could work nicely for other outfits as well. The user would not simply click a single button after scrolling through some pages, but would have to select the right button for each question. For example:
What are my chances of dying in space?
C) 1-4% (the correct answer, based on experience so far; current spacecraft are believed to be safer.)
Who can see my data?
A) I can.
B) XYZ Corporation.
C) XYZ Corporation’s marketing partners. (Click here to see the list.)
D) XYZ Corporation’s affiliates and anyone it chooses.
As the customer picks answers, she gets a good idea of what is going on. In fact, if you’re a marketer, why not dispense with a single right answer and let the consumer specify what she wants to have happen with her data (and corresponding privileges/access rights if necessary)? That’s much more useful than vague policy statements. Suddenly, the disclosure statement becomes a consumer application that adds value to the vendor-consumer relationship.
And if you’re a health-care company, maybe you can even personalize the risks by asking the user’s sex, age, BMI and other relevant data. (Of course, in the future, the user could simply link to a personal health record in the cloud, but that’s another story.)
And finally, as you discuss, what you may do with the user’s data, show the data themselves rather than a description. There’s her browsing behavior, her (doctor’s) choice of medicines, or her choice of remedies on your disease site. How much money has she spent with you, and on what? (Give her points and other recognition for her purchases.) Which specific health-care providers do you sell data to, and for what purpose?
To be sure, this is all very easy if you are the site with which the user communicates directly; it is more difficult if you are in the background, a third party collecting information surreptitiously. But that practice should be stopped, anyway.
Meanwhile, just as they have with Facebook, users will become more familiar with the idea of setting their own privacy preferences and managing their own data. Smart vendors will learn from Facebook; the rest will lose out to competitors. Visualizing the user’s information and providing an intelligible interface is an opportunity for competitive advantage. So is by-permission sharing of aggregate user data with your user community.
I see this happening already with a number of companies, including some with which I am involved. For example, in its research surveys, 23andMe asks people questions such as how often they have headaches or whether they have ever been exposed to pesticides, and lets them see (in percentages) how other 23andMe users answer the question. This kind of information is fascinating to most people. TripIt lets you compare and match your own travel plans with those of friends. Fitbit and Earndit let you compete with others to exercise more, and Earndit even offers points and prizes.
Consumers increasingly expect to be able to see themselves both as individuals and in context. They will feel more comfortable about sharing data if they know precisely what is shared and what is not. The online world will feel like a well-lighted place with shops, newsstands, and the like, where you can see other people and they can see you. Right now, it more often feels like lurking in a spooky alley with a surveillance camera overlooking the scene.
Of course, there will be “useful” data that an individual might not want to share – say, how much alcohol they buy, which diseases they have, or certain of their online searches. They will know how to keep such information discreet, just as they might close the curtains to get undressed in their hotel room after enjoying the view from the balcony.
Yes, living online takes a little more thought than living offline. But it is not quite as complex once Internet-based services provide the right tools – and once awareness and control of one’s own data become a habit.
Esther Dyson, chairman of EDventure Holdings, is an active investor in a variety of start-ups around the world. Her health investments include 23andMe, Advanced Proteomics, Genomera, Green Goose, Habit Labs, HealthEngage, HealthRally, HealthTap, Keas, Medico, meQuilibrium, Omada Health (in progress), Organized Wisdom, PatientsKnowBest, PatientsLikeMe, Tocagen and Voxiva.
Great post – and great insight – and I’m cautiously optimistic about selecting a broader use of my online data. Trouble is – we’re still at the earliest of stages with this – and there are still some significant “early adopter” risks. Just this summer – FitBit had a fairly high-profile mishap with user data – relating to Sexual Activity (which I didn’t even know they tracked) – being Google searchable. TechCrunch story here: http://tcrn.ch/puputQ
I’ve seen a few startups that actually pay consumers (typically small amounts) for pro-actively sharing their data (selectively) – but I’m in the other camp. I’d probably pay for more privacy – less intrusion. I’ve seen some mapping of my online presence (most notably LinkedIn), and while it’s interesting – and colorful – not sure it’s all that useful – at least not yet.
For my own crusade, I refuse to sign the HIPAA Authorization form that every provider everywhere insists is a legal necessity for treatment. First of all – I’ve never been refused treatment for not signing – and secondly – HIPAA already allows for the sharing of data for any billing purposes – so it’s one of the most abused forms in healthcare. The original intent was to provide coverage as an exception – but (sadly) it’s become the defacto rule.
Esther, Thanks for the post. I generally agree with your viewpoint on this, but I wonder how you would apply this idea to the personal health record market. Is there a way to apply this that would increase the upake of PHRs? How does Google’s recent withdrawal of GoogleHealth relate? Did they fail to do this well enough?