A couple of years ago I sat down with my friend and respected industry analyst Esteban Kolsky to talk about privacy in the digital age – the video below is a snapshot of that discussion. Esteban and I had two different perspectives on the issue. I was happy to forego a degree of personal privacy to have a better experience – in my example it was Google telling me the best cafes close by me in a new city. For his part, Esteban’s perspective was that Google has no place knowing that I like coffee and any personalization is tantamount to an invasion of privacy.

Recent events with Facebook and Cambridge Analytica have highlighted, once again, the issues around the collection and analysis of the digital exhaust we all create – the gasps of incredulity that these vendors could amass this much data, and from that data intuit so much about us, was both interesting and disturbing. It surprised me that people were so naïve about this stuff, and I was reminded, once again, how quickly internet movements arise (and, often, fall) – the #DeleteFacebook hashtag got lots of traction, but it was, at best, a storm in a teacup that won’t really move the needle in any way.

As for the seemingly general naïveté that this stuff can even happen, the old adage Caveat Emptor should apply, but clearly, it doesn’t. For anyone who’s not aware of just how much information organizations can glean about us all, Marty Kamden, the CMO of VPN vendor NordVPN helpfully details it for us:

Any online platform that we use collects information about our behavior, location and so on. Apps and platforms use cross-device tracking, where they build a consumer’s profile based on their activity throughout devices. Browsing history may be combined with physical location, retail purchases with watched TV programs, commute to work and so on. Basically, most Internet users are tracked from the moment they wake up till they go to sleep. This information can then be used to build users’ psychological profiles and target them with ads and information that can impact elections – as we have seen with the Cambridge Analytica case. Or, if it falls into the hands of cybercriminals, this data can be used to steal identities, access bank accounts or medical records.

The potential parallels with marketing clouds

So all of this was very apropos as I sat in the general session at Adobe’s annual Summit this week during which Adobe rolled out its new customer profile tool that it promises will personalize ads like never before. The new “Unified Customer Profile” can include data on online behavior, advertising exposure, device use, and additional data such as that from Microsoft’s Dynamics CRM.

And it’s not just external stuff you visit that is being scraped, customers can be tracked across different devices, such as phone and PC, thanks to “Cloud Device Co-op.” Marketers that sign up agree to share data with other companies so that Adobe’s cloud knows which devices are used by the same customer, though, it has to be said, without recording or revealing who that person is.A mass movement of commercial organizations sharing the public’s data – what could go wrong?

If that sounds, especially in the wake of Cambridge Analytica, a little bit “Big Brother” to you, you’re not alone. The whole ideal of a central repository that keeps records about individuals and amasses data about those individuals from different organizations is pretty much a modern take on George Orwell’s dystopian tale – but whereas Orwell foresaw this data being used by the state for control of its citizens, these days it’s being used by corporations to make us buy things (oh, and the odd political party to win elections and stuff.)

I raised the question with a number of people, not least of all Shantanu Narayan, Adobe’s CEO. Narayan is a bit of a hero of mine, mainly because he has done a better job than almost any other tech CEO of taking a legacy company into the cloud age. From the days when Adobe was known for big burly desktop software that designers used, he has created a cloud company of the highest order.

But on this issue, I wasn’t really satisfied with Narayan’s answer. I put it to him that Adobe, and companies like it, have a moral obligation to ensure that their customers (i.e. the brands and corporations) do the right things by customers. To simply state that you give brands the tools to do the right things, and declaim any culpability if that goes awry is like… well, it’s like Mark Zuckerberg using weasel words to say that there was no technical breach related to the Cambridge Analytica situation. Sure, it may be correct to the letter of the law, but it misses the actual point.

Shared responsibility works both ways

I recently posted about the Cambridge Analytica situation, suggesting that individuals take some responsibility for the fact that the services they use have a business model centered around selling their data to advertisers. I still hold that “user responsibility” view, but that doesn’t let the vendors off the hook. I generally hate the “shared responsibility term,” which vendors throw around as something of a dodge to taking responsibility themselves, but in this case, it holds – sure users should go into a situation without being naïve, but so to should the platforms accept a degree of responsibility.

To put it simply, Facebook, Twitter and, yes, Adobe, have a responsibility for the way their platforms are used. And when their platforms are used for nefarious purposes, they carry some culpability for that usage. Obviously, personalized advertising of products is different from widespread interference with an election process, but there is theoretically nothing that would stop bad actors using Adobe’s tools for similar, deleterious, purposes. Given that Adobe’s head of platforms Cody Crnkovich was crowing about the fact that his company’s products process some 230 trillion customer transactions per year, and sends out 150 billion emails annually, which is, in Crnkovich’s words, “20 emails per person on Earth” – that’s a whole lot of potential for harm.

While it’s easy to say that you take end customer privacy seriously, it’s a lot harder to smack customers who pay you lots of cash in the event that they act badly. And while it’s easy to say, as did Justin Merickel, VP Adobe Advertising Cloud, that:

Consumers prefer a personalized experience. When you walk into that restaurant they know the food you want to order, they know your drink. We want marketers to drastically improve the experience of digital advertising.

A personalized restaurant experience is only one step removed from a personalized opinion-swaying and election-interfering campaign.

It’s not simple

The soon-to-be-enforced GDPR privacy regulations in Europe starkly highlight how complex of a subject this is, and Adobe believes it has sufficient controls in place to make it all OK. Said one exec:

You cannot turn all of this data into something useful without safeguards— semantics and control.

In Adobe’s case, and as it relates to its new uber-customer stalking personalizing tools, this involves creating a data catalog, labeling data in the record and associating rules with each type. The result being, or so they say, that Adobe’s customers will be able to comply easily and clearly with GDPR.

But here’s the thing. That assumption also assumes that those organizations WILL do the right thing. There’s no guarantee of that and, if historical analogs are anything to go by, the assumption could fairly be made that they won’t.

So the question remains: what responsibility does Adobe and its ilk have to ensure their customers do the right thing by the public?

Ben Kepes

Ben Kepes is a technology evangelist, an investor, a commentator and a business adviser. Ben covers the convergence of technology, mobile, ubiquity and agility, all enabled by the Cloud. His areas of interest extend to enterprise software, software integration, financial/accounting software, platforms and infrastructure as well as articulating technology simply for everyday users.

1 Comment
  • >>>I recently posted about the Cambridge Analytica situation, suggesting that individuals take some responsibility for the fact that the services they use have a business model centered around selling their data to advertisers.

    Take a look at http://www.datavest.org (a Pasadena based startup trying to address this by flipping the model and letting users monetize their own social data). Im not affiliated, just a fan of their ideas.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.