Privacy as a business model

The interest to include privacy protection as a key component of business models has been revived by Apple, and Edward Snowden’s support for this business decision to protect user’s privacy by design. Isabelle Falque-Pierrotin, the head of the French data protection authority CNIL, also expressed support for such ideas in a recent interview with WIRED, stating that “data protection contributes to confidence. It is a key factor in the digital environment.” Even Hollywood is banking on the concept of privacy to sell cinema tickets by recruiting stars like Emma Watson and Tom Hanks to act in a new movie based on the novel The Circle.

This idea of monetising privacy has been previously explored at the CPDP conference in 2014 during a panel session titled “Monetising Privacy and Data Protection: Can Privacy be Profitable?” During this session it became clear that many start-ups are exploring the privacy as a business model approach, whereby the privacy interests of consumers are leading in the design for all sorts of products, from chat apps to comprehensive personal data ecosystems. Intel, the chip manufacturer, stated in the Harvard Business Review that “privacy protection should be a practice as fundamental to the business as customer service.”

A paper titled “Company information privacy orientation: a conceptual framework” published in the recent edition of the Information Systems Journal, explores how companies are attempting to reconcile its ethical and legal obligations towards their customers with regards to privacy with the objectives of their information systems design. The authors devise a conceptual framework called the conceptual framework of Company Information Privacy Orientation, which gives organisations the tools to assess their positioning on privacy and clarity on the principles to which they should aspire, with the aim to identify gaps or imbalances.

While privacy considerations are becoming increasingly relevant for consumers, employers should not forget to also take their employees privacy seriously, as the Canadian District of Saanich had to learn the hard way when they realised their security systems were particularly invasive. In the name of cyber security, the district’s IT systems logged all keystrokes as well as taking screenshots of all employees’ screens every 30 seconds. Needles to say, this led to enforcement action by the Privacy Commissioner – a wise lesson that privacy plays an important role for all, regardless of their position in the business model.