Consumers Will Punish Companies – and Their Investors – Who Flout Privacy

From Nasdaq.com, By Doron Gerstel, CEO of Perion

The context within which investors and analysts operate has been turned upside down. Their world used to be simple: Asset managers would develop their own recipes based on ingredients such as sector; leadership; competitive context; current and projected earnings; credit risk; margin, and the rest of Investing 101.

Then, about a decade ago – and growing with increasing ferocity – the call came to look at other factors, including ESG (environmental, social, governance) and DEI (diversity, equity, inclusion.) Put broadly, the thesis behind this widening aperture was, and is, that these attributes, metrics and behaviors – corporate biomarkers of good citizenship – are essential investment criteria.

The ESG economic thesis – reflected in an investment ecosystem which Bloomberg predicts to reach $50 trillion by 2025, an astounding third of all AUM – is that this investment approach is not driven by soft ethical notions, but that companies who embody these principles perform better.

This is neatly summarized in the formulation “Doing well by doing good,” which McKinsey defines as a necessity. I’m calling that philosophy #DWDG 1.0.

The SEC is planning to force public companies to make climate-related disclosures. BlackRock, who oversees $10 trillion and is the world’s largest money manager, supports this, writing: “At BlackRock, we believe that climate risk presents real investment risks and opportunities. We believe that incorporating ESG information helps our portfolio managers and clients make more informed investment decisions…”

I provide this as background because I believe that we are at a threshold moment which will take investors into a new territory, one as dramatically different as ESG was to prior investment decisions. If ESG represented DWDG 1.0, privacy represents DWDG 2.0: A second unstoppable trend.

We are now at the beginning of an increasing investor focus on how companies are engaging with and leveraging the risks, challenges and opportunities provided by privacy.

A good place to start is by looking at compliance pressures, and the tough data privacy laws on a federal and state level – as well as international standards, including GDRP, where many fines have been issued. More than 29 individual states and the District of Columbia introduced data privacy legislation in 2022.

Investors need to dig into these dizzying compliance risks with the same scrutiny that they laser in on other governance issues. The reason that regulators and legislators are so focused on privacy is that consumers are demanding it. And that is exactly why investors need to be focused on it at as well. 

Consumers are the ultimate decision makers, and if they decide – as they are – that they will not support companies that don’t support their privacy, then the economic damage they can cause will be measurable and dramatic.

Here’s what McKinsey said about DWDG 2.0:

“As consumers become more careful about sharing data, and regulators step up privacy requirements, leading companies are learning that data protection and privacy can create a business advantage.”

This “business advantage” that comes from respecting privacy should be every bit as important to investors as the business advantage that comes from ESG. What’s more, if you are a forward- thinking brand, you should not wait until Congress and the federal government get their act together and regulates cookies. 

Here are just a few statistics which should motivate every investor and analyst to look as deeply into a company’s privacy standards, as they do with regard to ESG and DEI, before making an investment decision.

• 84% of consumers are more likely to trust brands that prioritize using personal information with a privacy-safe approach. 
• 91% of consumers consider privacy a business imperative.
• 81% of consumers want to know more about how their data is used.

Google first said that cookies would be gone from the scene in 2022. Now, their target date is 2024. It would be a fatal error to wait that long to eliminate cookies if you are a brand. If you are an investor, it would be equally foolhardy to ignore the overwhelming sentiment of consumers. They are ready to punish brands – and hence the stock price – for abusing their privacy and stalking them over the internet.

Beyond examining a cookie policy, there are other indicia of a company’s recognition of the importance of DWDG 2.0. One is whether an organization has a CPO – Chief Privacy Officer. But simply checking the box and having the position filled is not enough. Look into how big the CPOs team is, and where the position sits in relationship to the CEO and the C-Suite. Is it buried and hence unable to have an impact? That will give you invaluable insight into how important consumer privacy is in practice.

Furthermore, savvy analysts and investors should familiarize themselves with the role of data brokers in the complex ecosystem wherein privacy is challenged and violated. An in-depth report in the Internet Policy Review notes the following:

“…data brokers are part of a lucrative industry that is believed to generate at least more than $200 billion USD in revenue yearly (though the actual amount is difficult to approximate due to their opacity) (Lazarus, 2019). They essentially sell information about individuals to private individuals, as well as corporate and governmental actors.”

The implications of are clear. Companies that rely on the shadowy services of data brokers are not operating within the principles of DWDG 2.0.

Stunningly, there is currently no transparency about any of these essential privacy behaviors and no systematic way for an investor to investigate a company’s use of cookies, or data brokers, or questionable practices about data-gathering.

This bifurcation of ESG, DEI and privacy is ending fast. It will change. Clarity on privacy is demanded and inescapable. Both DWDG 1.0 and DWDG 2.0 belong together, to be viewed by investors and analysts through the same lens.

Consumers drove the former and are driving the latter.

Until then, investors should put together their own proprietary metrics and frameworks for identifying privacy-first versus privacy-last companies, which should include a detailed analysis of the digital marketing and advertising vendors they use.

Government websites like this one from the CFPB which lists privacy complaints can also identify risks.

It is simply not enough for companies to invest millions in protecting data privacy in their servers and in the cloud. Yes, Cisco – and others – are right to point out that these investments provide business benefits. But we are not spending enough time and effort on making sure that only the right data is there to protect.

Put differently – companies are spending millions to protect personal data they shouldn’t have in the first place!

“Data is considered an asset, but one that increasingly hinges on consumer trust” writes the International Association of Privacy Professionals.” 

Once a company loses that trust, it is in danger of losing its investability.