Data Privacy in 2020: an Influencer Marketer’s Approach

Over the past few years, data privacy has gone from being a niche concern to something that people actively think of in the course of their digital lives. An entire industry sprung up to capitalize on users’ distrust of online services. There’s an abundance of password managers, VPNs and specialized tools that check if your data has been compromised. Multiple laws, regulating the handling of users’ data, have been passed. But how did we get here? And what does this mean for influencer marketers?

Let me hold this for you: losing data and losing trust

There’s no smoke without fire – or, as is the case here, multiple fires. This decade was riddled with huge data breaches, privacy scandals and news of unethical data collection practices. In 2016, it came to light that the struggling internet giant Yahoo! had suffered the largest recorded data breach in history.

An estimated 3bn accounts were compromised; their owners’ names, phone numbers, security questions and password hashes were leaked onto the dark web. An internal investigation proved that the higher-ups were well aware of the intrusions, but didn’t do anything to safeguard their users’ data.

Facebook followed in Yahoo’s footsteps, with multiple breaches coming to light in recent years. First, there was the Cambridge Analytica fiasco, an instance of illegal data harvesting perpetuated by the British political consulting firm with Facebook’s implicit approval. The company accessed data that it shouldn’t have been able to — and used it to influence the 2016 US presidential elections, as well as the Brexit vote in Britain.

This was only the beginning — a number of subsequent cases to do with negligent handling of user data took place since then. In 2018 the data of 50 million users was exposed thanks to an access token exploit. The year 2019 brought a number of scandals of its own: in spring, it was revealed that Facebook employees had access to hundreds of millions of user passwords, stored unencrypted on corporate servers. In December, their own employees’ payroll data was stolen.

Even ‘old school’ companies like Equifax aren’t any more cautious when handling their users’ data. It ignored security researchers’ warnings, which resulted in a massive leak of personal information pertaining to 145 million customers. It is apparent, now more than ever, that any personal data stored online is inherently at risk. And legislating for cybersecurity is next to impossible — there are always exploits waiting around the corner. So a bunch of laws were enacted to give users control over their data.

The most important of these laws is the European Union’s General Data Protection Regulation (GDPR). The directive, enacted in May 2018, defined the rules for the collection of European users’ private data, and users’ rights in regards to their data. Companies can now only collect personal data with users’ explicit, informed consent, and have to provide a way for users to delete this data at will. An important clause in GDPR also cements Europeans’ ‘right to be forgotten’ — the right to delete publicly published personal information, in order to protect one’s privacy.

Despite being a European law, it affected companies worldwide. GDPR protects European residents’ rights, so every reasonably large business with a European market presence has to comply — or leave. Other countries are also pursuing law-making efforts in the area. A similar law has already been passed in China, and the landmark California Consumer Privacy Act will be enforced starting in January 2020.