Customers and use of their data: an ethical alliance
At the crossroads of discussions about customer relationships, new devices and cybersecurity, data is becoming an essential focus and ethical issue. What are businesses doing today to protect it and oversee its collection or use? Let's hear from the specialists!
Some customers may not be keen on the idea of sharing their data. Are their fears well-founded?
Ludovic Lévy: Better informed than ever before, the customers of brands are becoming increasingly demanding and wary, particularly when it comes to use of their personal data. We need to put in place the means to show our customers that their data represent sources of value¬-added for them, as well as for us.
Patricia Le Large: It is in fact essential to avoid the collection of customer data being seen as just an inconvenience, an annoyance, even a risk. While we use the data that they entrust us with or that we generate when they use our services, this is primarily to meet their expectations in terms of quality of service, personalized offers and innovation. At Orange, we view our customers as not only consumers, but also citizens: the services we offer must enable them to fully exercise their freedom of expression and all their rights.
What measures can businesses deploy to tackle the fears surrounding data security?
L.L.: Let's make this clear from the outset, there is no such thing as zero risk, and data protection is no exception to this. However, there are various measures that can be rolled out immediately to limit the risks of incidents: they concern the choice of not only the technologies used, but also the business’ technical partners. Providers are assessed based on increasingly high standards for data confidentiality and security aspects (requirements for governance labels, training, audit methods). Business intelligence work is also needed, monitoring issues highlighted by the security and protection authorities such as the French data protection agency (CNIL).
For Orange, this also means investing in research and innovation, in order to keep one step ahead of the techniques adopted by cybercriminals.
P.L.L.: We must not forget the importance of building staff awareness on security issues and supporting customers with their digital lives, so we must always listen to them in order to ensure we effectively meet their needs.
Is there a legal framework setting out a code of conduct for businesses that work with data?
P.L.L.: In Europe, the legal framework for data protection has been further strengthened to safeguard rights and freedoms in this region. It is also expected to become more consistent with the application of the GDPR or General Data Protection Regulation from May 2018. A measure that international groups like Orange have been calling for in order to ensure more consistency and transparency in the European Union countries where they operate.
L.L.: While this legislation will require a significant and compulsory effort to ensure compliance, it involves various elements that will then enable businesses to strengthen their own ethics in this area. Moreover, the example set by Europe's regulatory framework is spreading to all the continents and inspiring legislation in many countries, particularly in Africa, where Orange is present. The “Group effect” will enable several countries to benefit from our data protection experience when rolling out new services.
When it comes to protecting customer data, we believe that ethics must effectively go above and beyond the legal framework.Patricia Le Large, Vice President Personal Data Security.
Do you mean that a business like Orange may set itself rules that go above and beyond its legislative requirements?
P.L.L.: When it comes to protecting customer data, we believe that ethics must effectively go above and beyond the legal framework. The legislation allows a certain amount of interpretation, which concerns the business’ fulfilment of its obligations.
In practice, for us, this means developing application frameworks that enable customers to have control over their data with a clear, context-sensitive approach. Basically, the complete opposite of a system that is compliant but not particularly intuitive! For instance, we may consider more appropriate arrangements for consent concerning use of personal data, even though we have no obligation to do this.
L.L.: The company must regularly assess its practices and ask itself questions about the innovations it wants to put in place: this may involve internal committees evaluating whether or not there are risks for customers, with the power to say stop when necessary…This is an integral part of our corporate social responsibility
The company must regularly assess its practices and ask itself questions about the innovations it wants to put in place.Ludovic Lévy, Vice President Global Data Strategy & Governance.
With the rapid development of connected devices, data collection is going to accelerate considerably. Are businesses and the legal framework ready for this revolution?
P.L.L.: The European legal framework, which will come into force from May 2018, anticipates changes in the technological environment. The challenge will be to ensure that all businesses, big and small, innovating in the connected devices sector are aware of this framework...and above all that it is effectively applied.
L.L.: We can imagine that business sectors are going to organize themselves by defining codes of conduct in close cooperation with the personal data protection authorities, that labels are going to be developed to establish confidence…But, faced with the emergence of new forms of discrimination resulting from the misuse of data, collective vigilance will also be needed because this issue concerns more than just technical aspects.