Eyes Wide Open – Digitally

Having a full concept and appreciation of creating social media and digital policies for organizations isn’t one of those things I’d put on my bucket list. What that practice did teach me though, is the appreciation of what we all agree to in order to use platforms such as Google, Lyft, Facebook, Amazon, and on and on. We’ve sold off our digital lives over the years by blindly clicking “I Agree” to God knows what.

What has been interesting over these past couple of months has been the more aggressive and upfront approach to let all of us know how our data is being used by Sonos, Apple, Nest and all the others.

My nerd self has kept track of all of the recent “Privacy Update” emails I’ve received from nearly every company and/or digital platform that I use. I’ve counted 41 emails so far and I’ve read almost all of the updated policies.

Some interesting findings:

• Did you know that as of July 14, 2018 Instagram (which is owned by Facebook) will fully adopt all of Facebook’s privacy policies? That should not be comforting to you.
• Sonos, the home-speaker system company, stated, “We have never and will never sell it [your personal data] to third parties.”
• Zomato’s, a restaurant-finding app, updated privacy policy is very clear, stating, “We may share your information with outside vendors that we use for a variety of purposes, such as to send you emails and messages on behalf of other Zomato members.”
• The New Yorker (parent company Condé Nast) stated, “We acquire Personally Identifiable Information (PII) that may include, in certain contexts, your name, postal address, zip code, email address and telephone number. We also acquire your IP address, user ID, and/or device ID, which certain jurisdictions consider to be PII because it could be used to identify an individual or device if it were combined with other identifying information.”
• DICK’S Sporting Goods has a similar privacy policy, which states, “We may receive information you provide on behalf of third parties, or third parties provide on behalf of you, including but not limited to gift recipients, online registrations/purchases, ship-from-store, in-store pick-up, registries or as a result of your interactions with other users on our team sports or event websites.”

So far, Sonos has the best/most comfortable privacy policy for my tastes.

Full disclosure: After reading through the policies, I’ve removed my account and/or information from nine companies.

Now, these privacy policy updates are driven by a couple of things: The General Data Protection Regulation that went into effect recently, political maneuvering due to the Facebook data privacy fallout that we’re still watching, and, in no small part, the repeal of net neutrality.

I know, you’re probably saying to yourself, “Ogden, this is a super dull topic.” Well, you’re not wrong by thinking that. And also, this is super important for credit unions and who credit unions do business with.

In late May, if you haven’t read it, our Roy Urrico wrote an article about GDPR’s impact on credit unions. GDPR is a series of new rules for data protection and privacy for everyone and every organization doing business within the European Union. In his article, Roy interviewed Michael S. Edwards, vice president and general counsel for the World Council of Credit Unions, who said, “If you are a credit union in the U.S. you are likely going to have to comply with this law if you have any members (even if it is only one or two) who moved to Europe or live in Europe.”

In doing some research about GDPR, I’ve discovered several fintech firms that’ve set themselves up nicely with GDPR-compliant services for credit unions using consent management systems. One even claims to have a “dynamic and transparent data relationship with individual consumers.” If your credit union isn’t compliant or doesn’t have the staff to handle these new rules, hiring a fintech firm for this could cost your credit union a pile of cash. Your other option, I suppose, is to roll the dice and hope you don’t get caught. If you do get caught, the fine for non-compliance is around $23 million for each violation.

With the political and consumer pressure for better data privacy from the platforms we use every day, it appears to be an incredibly smart move to be as transparent as possible with your audience/members concerning how you’re collecting their data and how you are or are not sharing that information.

Some organizations are doing a great job at that – Sonos; others are not – Apple, Facebook, Google and probably your Internet Service Provider (ISP).

All of this wraps up into net neutrality in a way. As of June 11, net neutrality rules disappeared. These rules, in short, were set up to not allow ISPs, Google, Microsoft and others from blocking, throttling (slowing down data transmission) or making a paid prioritization of your digital experience.

Now, that is all allowed. And while it will take some days, weeks and even months for you to notice these changes, you and your credit union need to be reading all of these new privacy policies coming into your email. Do not delete these! Because soon, you could see a line inside of the policy that states something like, “By using this service, you agree to a tiered service program that could decrease the load times of your website and mobile app for consumers.”

Inside these policies, you’ll see the true nature and future of your credit union’s website, your members’ data and how everything is all connected, and there’s no unwinding it now.

My credit union didn’t send out a new privacy policy update and I had to hunt it down. Fortunately, it was a simple two-page document that reflected the values of the credit union. It was nice. My hope is that credit unions are able to keep up with political and consumer pressures in these digital times. If not, I can point you to some really pricy fintech firms that’ll take care of it.

Michael Ogden is executive editor for CU Times. He can be reached at mogden@cutimes.com.