Why Data Privacy is the New Differentiator for SaaS

“When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else.” - (David Brin)

Imagine a big music festival’s going down in your town and all your friends are going. There are some crazy good acts, and despite ad posters and promotion all over the venue, entry’s free. Yup, this is going to be a big night.

After the entrance, the organizers in passing mention that they’re gonna record your chatter with friends, log the drinks you buy at the bar, track the times at which you go to the bathroom, and occasionally ask you for information about places you’ve lived in the last couple years, or your education history. If you’re not okay with that, they’d have to kindly ask you to leave.

In that situation you’d probably do the only sane thing: look for another way to spend the night.

On the internet though, be honest, you’ve more than once did the insane thing. Here, users are peculiarly willing to hand out information about themselves. Companies acting like that festival organizer can be successful. Recent studies deliver data-proof for the discrepancy between what people want and what they act like concerning their personal data.

It’s one reason why tech experts confidently praise such data as the world's new currency. While its lucrative trade is running high, privacy is becoming something rare - and therefore, something more valuable.

Why then shouldn’t data privacy be an even stronger currency for those who deal with user data on a daily basis, but don’t sell it? Especially SaaS companies have in the past often overlooked this dormant potential to set themselves apart from the pack. The time has never been as right to reinfore their image as trustworthy businesses.

People want privacy and they’re willing to pay for it

In 2013, Google’s Vinton Cerf called privacy an “anomaly”. To this, “The Father of the Internet” added his guess that it’ll be an increasingly rare good in the future. He took a big swing at human history, which proves him right.

In fact, privacy hasn’t been part of our lives for long. Due to widespread illiteracy before the Second Industrial Revolution, even less so has informational privacy. Put simply: Who could memorize all guest their neighbor welcomed at his door for the past five years without being able to write down their names?

Thanks to revelations of Edward Snowden and other privacy advocates, users were forced into awareness of how their personal data is handled. Finally, even authorities were forced to look at it and react. Privacy today is a - constitutionally guaranteed - part of modern human life. People rightly claim it. In a business context though, it’s a claim directly opposed IT’s growing thirst for personal user data.

As a consequence, users are becoming more willing to spend money on protection of what’s theirs. They expect companies to guard their personal data more, now that they feel they’re losing it byte by byte.

EMC’s 2014 Privacy Index mentioned above showed that only 27% of consumers around the globe are willing to trade personal data for a better online experience. Also, consumers are highly suspicious of both organizations’ skills and ethics in privacy matters. Bottom line, 84% of them wish to decide what information they share or otherwise not to share anything about themselves or their habits. MEF found similar evidence in the mobile area. It’s clear - internet users do value privacy.

But despite their sentiments, a vast and growing majority leaves personal data footprints on businesses’ servers while shopping, banking, searching or in social networks. EMC calls this “The ‘We Want it All’ Privacy Paradoxon”.

There’s a way to explain this, and it lies in the power of businesses. They bribe consumers with low prices and free services, blackmail them for the possibility of social participation, or both. Most of us know this weird mix of rashness and self-deceit all too well. It’s a dilemma we’re having trouble to escape.

That’s why, for users, it should be a sign of hope that even the German federal competition authority now shares that queasy feeling. It considers taking legal action against Facebook.

Most businesses care about their customers' data privacy

The success of the world’s biggest social network hinges on access to personal data. Still, a company like that would shrug their shoulders at studies like EMC’s. Millions of people are in a love-hate relationship with Facebook. Most of them are not going to break up for lack of alternatives, and Facebook knows it well.

Companies making their money online without selling personal data feel a much more pressing worry to adjust their privacy policies. Most of them face countless competitors, there is no monopoly for them. If they fail to protect their users’ data, consumers will simply switch to another supplier who can. With generally higher attention on data privacy, this is becoming more important.

Most SaaS providers don’t focus on data privacy

Having a bad privacy policy of an SaaS provider rub off on them can’t be in any businesses’ interest. Still, in legal privacy matters, most SaaS companies used to refer to the now-revoked Safe Harbor agreement. We know by now that it had been designed to protect businesses from legal problems rather than to protect consumers’ privacy. The new Privacy Shield could be just as porousj, and sadly just as welcomed by businesses. At least, perhaps, until the European Court of Justice downs it just like Safe Harbor.

SaaS providers process personal data mostly belonging to people who are not their direct customers. Hence, they usually stop caring about data privacy right where their legal responsibility ends.

If a webshop’s customer senses misuse of their data, they’ll take it to the shop’s owner. Not to whatever CRM-solution’s behind it. A live chat software like ours, helpdesk systems or said CRM solutions all have one thing in common - for end-customers they are rarely a target of data abuse concerns.

A false comfort, as Gary Kovacs, CEO of security software company AVG thinks:

“As more consumers begin to comprehend the extent to which companies capture and monetize their information, the damaging backlash against business has the potential to undermine the growth of every company that uses the internet to do business.”

SaaS providers need to understand that said backlash can easily be passed down to them by the businesses they cater. These will be increasingly picky in their choice of a SaaS company to team up with. Here, a privacy-savvy SaaS company that exceeds poor privacy standards like in Privacy Shield can make a real difference.

What SaaS providers should do for a great data privacy policy

Any SaaS provider’s goal should be visible awareness of the moral and economical implications of their data processing. To start with, they need the technical expertize to handle personal data in a way that protects users’ privacy. Take Apple’s noisy face-off with the FBI to get an idea of how important this is.

The most recent ”Safe Harbor”/”Privacy Shield” turmoil highlights how much the location of storage devices matters. Companies should look to host where NSA and other organizations with far-reaching powers can’t legally access it.

Show people that you are different. A lot depends on the communication of the technical setup. Even businesses with high data privacy standards often fail to highlight them as a differentiator.

Famous violations of privacy, like Uber’s concerning journalist Sarah Lacy, regularly scare consumers. But bad experiences, others’ or their own, are not the only things creating distrust in users. Often, it’s just a lack of transparency. In times in which many consumers feel at mercy of companies, no business should expect a leap of faith in privacy matters. Instead, they should bank on cautious users and company reps. It must be a goal to anticipate and target their individual concerns.

For any data-processing company, now’s the time to care about user privacy. Especially SaaS providers should. Not to surf the wave, but to grow as businesses. As paradigms shift, it’s about time to reinterpret data privacy from a liability to a chance.