• Research shows that telcos have a good chance of become trusted data custodians
• One company hopes that its ‘De-Itentification technology’ might be the key to winning that user trust

A study commissioned by ‘telco monetisation’ outfit, Smartpipe, and undertaken for it by PSB Research, has surfaced some interesting dynamics around the impact of GDPR on consumers in terms of how they might respond, or not, to privacy options when presented to them (as they currently are being) in this first phase of GDPR implementation.

The research set out to find what people will accept, what they won’t and why, to determine the best strategy for companies who wanted to stay in the data gathering game.

Smartpipe’s perspective is pretty straightforward. Its mission is to help operators monetise “subscriber data across open digital advertising ecosystems without compromising privacy.” Yes you can, according to Chad Wollen, Smartpipe’s chief marketing officer. The key is to turn persistent IDs into non-persistent, tokenized IDs. In other words to collect personal data without assigning it to an identifiable person so that “it’s not personal, it’s strictly business” as Michael Corleone might have put it had he steered the family business into telecoms.

Founded in 2014, Smartpipe has hatched what it calls ‘Dynamic De-Identification technology’ which allows first party data owners to monetise their data in a secure way via the open ecosystem. [BTW if it’s trust you’re after, best not sprinkle ‘monetise’ around since it smacks of telco sneakiness]. It claims that “Smartpipe is the only truly safe and privacy-compliant facilitator of telco customer data profiles, compliant with local and global regulatory requirements.”

The big task now, post GDPR compliance, is to get potential opters-in to see the advantages of surrendering their data to their telcos, safe in the knowledge that their privacy will be protected at the same time.That’s a huge task and to kick it off on the right track Smartpipe is keen to highlight evidence that, if handled properly, the GDPR requirements can form an inflection point after which customers will be more likely to see telcos as trusted partners on data security if the telco proposition is presented to them effectively.

So the good things indicated by the PSB Research findings include: over 80% of consumers would allow their personal data to be used by their mobile network operator (MNO) for the purpose of advertising when privacy enhancing technology is a clear part of the “value exchange”.

On the other hand when simulating the “fully compliant GDPR experience”, but without the privacy enhancing technology part of the story, publishers – the traditional route for most data to enter the ad market – achieved only a 50% opt-in rate.

But, with the right data protection message – stressing investment in innovative privacy enhancing technology coupled with a “no third-party sharing” proposition etc – consent rates for MNOs rose to 83%. Smartpipe attributes this to the fact that no “third party” ad tech vendors need be named or consented to in the GDPR approval process.

According to Chad, the conversation about the privacy issues must be more about what telcos are doing to protect privacy (the technical inputs) rather than the potential outputs of misuse and privacy breaches. Once the discussion comes onto that ground, Chad believes, then you can start to see a turnaround in attitudes

It’s too early to tell how much the advance research by PSB is being matched by reality as GDPR compliance starts to bite.

“The publishing community aren’t yet at a point where they’re willing to share their results,” says Chad.

He says the so-called ‘layered consent model’ is getting a high consent rate, but is not necessarily compliant with the spirit of the law. Layered consent is where the user is simply asked to approve a fairly blanket sharing list, “You’re asked for a yes, without providing enough information on what you’re saying yes to, team that with a binary choice of yes or you can’t continue with the service and you have what (back to the Corleone family) might be termed “an offer you can't refuse”.

Hardly surprising then that almost 90 gave this option the go-head for the big brands and important online sites, such as facebook.

But, says Chad, it’s not clear that this approach will be allowed. There is already litigation being mounted to challenge it. According to early reports, and the PSB research, brand awareness is playing a big part in the way users are responding. Despite the much publicised Facebook privacy difficulties, users appear to be highly accepting of the conditions offered by Facebook, Google Twitter and so on. The category of consent seekers in most difficulty are ‘independent’ content publishers. It appears that the more companies these publishers specify in their consent list the lower the percentage of ‘yes’ accepts they get. “The independent publishers are in a no win situation, says Chad.

But, he says, classic brand rules seem to apply. Familiar brands get an OK, less familiar, not so much

“The ability of supermarkets, banks and telcos get good scores... means.. these companies have real potential if they take the technology seriously and invest.” One caveat, says Chad, is that telco brands have to start the conversation much earlier. Otherwise they just have that slim moment when the user is signing up to get across their privacy advantage.

The great thing about GDPR, says Chad, is that it stops people thinking about privacy in terms of little bits of data to be shared here and there, and gets them thinking about all this in the round, especially as they spend more and more time online and it becomes more important to them. “So it’s not just “my data on this site” it’s my identity in the world,” he claims.

The hope is that over time the smartpipe approach will really pay off - especially if the tokenized IDs prove to be just as, or nearly as, effective in steering ads as the personal information farming that goes on at the moment.