Business growth should not come at the expense of customer privacy. Unfortunately, that’s not a belief that everybody holds, and the result is an environment in which data privacy breaches are increasing in regularity and severity. Whether it’s Facebook, Cambridge Analytica and The US Elections, or any of the nearly 1,000 incidents received by Office of Australian Information Commissioner (OAIC), the data of millions of Australians and billions globally has been breached – whether we know it or not.

While privacy breaches rely on unscrupulous hackers or human error, they’re enabled by a business model that thrives on the collection and manipulation of as much data as possible. Today, with so much of our personal and professional lives existing online, privacy doesn’t pay; privacy-abuse does. Online consumers pay for products, services and subscriptions in one of three ways: 1) With money, 2) with their own data, or 3) with someone else’s data.

Most ad companies choose options two and three as ‘payment modes’, because this form of payment is disguised as ‘free’. A quick look at the world’s most downloaded apps – TikTok, Instagram, Facebook, WhatsApp – shows most are supported by ad-based business models. Consumers think these applications are free. And while they’re not paying with Australian dollars, they are paying for these apps using their personal data. Data is money, with an additional layer of abstraction.

Revenue maximisation leads to data maximisation

When data becomes a proxy for money, revenue maximisation means data maximisation. But who does this data serve and why is it being collected? By and large, data is being collected by marketing departments using it to target people with their ads, sell goods and services, and increase revenue. By exchanging real money for data-centric ad targeting, marketers are treating data as an investment; hedging their bets that the data will unlock more revenue over a longer period than a customer would have been willing to pay with their Australian dollars.

With too few rules in place, and limited desire to implement them, the ad industry has become the new Wild West. Data banks, data auctions, and data abusers are all in full swing. Most consumers don’t know the extent to which their data wallet is leaking. The industry is saturated with companies not only collecting user data without that user’s explicit permission, but selling it, too. Worse still, data is being collected without the user’s knowledge, even when they don’t use a service. It is also being collected when they pay for a service with real money. What recourse do consumers have, though, and is there a change in the wind?

Consumer control and new business models

This business model works well as long as consumers either don’t realise it’s happening or don’t care about the leak from their data wallet. Companies and consumers wanting to protect their privacy are swimming upstream with no clear business models for protecting privacy. If they begin to care and are given control, this business model might take a turn.

Consider, for example, Apple’s App Tracking Transparency (ATT), a policy whereby marketers must secure explicit consent from users to track them. Apple and companies like Brave – an open source web browser – have strong records when it comes to protecting user privacy, but they also have ad-based business models which says a lot about the lack of pure business models for privacy protection. As users become self-aware, start to control leaks from their data-wallets, and turn to brands with stronger data privacy records, we might see new business models emerge. For businesses, irrespective of size and industry, a strong stance on privacy is a competitive differentiator today, and could serve as a competitive advantage tomorrow.

The current model isn’t broken; it’s working exactly as intended. Regulatory regimes are beginning to clamp down, though. Whether it’s GDPR (General Data Protection Regulation) in Europe or reforms to Australia’s Commonwealth Privacy Act, businesses are facing increased fines and penalties for breaches. However, according to Zoho research, only 35% of Australian small businesses have a defined, documented, and enforced policy regarding personal data collected, used, and disclosed through their business. And almost half, meanwhile, are either ‘uncomfortable or very uncomfortable’ with their customers’ data being used by companies with which they had no direct relationship.

If your customers, and their data, matter, you must establish a standard for software that doesn’t track users. At Zoho, we decided over two decades ago that we would never have a business model that made revenue through advertising and data. We banned third-party cookies from our software because our customers’ data belongs to them, not us – or anyone else. While it’s still not yet a commonly held belief, there exists a business model in which growth comes through an unwavering commitment to research and development and providing technology that solves business problems, rather than manipulates data. The businesses that adopt this belief sooner rather than later will benefit long-term.