Banks in unique position to advocate for consumers’ privacy rights

It would seem the American consumer has a clear point of view on the issue of data privacy. Late in 2016, an A.T. Kearney study asked more than 6,000 consumers if they were concerned about “the privacy of the information that is shared when you conduct digital activities (e.g., sending emails, internet browsing, social network activities, shopping activities, purchases, etc.) either online or on a mobile device.”

A notable 77 percent of respondents confirmed that they are indeed concerned about data privacy, including 24 percent who said they are “very concerned” and 26 percent who feel “extremely concerned.” In an earlier study, 74 percent of U.S. consumers said that “being in control of who can get information about you” is “very important” to them.

{mosads}That said, in March of this year, both houses of Congress passed a bill that will leave internet service providers (ISPs) and mobile carriers entirely free to track what consumers do on their networks — and then sell that information to anyone they choose — without the consumer’s knowledge or consent. The president is expected to sign the bill into law, thus unwinding the internet privacy rules promulgated by the FCC late in the Obama administration. 

When the law of the land falls this far out of step with public sentiment, you have a highly problematic situation. There is a real danger of consumer backlash, followed by an emotionally charged public policy response. Businesses — and commerce itself — might be the most vulnerable to serious harm.  

We can expect that most businesses will exercise their newly re-established data rights responsibly, using personal consumer data to offer welcome new forms of convenience, choice and service. But in such a thoroughly unfettered and complicated environment, not all parties can be expected to always operate responsibly.

Indeed, in the management, sale and use of consumer data, there are no clear rules or guard rails. Moreover, with consumers highly sensitized to privacy concerns, even an isolated incident could trigger an explosive public response. Consider the force of the public reaction, for example, to Volkswagen’s “Dieselgate” scandal, or the angst that still reverberates several years after the big data security breaches at Target and Home Depot.

Now imagine a private sector version of whistleblower Edward Snowden, leaking shocking revelations that a company is grossly (but legally) disregarding consumers’ privacy.

When a data privacy scandal inevitably hits, innocent companies may suffer nearly as much as the guilty. The U.S. has a history of enacting regulations in reaction to crises. In the 1970s, Watergate triggered the Church Committee hearings, which led to the 1978 Right to Financial Privacy Act.

The original 1988 Video Privacy Protection Act occurred in response to the Supreme Court judicial appointment hearings for Robert Bork. Further, the 1996 Health Insurance Portability and Accountability Act (HIPAA) originated in response to fears stoked by a shift from paper to digital records.

A new data privacy scandal could trigger a comparable public policy and regulatory reaction, despite the strong deregulatory sentiment now prevalent in Washington. Our consumer research suggests that, in the face of an overwhelming public outcry, Congress might have little choice but to reverse course and indiscriminately saddle businesses with reactionary, commerce-killing restrictions on the use of consumer data.

Such a swing of the pendulum back toward heavy controls and reporting, combined with corresponding erosion of consumer trust, could significantly slow the growth of digital commerce.

How to avoid that unfortunate scenario? Companies with high levels of consumer trust could step in to defuse the situation. Banks seem the most likely candidates. Our research shows that 65 percent of consumers feel comfortable sharing their personal data with their primary bank.

By comparison, only 23 percent of consumers are comfortable entrusting personal data with their mobile carrier. Just 17 percent said the same about Google. The consumer point of view on whom to trust with their sensitive personal information is very clear. 

Despite this strong trust advantage, however, banks have mainly stayed on the sidelines of the data privacy debate. Perhaps they recognize that the discussion (which is far from over, despite the recent rollback of planned consumer protections) will be problematic and messy. Why should trusted financial services players wade into such a quarrelsome arena? The answer is threefold: strategic self-preservation, public duty, and commercial opportunity. 

Digital commerce is a vast (and still embryonic) strategic opportunity for banks. To safeguard that opportunity, banks must be more proactive in defining a practical balance between consumers’ strong desire for control over their personal data and digital brands’ and data aggregators’ demands for free rein.

As trusted stalwarts of global business as well as of local communities, banks are ideally positioned to help all parties see that finding a sensible, sustainable middle ground is in everyone’s long-term interest.

Without question, the new U.S. legislation takes America further out of sync with the evolving consumer data policies of key trading partners like the EU, U.K. and Australia. Banks have always been strong protectors of institutions and systems that promote the general welfare, prosperity and business growth.

As such, it would be consistent for banks to advocate for more reasoned and forward-looking data privacy policies that mesh with global norms. A rational case might even be made that resolution of today’s data privacy conflict is as necessary to America’s ongoing economic and societal vigor as was the imperative, more than a century ago, for manufacturers and labor to find some level of common ground. 

This need not be a purely public-minded exercise. By visibly pushing for more balanced policies that promote data sharing while honoring consumers’ intrinsic right to some measure of privacy, banks can solidify and expand their invaluable trust advantage. Further, “Privacy as Service” could be a significant new commercial opportunity for banks, which could fund and build data platforms that help consumers take back some measure of control over how their personal data is shared. 

Speaking more boldly on data privacy policy or developing “Privacy as Service” offerings would require banks to step outside their traditional comfort zone, but simply staying the current course might soon lead to burdensome new regulations aimed at protecting consumers who were never given the power to protect themselves.

Banks now have a unique opportunity to be consumers’ advocate in shaping public policy. They would be wise to move quickly, before the extreme positions that currently prevail produce a harmful crisis that slows or derails digital commerce.    

Bob Hedges is a partner at A.T. Kearney, a strategy and management consulting firm, leading both the Global and Americas Financial Services Practices. He can be reached at bob.hedges@atkearney.com.

The views expressed by contributors are their own and not the views of The Hill.