When Spotify published an update to its privacy policy, a loud group of users threw it back at the company. What happened, and why, should be instructive to every marketer.
Earlier this week, the internet music streaming service shared its intentions to gather data on users’ locations, access their photos and contacts, even listen to smartphone microphones. It wasn’t communicated as a benefit or choice, but instead buried in the opaque policy language that most customers have been trained to ignore.
This time, though, some of them started publicly wondering why a music service needed access to their personal data. Some even quit in protest. Spotify’s CEO has since apologized, and promised to better explain its plans (but didn't backtrack from any of them).
Many tech insiders have downplayed the event, but they're once again missing the fact that most people on the planet aren't tech insiders.
Here are three things every marketer should consider:
First, you don’t have a customer privacy policy. Seriously. Let the idea sink in. Your lawyers and technology folks have a set of rules that govern your business practices that impact privacy, but it’s not a customer document. A privacy policy is like the list of side effects that might come with drug use, or the potential for injury noted on the backs of sporting event tickets.
You don’t communicate in such obfuscating detail on any other operational activity — there’s no “manufacturing policy” you ask customers to endorse — because they judge those activities through other, far more robust communications.
Worse, considering how privacy policies are written (to provide companies with the widest possible latitude, along with the narrowest liabilities), it’s very likely that your privacy policy is hostile to your customers. The reaction of Spotify’s customers evidenced as much.
Second, this means they’re the worst possible vehicles for achieving informed consent.
Your lawyers and regulators may require that you publish them, but it’s every marketers’ responsibility to integrate that content into far more transparent and convincing customer narratives.
For instance, if listening to users’ smartphone mics will somehow make Spotify’s music selection more enjoyable, its privacy implications should be communicated first as an enabler of that benefit, not some absolute policy change.
Opt-in is not the same as buy-in, and Spotify’s snafu illustrates the growing chasm between customers and the business practices of many companies.
Third, who asked for all of these privacy intrusions anyway?
The fait accompli behind privacy practices is that businesses have the right to intrude massively into customer’s lives and, since the policies are legal agreements (often executed by nothing more than their tolerance), people have made consciously willing trades: their privacy for better playlists, or shoe ads.
This just isn’t true, since few people understand those transactions. It also violates every conceivable psychological or sociological model of how humans define and manage their privacy, which depend on two parties learning to trust and reveal information to one another over time.
Spotify knows that few customers would agree to having their every waking moment monitored in exchange for nothing more than improved playlists. The same goes for many other supposed “benefits” of big data oversight, whether periodically announced by Google or Facebook, or snuck onto smartphones by app developers.
It could be why so many companies purposefully communicate so poorly on the subject, or sometimes not at all.
Only it doesn’t have to be like this.
There’s nothing inherently wrong with customers sharing their personal information or behavior, nor with companies using it to improve their operations and, gasp, profiting from it.
But approaching privacy as a stand-alone policy, and not a business practice embedded in customer relationships, can and should raise questions about authenticity and fairness. As a marketer, you know you never want to entertain such challenges.
The current state of corporate behavior, and what just happened to Spotify, almost guarantees them.
The problem can’t be fixed by using more homespun language, or burying directions for opt-out on some webpage that’s hard to find, and difficult to follow. Compliance isn’t enough, and assurances from tech insiders that there's nothing to worry about are specious, at best.
Brands need to start thinking more strategically about activities that impact privacy, and talking more honestly with customers, or Spotify won’t be the last to get excoriated for its practices.
Remember, it wasn’t the first, either.
