Inside data privacy: Why Asia is getting lost in translation
Before there can be robust data privacy and protection, WARC Asia Managing Editor Rica Facundo says the industry needs to streamline narratives across stakeholders and translate ‘legalese’ into brand implications on trust, effectiveness and competitive advantage.
The “Inside” series is a collaboration between WARC and IAB SEA+India to spotlight the power of collective expertise in navigating the region’s diverse landscape based on exclusive access to board and council workshops.
In a booming digital economy, data isn’t just an asset – it’s the lifeblood driving growth, innovation and providing data-savvy companies with a competitive edge.
Robust data protection is necessary to safeguard the customer and hold organisations accountable. It also provides a layer of trust that allows organisations to innovate in using consented data to increase business and broader socio-economic value.
But confusion and comprehension about “legalese” and the technicalities of data privacy and protection, amidst a patchwork of regulatory laws in the region, undercut the level of trust and transparency necessary for an effective and ethical digital advertising ecosystem to thrive.
“Without a shared understanding of this complex topic, we’re like individuals holding different pieces of a jigsaw puzzle – each piece important, but without the full picture, we cannot grasp the complete image, says Google’s Neel Murty.
A desire to simplify, clarify, and translate the data narrative and framework is both the bottleneck and rallying cry for the IAB’s Responsible Privacy Council in order to move the needle.
Definitions matter
Definitions matter, especially when trying to determine the stakeholders who should champion data privacy and protection, as well as what the approach should be.
For example, it’s easy to conflate “data privacy” and “data protection”, which are just “two sides of the same coin,” points out Omnicom Media Group’s Bharat Khatri.
“It’s critical that the push for more data protection and meaningful user consent are treated as two different topics because the approach for dealing with these would be very different,” affirms Spotify’s Vineeta Dixit.
One distinction is that data protection safeguards personal information, while data privacy concerns the relationship between data collection, storage, dissemination and the public’s expectation of privacy.
Understanding stakeholder dependencies
While these are two distinct domains, the solution requires collaboration across various stakeholders.
Data protection is typically within the remit of the IT department but data privacy is a “joint responsibility” between IT and the marketing team, says Khatri.
On the one hand, it’s the IT team that is typically solely responsible for the underpinning data infrastructure and protection. But marketers provide that crucial voice of the customer to ensure an effective and ethical value exchange amidst increasing concerns of how data is used and collected.
This points to the increasing dependencies that various departments have in ensuring and implementing a holistic data privacy policy. And the need to translate a complex topic like data privacy and protection for a broader stakeholder group of marketers who are increasingly being tasked to leverage customer data to drive innovation, efficiency and effectiveness.
According to Khatri “Everyone in the organization has to share the responsibility for privacy. It’s not just about creating a framework to protect consumers; it’s equally about ensuring employees’ privacy is safeguarded. This dual focus strengthens the organization’s commitment to trust and security for everyone involved.”
Establish the layers of stakeholders
Treating data privacy and protection as an organisational responsibility, across the entire data lifecycle, yields interconnected challenges. Like the proverbial “onion”, this requires organisations to identify and establish a hierarchy of layers, each with its own responsible stakeholder group, suggests SPH Media’s Manaswita Sarkar. These layers could include:
- Data governance: While this impacts the entire organisation, the most suitable stakeholder to drive this is the technologyor data team. “They best understand the regulatory aspects of data ownership, data transfer, access management etc.”
- Consent: Educating the organisation on the privacy policy and translating legalese into clear boundaries of what is and is not allowed. Marketers are well-positioned to advocate for a policy that balances data ethics and provides value back to the business. Data ethics is often an overlooked but important aspect of securing that customer trust which underpins brand building efforts.
Balancing perspectives
Another challenge to developing a framework is balancing the different implications from a legal, business and customer perspective, says Dentsu Malaysia’s Suhail Ahmed.
“Embracing data privacy isn’t just about compliance – it’s about enhancing efficiency and effectiveness. Protecting personal information builds trust and empowers informed decision making for the organisation.”
The murkier area is the legal perspective.
Instead of taking a “corporate-first approach” to determining a framework, Tead’s Priscilla Goh argues for taking a “regulatory-first approach”.
“Regulations differ from territory to territory, which is the gap that’s causing confusion. Untangling this will be a helpful starting point.”
Policy discrepancies will continue to persist in Asia, with each country developing its own ethos towards data privacy and protection depending on government priorities. This makes it even more paramount for businesses to understand the regulatory nuances and implications of how to use data to differentiate and grow.
“There are businesses that depend on user data to maintain that competitive edge and it’s important that it’s not taken away in the need for radical transparency,” adds Dixit.
want more exclusive insights from the iab sea+india x warc inside series?
Back row: Benjamin Rehberg, Teads; Priscilla Goh, Teads; Bree Wang, Grab, Vidyarth Eluppai Srivatsan, The Coca-Cola Company & IAB SEA+India Regional Board Member; Nathalie Phang, Yahoo; Chris Packman, GroupM
Front row: Vivek Misra, The Trade Desk; Manaswita Sarkar, SPH; Miranda Dimopoulos, IAB SEA+India; Bharat Khatri, Omnicom Media Group
Not pictured: Susannah Jane Llewellyn, InMobi; Vineeta Dixit, Spotify; Suhail Ahmed, Dentsu Malaysia; Arpit Vishwakarma, Google; Neel Murty, Google; Sambashiva Srisailapathy, GrabTaxi Holdings Pte Limited; Aravind Menon, GroupM Malaysia; Vikram Bansal, Meta
Responsible Privacy Council by IAB SEA+India, matching t-shirts by Bharat Khatri.