This is Part 1 in the Soul in the Machine series.

In the Soul in the Machine series, I will be delving into our collective responsibility to ensure that computing systems are treating users fairly and responsibly. Specifically, I will be raising the ethical questions around current trends such as data privacy regulations and machine learning capabilities.

Right now, in Part 1, we are going to journey together into the recent GDPR legislation and how we as technologists and marketers need to re-examine our traditional approaches to personal data!

The TL;DR version

  1. Don’t be a jerk. Foster integrity in your organization and guard data as if it were your own.
  2. GDPR is a forcing function. Major data management issues have been highlighted in organizations by the new regulations.
  3. Rethink experience. How we gather data, and what data we gather, simplifies data management. Much easier to manage something you don’t have!

Handling data as if it were your own

Having a 360-degree view of the customer is so important to delivering great personalization for a user. Knowing every possible thing about them allows us to build up a better customer experience. There are a lot of great tools available now to be able to track and gather information about a visitor and store it all together for easy access.

Once it becomes stored, however, we become the guardians of that data. Our systems, our applications, our networks, our people… they are all involved in making sure that data is kept private, kept securely, and used appropriately.

Ultimately, regardless of the legislation affecting our organization, we need to approach this scenario ethically. We need to ensure that our systems and processes are handling the data as if it were our own information.

What does that mean? That means that we need to examine our systems and look for ways that data is being shared among people and networks. Once it is collected, where can it go? Who can get to it? Is there any way to discover where the data has been shared?

“Our organizations need to foster a culture of integrity

If your system cannot track where the data is going, which is usually the case, then you are relying upon people to safeguard the data. That is why this is an ethical issue, and not just a technology one. Our organizations need to foster a culture of integrity. All individuals need to know that it is their responsibility to operate with integrity when they are dealing with personal data.

GDPR: The Wake-up Call

If you work in an organization that deals with European customers, you likely felt the impact of the General Data Protection Regulation (GDPR) that went into effect May 25, 2018. The underlying spirit of the regulation essentially stated that a European citizen has the right to own their personal information, wherever the data may be stored, wherever the citizen may be located. Some impacts were that brands needed to start making sure that they were being explicit about what they were gathering, and ensuring that users had a way to find their data and request for it to be removed.

This was a huge wake-up call. Think about all the spreadsheet exports of users and their email addresses that were being used for marketing. If somebody requested that their personal data be erased you would have to find all these sources and ensure it was cleared out. Sometimes worse, if a user requested a copy of all their information, you would need to gather all those areas where the information had been distributed and pull it together and pass it back to the requesting user.

The requirement for explicit opt-in also alerted a lot of organizations to the fact that they were just gathering lots and lots of contact information and spamming out, without any concern for whether the user on the other end wanted this or not. With purchased lists, some organizations were contacting individuals with offers that were not even relevant to how they initially provided their contact details.

“This is how we SHOULD be treating customers”

Organizations, especially marketing teams, needed to react quickly to meet with the legislation. Personally, I am very glad for it! The restrictions in place with GDPR force people to actually think about the customer, treat their data safely and well, and only contact them when requested. This is how we SHOULD be treating customers and it is a shame that it took a massive legislation to redirect organizations to work this way.

As more regions pass similar legislation, we are going to see the rise of better customer data management systems that can centrally store everything an organization needs correctly, securely, and ethically. Teams that need access to data will be enabled to work in a more connected manner due to the requirements to be able to centrally manage it. And customers will have a better overall experience.

The UX Impact

So, yes, this is all great for the ethical treatment of people and their data, but these regulations are also having an impact beyond just data handling. It’s not just about what we store, it’s about how we get it and grant access to it. When brands could gather any data they wanted, and do whatever they wanted with it thanks to a small ‘privacy policy’ link full of legalese, the technology adapted to gather more and more information about users: their demographics, their locations, and other personal identifiable information.

Now there is a business imperative to look at the user experience related to personal data, both gathering and accessing it. Gathering data should be a straightforward and easy experience, and providing consent needs to be clear and not drowned in complicated legal wording. We should only be gathering the bare minimum information needed to support the purpose of the transaction with the customer.


The analysis of user experience with forms backs this up. It has been clearly shown that shorter forms outperform longer forms. Even a single extra field can drop performance up to 2 percent! So even without privacy regulations, we want to consider making sure we gather as little as possible about a user to ensure more conversions.

From here, we need to start asking ourselves: “What do we really need”? For the customer to get value out of what we are offering, what information do they need to give us so that we can start that dialogue? What is relevant to this exchange? Do we really need those home phone numbers? Will anybody actually ever need to call this individual at home?


There are a lot of UX mistakes made when gathering user data that can easily be solved by simplifying what we gather and making it easier for the customer to convert with you. The most important part of the transaction is getting the user to identify themselves to you and start engaging. You can learn more over time, once trust is built up. What you don’t want is never learning anything because the wall that was put up was too high for what was on the other side.

Which brings me to value… how many times have you had to provide marketing consent so you could view an infographic which turned out to not be valuable at all? If you want personal information about a user, you need to provide something back which has enough matching value and makes sense as a transaction. Data is currency, and your customer knows this. If you demonstrate that you do not value their data, you will not be able to keep that customer coming back.

Ultimately, in the end, by simplifying data gathering we also simplify data management. If we rethink what we are taking in, we will likely have fewer personally identifiable pieces that we have to worry about storing. If we make it easy and valuable for a customer to engage with us, we will build trust and get more valuable engagement. The virtuous circle!

But… personalization!

At the beginning, I highlighted 3 take-aways in the TLDR version:

  1. Don’t be a jerk. Foster integrity in your organization and guard data as if it were your own.
  2. GDPR is a forcing function. Major data management issues have been highlighted in organizations by the new regulations.
  3. Rethink experience. How we gather data, and what data we gather, simplifies data management. Much easier to manage something you don’t have!!

Some of you may be wondering how this allows us to deliver personalized experiences. Don’t we need all the data we can get for that 360-degree view of the customer? Don’t we need to track users and identify them?

You need to show you can be entrusted with their information and that you will treat it well.

You need the RIGHT data that lets you know about that individual.

You need to be providing something that makes the customer want to make a trade of information with you.

Bringing an ethical approach to digital marketing will pay off with greater brand trust and loyalty, which is something we all want!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s