It was bound to happen. A few weeks ago, we reflected on Facebook’s privacy woes and wrote about the “privacy understanding gap” and our own approach to responsibly handling user data. So of course, days later, we got a new request: “We need to add this code from Facebook to our web page.” 😬
After years of fielding requests as a Product Manager in a large company, I’ve learned to avoid giving knee-jerk answers of “yes” or “no” when responding to new requests, so I responded with a question, “What problem are you trying to solve?” (In other words, “Why?”)
“Well, we are working with a digital marketing agency to see if we can use ads to bring in new customers. Facebook tools let us see who responds to the ad and what actions they take, so we know what is working and how to replicate it.”
Okay, I thought, that sounds like an activity that could have a lot of value to us and to potential customers, allowing us to find the right folks and invite them to use Tali.
However, we have a strongly-held philosophy that our users’ data belongs to them and we are the trusted guardians.
So we didn’t want to just hand the keys over to Facebook; we wanted to retain control over the information that was collected on our website, and share only specific and limited information to support the ads. Digital marketing can be valuable, both to us and to potential customers—if we find the right way to get the message in front someone—and we believe in doing “just enough” with data to make that possible.
So we decided to use a different method to support the ad campaign while maintaining control of visitor and user data. Rather than free, out-of-the-box Facebook tools, we are using a third-party paid service called Segment to manage the data collected from our website, such as pages viewed, accounts created, and subscriptions. Using these tools, we can make sure the Facebook campaign is smart, without unintentionally exposing the personal information of our users. We’ve found we can identify participants in the campaign who visit our website and connect them to actions they take, without attaching personally identifiable information to the campaign. We don’t use information that Tali users provide us, such as name or email. Instead, we use a private, unique ID.
This “just enough” approach is one step companies can take these days to better serve their customers, and one that is encouraged by recent regulations, especially GDPR from the European Union.
Rather than just turning on tools that interact with our users or their data, we should look carefully at what needs to be shared and when. At Tali, we like to default to using as little personal data as possible to get our job done.
We also know we need to communicate with folks about how we are using their data, which is one of the reasons behind this post and this article on our site, which we’ve updated to describe how we use ads to bring in new users.
What do you think? How are you handling data at your own company? How do you feel about the data you generate as a visitor or user to sites across the internet? Drop us a line at firstname.lastname@example.org.