Privacy: The Digital Transformation That Should Have Happened Yesterday

artistic digital cloud

By Tom Chavez, CEO and Co-Founder, Ketch

Consumers are understandably frustrated with their lack of privacy when they go online, and they deserve an explanation. The law is on their side, and just about every brand contends that they’re fully committed to privacy. So why is it so difficult for the average person to be offered privacy choices, and to have their privacy preferences honored?

The challenge stems from a key concept in advertising, called ‘programmatic advertising,’ and the conditions that led to it.

AT&T was the first brand to have advertised on the web. In 1994, a small, mysterious banner ad appeared on, asking, “Have you ever clicked your mouse right here?” An arrow pointed to a button that said “you will.” Some 44% of the people who saw it actually clicked.

People took to the web almost as soon as it began. Publishers needed to meet them there, which raised an urgent question: how to pay for this transformation from print to digital?  Advertising was seen as a way to provide content to audiences at little to no cost.

But advertising faced a significant challenge: How would it scale? Initially, programmers coded ads into a web page on a bespoke basis, each ad an artisanal, hand-crafted good. It was laborious and inflexible. The race to automate — and thus to scale — was on.

The next year, FocaLink Media Services launched the first ever ad server, a technology that freed publishers from manually inserting ads into their web pages. All that was required was to leave an empty space on their pages, and the ad server would take control of serving the right ad to the right user from there. In other words, serving an ad became a separate process from generating and serving a web page. The following year, DoubleClick came into being, and it quickly established itself as the most flexible, most scalable display ad server on the market. It was acquired in 2005 by Google, which has leveraged it ever since to solidify its position in digital advertising.

Programmatic advertising is automated advertising; it’s a sphere in which machines, not humans, decide who should see which ad and when. The goal of programmatic advertising is to keep the global advertising world running seamlessly, 24/7. At best, humans can spot check ad experiences, but they have little to zero involvement in the execution of advertising at scale.

The Rise of the Customer Experience Industry

There’s another concept that has a huge impact on consumer privacy, called “customer experience.” The goal of the customer experience (CX) is to mimic the small shop owner who knows your name and preference. CX wants to be the guy behind the counter who just knows you want coffee when you walk into his bodega, and knows exactly how to make it to your taste.

Creating this level of CX demands myriad technology, powered by algorithms, so that a brand can anticipate what you want and offer it up without your asking for it.

Today, hundreds of point solutions for CX specialize in very specific aspects of the customer experience: recommendation engines to customize your web experience based on the site you came from and your past browsing behavior; shipping systems that allow you to track your packages and reroute them if necessary; and plug-ins for you to read or leave product reviews, to name just a few.

A typical, mature brand has a minimum of 30 different point solutions as part of its CX stack. Like digital advertising, the goal of CX is to take the humans out of the process and let the machines — and machine learning — do all the work.

The Digital Transformation that Wasn’t

It’s against this backdrop that privacy became a major concern for consumers and regulators. First GDPR, then CCPA gave consumers the right to know how their personal data is collected and used, as well as the right to say, “I want out.” The challenge is that while digital advertising and CX have gone programmatic, privacy compliance is still manual.

According to a PwC survey, 43% of companies with over $1 billion in revenue say they will spend over $10 million to prepare for CCPA. For 20% of companies, the price tag will top $100 million. Seventy-five percent of companies added ten fulltime people to their staff to ensure compliance, mostly for addressing customer complaints.

I spoke with the privacy general council for a multibillion dollar public company, who told me that it would cost his company $10.5 million in labor to execute 6,000 deletion requests received from one of their service providers. Let’s say that I, Tom Chavez, want to opt out and I notify a brand to update my privacy preference. That brand needs to associate my information with the record it has for me. It has to enforce my opt-out across all of its internal systems — registration, billing, subscription, service delivery, and so on. Next, it must notify all of its vendors, who then must associate me with the unique record they keep for me. It’s not enough for those vendors to simply receive my opt-out; they’re legally compelled to ‘make it so’ inside all of their own systems.

And herein lies the problem, both for consumers who demand privacy and brands who want to build trust by honoring their privacy instructions. Brands are mired in rules, but short of the tools needed to automate and enforce privacy at scale.

Privacy, in short, cries out for automation. And it’s on the cusp, I believe, of software-driven transformation that echoes the programmatic journey that digital advertising and CX have already taken.

Increasing Complexity

Brands face a patchwork of privacy regulations. In addition to GDPR, California, Virginia and Colorado have passed their own privacy laws; meanwhile, 38 States introduced more than 160 consumer privacy related bills in 2021.

Manually complying with all of these privacy laws isn’t feasible. The future of privacy, like digital advertising and customer experience before it, is programmatic, fueled by data, fully automated with software.

We needed a digital transformation to usher in programmatic privacy well before GDPR went into effect back in May 2018. It didn’t happen, but it’s unfolding now. Going forward, privacy will be built into every platform at design time so that companies won’t need to staple it on after the fact.

About the Author

Tom is a serial tech entrepreneur & Co-Founder of super{set}, a venture studio that founds, funds, and builds technology companies. Tom is also the CEO and Co-Founder of the privacy automation company Ketch. For the past 20+ years, Tom’s professional focus has centered on using data, decision science, & AI to solve hard, interesting problems.  Prior to forming super{set}, Tom was the CEO and co-founder of Krux, acquired by Salesforce in 2016. Before Krux, Tom was the CEO & co-founder of Rapt, acquired by Microsoft in 2007. Born & raised in Albuquerque, New Mexico, Tom lives & works in San Francisco. He holds a B.A. in Computer Science & Philosophy from Harvard & Ph.D. in Engineering-Economic Systems & Operations Research from Stanford. He supports & serves on the boards of non-profits in the areas of education, immigration, & entrepreneurship.