Tuesday, 11 March 2014

Personal data in the app and API economies

Europe’s app economy made some headlines in February with the publication of a report by research firm Giacom, as part of the EU backed Eurapp project, which estimates developer revenues at €17.5bn in 2013 and forecasts they will rise to €63bn by 2018.

It throws the spotlight on the growing economic importance of apps, predicting that there will be 2.8m developers’ jobs and 4.8m people in support and marketing roles by 2018, and has some interesting observations and hard stats on the business. But it doesn’t touch on the influence of personal data, and how it’s managed by organisations that develop apps and the application programme interfaces (APIs) on which they run.

A growing number of consumers are sensitive about personal data, and their choices are going to be influenced by whether they feel it is held in a neutral and safe place. This places it among the factors that API and app developers will have to take into account in building their markets.

It’s a fractured picture. The app economy has been built on developers finding different ways to make money, including charging for the download of apps, offering  them as a medium for advertising or charging when they are used for transactions. The API economy is harder to define – there’s no strong consensus – but it revolves around the provider making the API available to developers as a base for their apps. You can see this in Apple’s App Store and Google’s Play Store, on platforms such as Facebook and Twitter, and among providers of personal data services such as Mydex that provide APIs.

These economies are growing on their appeal to people’s desire for convenience; apps give them an easy route into online services without having to provide their details each time around. But users often have no idea how this is creating revenue for the developer or API provider, even though it often involves the use of their personal data.

Different models are used. Some companies use the data to target their own advertising; others make it available to third party advertisers; it can be used to identify consumer habits and assess risks; to feed into business intelligence; and in developing new services. The potential is growing as more devices are able to provide information on people’s location and movements, and this is going to increase as the data on those apps is hooked up with the internet of things.

There are also some that are not trying to monetise the data but use it to make their own processes more efficient. But the key point for all cases is that there is a degree of intrusion, and it’s all done without the knowledge of most users.

By law API providers and app developers have to tell people how their data could conceivably be used, but in practice it is usually buried in those lengthy terms and conditions that few people are going to read before they click their approval. They only begin to understand further down the track, when in most cases it’s too late to withdraw approval and the only remedy is to stop using the app.

Put this alongside the sporadic horror stories in the press about breaches of personal data held by large organisations, and a growing number of people are going to think twice about signing up to use apps, and will often decide that they can live without them.

If businesses want to keep those people on board they need to find a consent model that gives users more control and feeds a sense of trust; which comes back to the need for a neutral and safe place for personal data that is detached from any commercial process.

There are possibilities around the provision of stores for personal data, supported by a credible process to verify an identity and verify the data, which individuals would populate or have populated by those they connect with and make available as they see fit. They would be most effective if they provide some flexibility; the individual might be able to give blanket permission for access to relevant data for every app they download; or have some a simple short form of consent for different scenarios under their own terms or ask for requests for specified data each time they sign up; or even make data available for one time use on apps for a single transaction.

They would surrender some of the convenience they currently enjoy, and they wouldn’t be the most attractive customers for the most commercially aggressive app developers, but it would give them the control that they want.

This could be done by an API provider or by a third party with access to the API. The latter might prove more attractive to the privacy savvy consumer wanting a service provider that isn’t looking for new ways to make money from the data. He or she would give up some privacy, but with a stronger sense of trust, especially if they were already using it for website-based services.

There is also a case for it assisting API and app providers by reducing the risk from false data. If they are given a false identity or inaccurate details it undermines the quality of what they can offer, and can lead to unhappy customers, reputational damage and, in the worst cases, legal problems from providing the wrong data about individuals. Taking the data, and proof of identity, from a third party with a more stringent verification process could provide a degree of security that they won’t obtain from someone quickly jabbing details into a smartphone or tablet.

It’s likely that some companies would be reluctant to give up free access to the data on which they’re building a commercial model, but it offers a degree of compensation that could be more highly valued as customers become more guarded.

Concerns over personal data are beginning influence the market for apps. This is one possible solution and there could be others out there. Overall, the companies that are willing to take it seriously could find a competitive edge in appealing to those customers who are not going to be more demanding in providing their trust.

This article was written in collaboration with Mydex.

No comments:

Post a Comment