Find out more about ESCP Europe Programmes

Other topics :

Creating a European Identity through Social Media

Knowledge@ESCP Europe

Marketing & Branding

Is Big Data too big to fail?

Digital data: generating high returns for owners.


The digital revolution has led, in turn, to a revolution in the mass collection of personal data: most of us divulge large amounts of personal information on a daily basis without always being aware we are doing so. Our data is collected by the giants of the web, mobile network operators and online retailers, then used by themselves for targeted campaigns towards key customer groups or sold on to other organisations who wish to do the same. Such data yields extremely high returns.

The race for Big Data
To guarantee these high returns, the first phase is to collect a large amount of data; large in terms of the number of individuals, but also in terms of the intricacy of the information collected (extensive knowledge of people’s interests, actions, behaviour, etc.). This explains the big players’ efforts to acquire companies with data, often at excessive prices, combining a variety of information sources: Facebook bought Whatsapp and its 450 million users a for $19 billion in 2014; Google bought Motorola Mobility for $12.5 billion in 2012, and Nest (connected thermostats) for $3.2 million in 2014.

The edifice is weakening under pressure
Scrutiny by the media, the G29 Working Group of EU Data Protection Authorities, consumer associations, companies and individuals is leading to a clearer understanding of the system and its shortcomings.

The press has shown great interest in the matter since early 2014, with almost daily articles denouncing obscure practices in data management and offering specific advice for protection. In addition, the G29 have initiated proceedings for non-compliance of privacy policies under European law.

The G29 investigated Google’s adoption of one privacy policy for around 60 of its services, including Google Search, YouTube, Gmail, Picasa, Google Drive, Google Docs and Google Maps. Google failed to act on G29 recommendations, resulting in six EU Authorities individually initiating enforcement proceedings against the company. The Sanctions Committee of the French National Commission on Informatics and Liberty (CNIL) subsequently fined Google €150,000 on 3rd January, 2014 and, perhaps more damaging to its brand image, also obliged the company to post a statement on the decision on the home page for 48 hours the following month.

In late March, the French consumer group UFC-Que Choisir decided to sue Google, Twitter and Facebook, denouncing clauses considered to be unfair or illegal due to “exploitation without the specific agreement of users; a worldwide, unrestricted, unremunerated license of exploitation and communication of data to business partners.”

In March 2014, online news organisation The Intercept revealed the US National Security Agency’s (NSA) surveillance practices; as a result, the entire planet realised that all the information circulating on the Internet was traceable. The NSA was alleged to have created a fake Facebook server to infiltrate the hard drives of suspicious individuals. Facebook co-founder/CEO Mark Zuckerberg expressed his anger at this unexpected spotlight on Facebook.

Simultaneously, various scandals have demonstrated the failure of companies to ensure the confidentiality of user data. Hacking is on the increase and all organisations are vulnerable. In 2014, the press revealed that 800,000 personal data files of Orange France customers had been stolen; not long after, 1.3 million files were hacked. Thankfully, no bank details were revealed – much to everyone’s relief!

Another significant case of hacking into personal data took place in December 2013 when more than 70 million personal data files, including bank card details, were stolen from US retail giant Target. Not helped by empty apologies from its CEO, the company saw a sharp drop in both its share price and turnover, plus a hundred lawsuits filed against it. The result was an estimated total loss of $18 billion from refunding fraudulent transactions, card replacements, etc. The share price has only really started to recover this year, but it will take far longer to repair the relationship between the company and its customers, built over some 51 years, which has all but evaporated.

While Target’s response to the data theft was considered weak, others have hardly fared better, with incriminated companies railing publicly against others in the same boat. Microsoft, for example, publicly criticised Google with its ‘Scroogled’ campaign while allegedly doing exactly that for which it condemned Google: reading clients’ emails. In another case, the Vice President of AOL, a Google competitor, Tweeted that, "with Nest sensors, Google now knows when you're at home, what room you are in and when you leave."

On the other hand, their reaction is mild: some reassurance measures have seen the light via commitment charters, communication campaigns focused on data protection (see Blackberry in Spring 2013), or informative videos. It's a good start, but is it enough?

Epilogue: Towards a re-balancing of the relationship
Feelings of intrusion into private life, lack of transparency, insecurity, and commercial exploitation of private information are increasing. Behind the data, there are individuals, and the risk is that everyone closes access to their data. The edifice has been weakened at its base, and in the absence of data there can be no economic model for digital businesses. It is very likely that we will soon see a re-balancing of the relationship: thus, Vendor Relationship Management solutions will develop, enabling individuals to re-appropriate their personal data through digital safes and choose the nature and quantityof information to be divulged. A new era is upon us.