“Transparency - what is that technology that ensures that this data collaboration happens in a privacy compliant manner, in such that this data collaboration does not enable any entity to be able to take advantage of the data of the others.”

Intro:
Welcome to the Agile Digital Transformation podcast, where we explore different aspects of digital transformation and digital experience with your host Tim Butara, content and community manager at Agiledrop.

Tim Butara: Hello everyone thanks for tuning in. Our guest today is Prateek Dayal, chief strategy officer at Aqilliz, a blockchain solutions provider whose aim is to make privacy a key element of digital marketing. Aqilliz is a first of its kind technological infrastructure built with privacy compliance top of mind. Rooted in the pillars of unification, discovery and engagement, Aqilliz delivers solutions which ensure that brands abide by relevant regulatory frameworks when engaging with their consumers, effectively protecting corporate regulations and boosting marketing ROI. 

With privacy awareness on the rise even among the less tech-savvy consumers, it's high time the digital transformation initiatives embrace privacy and this is what we'll be focusing on in today's episode; so, why digital transformation cannot succeed without making data privacy a top priority. And welcome Prateek, thank you so much for being our guest today. Can you start off by telling us what was the situation with data privacy in the early days of the internet and how did privacy awareness evolve alongside technology innovations?

Prateek Dayal: Excellent, first and foremost, thanks for having me on Tim, pleasure to be here with you. With respect to your question while we're going a few years back. So, I think it all when you speak about privacy and the internet. If memory serves me correctly we're going all the way back to 1994, when the first browser cookies were introduced. And of course cookies became the kind of default mechanism over time through which people's activities were tracked over the internet. And of course as the internet exploded over the last few decades, there's been an explosion in the kind of customer data that is out there on the net doing all sorts of things and which has essentially given rise to-- so, there's a scale of data and now as you say, there's been a lot of discussions about how this data is being used firstly. 

So in the initial years of the internet, late 90s and early 2000s basically, nobody really knew what a cookie was, frankly, right. But now as the volume of data is exploding, people are asking two things. One, the ethics behind it, how is my data being used? What is it being used for? Is it being used for, with my knowledge or not? So the whole ethical part of it. And the second part of it is, the technology has also exploded, the technology that captures this data, that processes this data and so on and so forth. Is that stable? Is that secure? And as you'd be aware there have been so many other instances where, whether it be the ethical use of data, whether it be the Cambridge Analytica scandal, for example, or so many other instances of hacks and cyber-attacks and whatnot etc. So, all this has kind of really picked up steam, leading to the regulators basically sitting up and taking notice of it. To say, right, here is this business basically, the business of capture and processing of customer data and now we need to regulate it. 

So, therefore the regulators came in starting off with GDPR in the EU right, and then CCPA in California and so on and so forth. That is basically as you would be aware right have introduced legislation trying to kind of regulate some of these issues surrounding data. In our part of the world in Asia, of course, right through from China to India to us here in Singapore we have or are introducing legislation that looks to achieve something very similar to CCPA and GDPR. So, that's in a nutshell what started off as a plain simple cookie back in the mid 90s, exploded into this multi-million-dollar business which raised questions about ethical use of data and the technology would make the regulators sit up and try to regulate it. So, it’s a very interesting journey so far and it's still not over.

Tim Butara: Yup, I still remember first hearing or encountering the word cookie when I was still a kid browsing the web and I was like, okay, you know, cookies, this is just some web speak I guess. And I didn't really bother with it until GDPR, The update to GDPR dropped in 2018. That's when I just started my first job and I was tasked with updating some of the cookie policies and stuff like that, so ever since then I’ve had a very keen understanding and I’ve been very focused on privacy. So, okay then the Covid pandemic hit last year and basically it affected every field within the digital. Would you say that Covid has had a huge impact on how we view and treat privacy as well and if so, what kind of impact and why did it have such a huge impact?

Prateek Dayal: Absolutely. You're absolutely right, I mean so much-- as if all the stuff that we talked about earlier wasn't enough, Covid has served this purpose of exacerbating these discussions around data use and so on, so forth. Primarily because of two reasons I feel in my view. One is, a lot of us are staying at home of course and therefore there is just more data, there is more digital data interactions on the net. We are spending more time on the internet simply put. So, therefore our data points that are being captured, being processed and tracked on the internet have just grown exponentially compared to pre-Covid times.

So, one, there is more volume of data, plus within Covid specifically, there have been a lot of issues that you'd be aware of about this whole business of contact tracing. A lot of countries have introduced contact tracing, using Bluetooth technology, physical devices tokens, whatnot, all this sort of stuff which has made people just basically sit up and also get more conscious about the fact that our data is being used. So, therefore in this case for contact tracing as an example, so therefore I’d like to know how this is being used, who is using it, when does it get deleted, and so on and so forth. So, an explosion in data points as a result of people sitting at home. Second, Covid-specific data issues predominantly contact tracing have people even more aware than before of some of these specific issues surrounding data protection and privacy.

Tim Butara: So, we had-- one thing that was a direct consequence of Covid. So, the contact tracing, and one was an indirect consequence of Covid, so the bigger influx of data due to more of us spending time online and interacting online and buying stuff online and just kind of these two playing together, both sides.

Prateek Dayal: That's right.

Tim Butara: You mentioned GDPR and CCPA in California and other local updates to privacy regulations. How do you think that relationships between brands and their customers will evolve as new and updated regulations continue to get rolled out?

Prateek Dayal: Yeah, that's right and you know, that's where the rubber really hits the road, because these brands and not just brands but also platforms, they have the customer relationship. So, they are the custodians, so the brands in that case are the custodians of customer data. They are the ones who are responsible for adhering to the various regulations as well, so they obviously play a very critical role. The way I see it is that there is a trust crisis. I mean for example, as a consumer, as an individual I read all this noise about data privacy and so on, so forth - who do I really go to? Who do I trust to make sure my data is being used in the correct manner? Is my brand, I mean the one, the entity I gave my data to or the platform as the case may be. 

So therefore, I think the owners own responsibility on brands has equally grown over time, as we were charting out the course of data privacy, because they are at the forefront as I said of making sure that they regain the trust of their customers, right, and also the fact that they are also at the forefront for ensuring that all the various regulatory requirements are met. So, in other words Tim I guess what I’m trying to say is, brands are in the hot seat in making sure how customer data is used and is protected and is processed.

Tim Butara: Yup, those are some very good points. It’s with the rise of privacy awareness and the rise of this trend that consumers are more aware of brands’ ethical and social responsibilities, and this pairs up to make them even more conscious of how the brands that they love, follow and interact with, how they treat privacy. And it can be a deal breaker. In this day and age with such a high focus on these things, for brand reputation, one small mishap - as we saw with Cambridge Analytica. The trust in Facebook, I think, really shook with that and that's when we started seeing things roll. It was only a few months after that the updates to GDPR were introduced and then things just snowballed after that with privacy basically.

Prateek Dayal: That's right, I mean it takes so much effort and years I guess to build trust to invest in your users and it can just go away just like that.

Tim Butara: Yeah, that was the best way of putting it. It takes years to do it but it takes a second to ruin it basically.

Prateek Dayal: That's right.

Tim Butara: So, with all that we've discussed so far in mind, how should digital transformation initiatives incorporate privacy as an essential element of their offering? What steps should businesses take as they digitalize more and more?

Prateek Dayal: Absolutely, and as I said, practitioners in digital transformation, right. Firstly, the awareness I see that this whole like managing the entire consumer data life cycle is a very core part of digital transformation. Firstly, that's something that you know needs to be on people's radars. And when I say data life cycle, right through from data collection to obtaining consent, to where it's kept, where it's housed, where it's stored, who it’s shared with, to what effect and all of that, the entire life cycle I see that as being a core capability that the digital transformation folks should be able to kind of own and to be able to outline, specifically within the steps. So, some of the things and there are many aspects to this right but I want to outline a few based on my experiences.

Firstly, how, for example if in the digital team, if you're on boarding vendors and there is some data exchange involved, the first piece here is to say, how, whenever the data leaves my organization, how is it being processed? I need to have full transparency of that, I want to have a data privacy assessment of my vendors, which needs to be a kind of checklist of all the things that they should be doing which would make me comfortable engage with them. I would also want to look at data processing agreements. So, literally the legalese around it with vendors and with my partners to say, what are the regulatory obligations? Who's responsible for what? And so on and so forth. So, that's the second piece, the legalese around my data privacy agreements with vendors and third parties.

Also the bit about scenario analysis, right, so, impact assessment when you're processing data. So stuff like for example a core part of the job I also feel Tim is volume and velocity of data, so we need to game a few scenarios whereas to say, suddenly there is an uptick in data processing volumes which is much more than what we forecasted initially, how are we going to deal with it? Where does it go? Do systems kind of fall over? If not, what is the backup? Because from a customer perspective, they are used to a seamless experience. So, what are those processes and capabilities in place that make sure that even in various scenarios with respect to volume and velocity of data, both internal and external, how do you ensure seamless smooth experience?

So, that's the kind of impact assessment part. Last but not the least, at all, is the bit about transparency and clarity. And what I mean by this is for example, constant management is obviously a very critical part of a brand or a platform's proposition. So therefore, do our consumers or do our users have a complete simple English understanding of what data is being collected, and what is it going to be used for, and if that is going to be shared onwards, who will it be shared with. So, it's the job of us in digital transformation to be able to ensure that these things are happening up to a standard that you know the regulators would be happy with and that we as brands owning a relationship with our users would be able to delight them in that experience. So, these are just some examples, but there are so many things, as I said, if you think about the data life cycle, that end-to-end digital transformation also captures.

Tim Butara: I’m really glad you brought up transparency and clarity because, this I think is one of the factors that I still see a lot of firms get wrong even with something as basic as the cookie consent banners on their website. Very often it's a trend that you're not really given the option to opt in or opt out, it's just auto opt-in with as little information as possible and I think that even something is as basic that as that should change even for industries and companies that don't necessarily make heavy use of the data that you give them or that collect huge amounts of data. But in a similar line, you mentioned the bigger volume of data now, but maybe on the other end of the spectrum, since we're also seeing a lot of tech innovation that's aiming to limit the reliance on cookies and stuff like that. How would you say that this will impact stuff and kind of how should brands go forward with what kind of data they collect and how much data they collect basically?

Prateek Dayal: Absolutely, you'd be aware, Tim, that the advertising industry is going through a seismic change as we speak, specifically with respect to the use of third-party cookies. So, you'd be aware that the biggest three browsers are phasing out third-party cookies, which as we discussed earlier, has become the default mechanism of tracking people's behavior online. And that has been phased out and will continue to be phased out and so on. So, basically you have a situation where the industry is basically thinking, what replaces the cookie? 

And so therefore, we're increasingly moving to a world where brands and platforms basically data owners will have to collaborate with each other, to be able to get a better understanding of their users, to be able to collaborate on data, build a more granular understanding of you as the user and so on and so forth, all the things that you used to be able to do. Which then comes to the question about, again, transparency - what is that technology that ensures that this data collaboration happens in a privacy compliant manner, in such that this data collaboration does not enable any entity to be able to take advantage of the data of the others. 

So therefore, some of the technology-- and then back to your point about, at the end of the day, the user needs to have complete transparency. So, some of the kind of technologies and these are some things that we are also building products on is stuff like for example data clean rooms, federated learning, where data owners, data belonging to two different owners is never centralized in one place. It continues to be located in their own respective servers and through federated learning technology you're able to for example create audiences and talk to these kinds of distributed databases.

So, that's one kind of technology that is on the rise. Blockchain is another one, you refer to blockchain. I think it's a very critical piece in delivering that transparency to the users because it's one thing taking consent from people, hopefully in simple English to say how your data is being used, but it's entirely another to actually give them evidence of the fact that, whether you used the data in that manner or not. That is not only transparency not just for users only, but also for regulators. So, blockchain, another to your point about emerging technologies, is yet another very good technology to record the customer life cycle. 

How exactly was customer data used, once consent was taken? This as I said is a very critical piece, I believe, in giving regulators, meeting your regulatory obligations and being able to give back to your users to say, ‘This is how I use your data and here is the evidence for this.’ So, federated learning, differential privacy and blockchain for transparency as you rightly said these are some specific examples of emerging technologies that solve for some of these issues in the advertising world at least when the cookie goes away.

Tim Butara: Yeah, because marketing and advertising are industries where trust between the customer and the brand or trust of customers in the brands that they support is really key and there has to be some extra steps they can keep taking here, and I really love the example of blockchain. I assume that this is also what Aqilliz brings to the table for your clients, so, kind of incorporating, implementing these blockchain solutions?

Prateek Dayal: That's right. There was a natural bias there, that's why I use that example as well. That's something that we do as well.

Tim Butara: Yes. Well, but it makes obvious sense, you are kind of representing Aqilliz here, so it makes the most sense that you would at least mention what and how you do and how you help your clients if it's relevant to what we're discussing today, right? And yeah, maybe to kind of change the topic a tiny bit but still stay close to it - so, one of the less often discussed consequences of Covid and the pandemic and this influx of digital usage is also the increased volume and efficiency of cyber-attacks. Are there any privacy-related steps that companies can take that will also boost their cyber security?

Prateek Dayal: True, and, as you rightly said, with more data points there are more data points to attack as you said. So, a very critical issue that you raise. I think some of the things again when you talk about cyber security, there’s a plethora of solutions here but some of the important ones that come to mind is for example, multi-factor authentication. That is something that I think most of us are dealing with as we work from home etc. So, to be able to identify yourself as an employee logging in to your company systems for example through your multi-factor authentication basically as opposed to single factor. So, that's, I see a lot of uptakes of that, stuff like for example virtual private networks, endpoint protection, cloud interfaces. Again I’m throwing a bit of a few kinds of jargon in here so apologies for that but, again a lot of these I see as being used not only by us for example as a company but in the clients we serve, so there's a lot of that.

It's also about system updates, so we as a company ensure that all our critical kind of systems are all up and running, there are frequent updates, there are backups. For example, if you're running a blockchain node servers running your nodes, they need to be up and running all the time etc. So, what is the kind of backup? How do you make sure that they are up and running all the time, and so on and so forth. So, that's very important.

Last but not the least I would say, Tim, is on this particular point, it's just education as well and I’m speaking from my experience. I used to hear the word cyber security, but not really know what it meant and it was really helpful to be educated on that, that your data, what it means to you. So, somebody could pose as being Prateek logging into the company system. So that's one example and this is how you prevent that. 

Similarly now from a you know employee perspective think about what cyber security could mean somebody could hack into your company system. So, therefore what is the resolution for that? So, I think it was just what I found was very helpful in people just setting out what cyber security meant and what it means to me in my daily kind of professional life and how can I play a part in preventing cyber security attacks?

Tim Butara: This last point is absolutely crucial, I think, Prateek. As with most initiatives and fields within digital transformation, getting your people on board is essential to success with anything basically, whether it be new ways of learning, a new technology, automation or in our case, privacy. It has to be done with the people in mind and it mustn't only be a technology change but it also has to be a kind of a mindset shift, in order to get people to really, as you said, to really see the potential consequences of not following these regulations and not only the consequences for them, but for the entire business basically.

Prateek Dayal: Absolutely, well said.

Tim Butara: Awesome, before we wrap up the call, do you maybe have any top words of advice for business owners and decision makers that maybe are having trouble implementing privacy, or maybe even more importantly, are having trouble achieving this shift in mindset on an organizational scale?

Prateek Dayal: What I would say is, the only advice I could offer is to keep a long-term view. I see a lot of knee jerk reaction, GDPR is here, what are we going to do? What does it mean? But I would urge most practitioners, people in the industry, to take a longer-term view and the reason why I say this is, for example, back to the industry that I am in, in advertising and in marketing, there are many things happening at the same time. For example, there is regulation, there are cookies, right, there is cyber security and there are other things. 

So, rather than us reacting to each of these individually, if I were to take a slightly longer term or medium-term view of my business, where do I want to be? Such that I am in a post-cookie world. Where do I want to be if I want to be regulatory compliant? And all this sort of stuff and therefore, what is the roadmap that will take me there? So, I guess in summary, Tim, it’s about just taking a longer-term macro view with everything, so many moving parts, and having a vision of where you want to move the business to with respect to data privacy and then work your way back in terms of how do I deliver each of these elements.

Tim Butara: Awesome, that's definitely a key point of advice and one I think that listeners will also greatly benefit from, thank you so much, Prateek. Before we wrap up the call, if our listeners want to reach out to you or learn even more about you, what's the best way for them to reach you?

Prateek Dayal: Simply, please reach out to me on LinkedIn, Prateek Dayal, you'll find me there. Yeah and if there's any small way in which I can be of any help, do feel free to reach out, more than happy to.

Tim Butara: Okay great, thank you so much Prateek for a very insightful conversation. I really enjoyed it. It's been a real pleasure talking to you today.

Prateek Dayal: Likewise, Tim. Thank you for having me.

Tim Butara: Well, to our listeners, that's all for this episode. Have a great day everyone and stay safe.

Outro:
Thanks for tuning in. If you'd like to check out other episodes, you can find all of them at agiledrop.com/podcast, as well as on all the most popular podcasting platforms.

Make sure to subscribe so you don't miss any new episodes, and don't forget to share the podcast with your friends and colleagues.