Data Companies - Overview

Part
01
of one
Part
01

Data Companies - Overview

Experts identify the top three business models adopted by data companies to be Data as a Service (DaaS), Information as a Service (IaaS) and Data Facilitators/Data Analytics. US data companies that profit from selling consumer data are Acxiom, Experian, Equifax, and Oracle. Descriptions of these business models, top companies, and an overview of the UK's GDPR are detailed below.

Business Models Adopted By Data Companies

Data As A Service

Sort of Data Collection

  • This model aggregates data from "the company's own customers or from outside sources (key partners)". It is stated that the key activities "to create, market, and sell a viable proposition is relatively low-cost", however, activities that build trust among all customers such as stripping personal information from the data are the most important and expensive.
  • Once data has been collected and processed/cleaned up, the rest of this business model is about ensuring the customers are able to access and use the data to enhance their value propositions.

How They Profit

Examples of Entities That Utilize The Model

Information as a Service (IaaS)

  • This model focuses on turning data into information and the key activities include analysis, data visualization, and research that enhances the analysis of data.

Sort of Data Collection

How They Profit

  • These companies profit from collecting, aggregating, and turning data into useful and valuable information for other companies to use. The profit comes from the sale of the information like the company HERE that collects, aggregates, and cleans data that is then used to create "stylized, visual maps (i.e. information) that are sold to customers.
  • IaaS customers need information that is more tailored and they are willing to pay more for it.
  • These companies' revenue streams come from subscriptions, usage fees and advertising.

Examples of Entities That Utilize The Model

Data Facilitators (Tools and Analytics)

Sort of Data Collection

  • Data facilitators gather data from the companies they are consulting with. The types of data they gather is that which is beneficial to the business which can range from product usage, interests and preferences, or even internet activities.

How They Profit

Examples of Entities That Utilize The Model

  • An example of an entity using this model is Experian which uses massive data sets to provide consumer credit scoring. CBIG Consulting is another example and it provides "business intelligence, big data analytics, and data warehouse consulting services, and many more".
  • IPONWEB, Google Cloud, AWS are given as examples of data tools.

TOP COMPANIES

Acxiom

How They Use Data

  • Acxiom began as a company that collected data for use in local politics. After it partnered with banks and retailers during the 1980s, it became a world leader in direct marketing and marketing data-broking. The company is credited with pioneering the "business model of collecting data on people, segmenting them and selling it to other businesses to use in their marketing".
  • The company has become a multi-billion dollar company by selling personal data.

Unique Value Proposition

Experian and Equifax

  • Experian and Equifax are credit monitoring companies that have gathered information on virtually every person in the US, and is constantly collecting more personal data from banks, mortgage companies, and retailers. These companies are identified by industry experts and market analysis to be top data brokers by revenue and the amount of data they process.

How They Use Data

  • Each of the agencies are stated to have separate divisions that "packages that personal information and sells or licenses it to other companies for targeted advertising and marketing".
  • Experian began as a US credit reference agency and then was acquired in 1996 by a UK direct marketing firm, GUS. The group combined credit scoring with the marketing database, and the expertise of the two companies lent to offering services to multiple industries and direct selling to consumers.
  • Equifax started as with credit references as its core business and providing data to insurance companies as a way to assess risk. Today it is estimated they hold data on 800 million people around the world and had revenues of $3.1 billion in 2016.

Unique Value Proposition

  • The unique value proposition of these companies is that they have information about every person in the US, and that information is constantly updated due to the collection of more personal data from banks and retailers.

Oracle

How They Use Data

Unique Value Proposition

Overview and Mandates of UK General Data Protection Regulation (GDPR)

  • The regulation is said to have "introduced big changes" while building on previous data protection principles. It is described as being the "world's strongest set of data protection rules" that places limits on what businesses and organizations can do with personal data. This has also led to the creation of the Data Protection Act of 2018 that replaced the previous one from 1998.
  • The GDPR is regarded as a "progressive approach" to how personal data should be handled and is compared to California's subsequent California Consumer Privacy Act. Even "pseudonymised data" can still be considered as personal data, and under GDPR individuals, organizations or businesses that are considered controllers or processors are covered with the law, however, controllers have stricter regulations as they dictate and instruct the processors.
  • The seven key principles of GDPR are designed to handle how individuals' data is handled and are as follows: "lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality (security); and accountability". Accountability is said to be new to data protection rules.
  • Accountability was added to make sure companies can prove that they are working to comply with the regulation's other principles.
  • Individual rights under GDPR include: "the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and also rights around automated decision-making and profiling".
  • Subject Access Requests can by filed by individuals that want to know what a company or organization has gathered on them, and requests must be granted within one month. This has been used and in one instance, Tinder had to send an individual 800 pages of information regarding their personal use of the app including education details, the age and rank of people they were interested in, and the locations of every match.
  • The biggest element of the GDPR is the ability of regulators to enforce huge fines on businesses that don't comply. If a data protection officer is required and the business does not have one then it will be fined, and fines also for any breaches. The monetary penalties are decided by the ICO and rerouted back to the Treasury. Small offenses can result in fines of "€10 million or two per cent of a firm's global turnover (whichever is greater)".
  • The biggest fine to date was against Google when the French National Data Protection Commission (CNIL) fined it €50 million (£43m) for not providing enough information about how it uses its data and not obtaining proper consent for processing user data.

Effects on Different Demographics

  • GDPR provides greater protections for some special categories such as personal data that includes information related to "racial or ethic origin, political opinions, religious beliefs, membership of trade unions, genetic and biometric data, health information and data around a person's sex life or orientation".
  • GDPR also applies to businesses that operate outside of the EU so long as the business operates in the EU.
  • Children are slated to need particular attention with regard to protecting and processing personal data as they are less aware of the risks. There needs to be a lawful basis for processing children's personal data, and while consent is not the only possible basis for processing sometimes an alternative is considered more appropriate and provides better protection for children.
  • Only children over the age of 13 are allowed to give consent for online and direct services that entail processing of personal data, and any child under this age is required to have parental consent unless the service is preventative or a counseling service.
  • Children have specific protections when their data is used for marketing purposes or creating user profiles. Businesses should have clear privacy notices for children so they can understand their rights as they have the same rights as adults over their personal data including the rights to "access their personal data; request rectification; object to processing and have their personal data erased".
  • The basis for processing children's personal data are making sure they understand what they are consenting to, the child's competence is considered, and businesses take responsibility for identifying the risks and consequences and enforce age-appropriate safeguards.

Sources
Sources