The tug between protecting privacy and building brand loyalty

The coronavirus pandemic has put much of normal life on hold, but it hasn’t stopped hackers. According to, in the first quarter of 2020, more than 8.4 billion records from healthcare institutions, technology, software, social media and meal delivery companies were exposed — a 273 percent increase from Q1 2019.

While data breaches are costly to companies — a recent Ponemon Institute data breach report found that data breaches cost organizations an average of $7 million in the U.S. — their frequency is enough to cause some consumers to wonder if their private information is safe with their favorite brands.

Jesse Bockstedt, associate professor of information systems &  operations management
Jesse Bockstedt, associate professor of information systems & operations management

The increase in data breaches is concerning, noted Jesse Bockstedt, associate professor of information systems & operations management, but several studies have found that the out-of-pocket expense to consumers due to identity theft is less than $1,000. “Which isn’t zero, but it’s not like a few years ago when [identity theft] ruined your life and destroyed your credit,” Bockstedt said. As for the companies, he added, “It’s not a brand killer anymore.”

Yet despite consumers’ growing unease, Goizueta faculty say the relationship between privacy and brand loyalty is a bit more intricate. While a data breach can nick a firm’s reputation, it’s the data that is purposely collected beyond the name and vital statistics that worry consumers more.

Building digital trust

Indeed, data privacy appears to be more of a concern to consumers when it comes to the digital trail users leave as they use search engines, apps and social media. Users often agree to fork over data willingly (providing a genomics company with one’s DNA), but more often, user data is captured by the platforms consumers use as they navigate the internet. These platforms then use that data to pepper users with targeted ads. While those products may be “free,” users fork over their data to use them.

Some users don’t seem to care that companies are capturing their data. Known as “the privacy paradox,” consumers profess to worry about their privacy, but their actions indicate the opposite. They click through “Terms of Service” agreements without a glance, sign up for sketchy services and “do all sorts of things that put their privacy at risk,” said Bockstedt.

That said, there are indications that the privacy paradox is waning. A recent Cisco Cybersecurity Series study illustrated that a growing number of consumers closely associate a company’s privacy practices with the company’s brand. As more consumers become aware of their rights around privacy, the study indicates that users will choose to interact almost exclusively with organizations they trust with their data.

Daniel McCarthy
Daniel McCarthy, assistant professor of marketing

“Companies are increasingly worried that people will buy less from their brand if they’re perceived to be fast and loose with customer data,” said Daniel McCarthy, assistant professor of marketing.

For instance, after political data-analytics firm Cambridge Analytica secretly collected data on roughly 87 million Facebook users, back-lash followed. In an effort to regain users’ trust, Facebook founder and CEO Mark Zuckerberg laid out a “privacy-focused vision” for Facebook, but those efforts were widely criticized as not going far enough. Advertising boycotts followed.

In January 2019, Google was fined $57 million for violating terms of the General Data Protection Regulation (GDPR), the European Union’s (EU) digital privacy legislation. The technology company was docked for illegally obtaining data from Android users in an effort to target them with ads. The GDPR, which took effect in 2015, gives EU citizens greater control over their personal data and requires organizations to gather data legally and to protect it from misuse. In the U.S., citizens of California, which passed the California Consumer Privacy Act (CCPA) in 2018, are protected under a similar mandate.

Trust: the key to customer loyalty

Jagdish Sheth
Jagdish Sheth, the Charles H. Kellstadt Chair in Marketing

Minus regulatory guardrails, the differentiating factor is trust, explained Jagdish Sheth, the Charles H. Kellstadt Chair in Marketing. “Trust is built over time by doing what you promise to do and by company behavior that is considered appropriate or right,” Sheth said. Loyalty programs such as those with airlines, hospitality companies and grocery stores are founded on a relationship between a consumer and a brand. “Loyalty programs mean relationships, and in all relationships, trust and commitment are key,” he added.

When consumers engage with a brand through a loyalty program, they enter into an explicit agreement that ties their ability to earn rewards with the surrender of personal information. But Sheth notes that companies don’t have to offer perks to garner loyalty. They can do so by giving back to society at large. The 2020 BrandZ “Top 100 Most Valuable Global Brands” report showed that almost 9 percent of a brand’s equity is linked to corporate reputation.

“The more you show to the customer that you give back and are a good citizen — that you are giving back rather than just bettering yourself — the greater the loyalty,” said Sheth.

Let’s make a deal

For some firms, being forthright is another way to garner trust. For instance, in exchange for consumer information, Nike offers its 140 million NikePlus “members” perks like early access to new products and free shipping. In exchange, those “members” hand over data to Nike. “If I want to make the landing page at better — more appealing to you, specifically, I need to know what your preferences are. The only way I’m going to be able to do that is by using your data — by having your data speak to me,” explained McCarthy.

David Schweidel, professor of marketing
David Schweidel, professor of marketing

“Brands that are able to deliver a personalized experience in a privacy-friendly manner will have a competitive advantage,” explained David Schweidel, professor of marketing, in a recent “Goizueta Effect” podcast. “Putting a premium on privacy means forgoing the benefits that come from allowing organizations to collect data they use to deliver a better experience. From a commercial standpoint, the onus is on the marketers to make the case that the benefits outweigh privacy concerns.”

Privacy as a perk

Some companies sacrifice a personalized experience in an effort to provide customers with privacy. Internet search engine DuckDuckGo offers users search capabilities without tracking where they go. “At DuckDuckGo, we don’t think the internet should feel so creepy,” states the company on its About page.

One of Apple’s core values is privacy, and the technology company designs its devices with that in mind. However, not collecting user data has a trade-off. “They’ve done an extremely good job at making products people love, but those products aren’t tailored to individual users,” said McCarthy. “Apple isn’t very good at personalization.”

Simplify Terms of Service

Of the respondents in the Cisco study, of customers who had switched companies or providers over questionable data policies, 90 percent said they believe “how their data is treated is indicative of the way they will treat me as a customer.”

Yet in the same study, nearly 75 percent of respondents agreed to the statement, “It’s too hard to figure out what companies are doing with my data.” Schweidel suggests companies could make things easier by simplifying their “Terms of Service” agreement. Show users “on a single screen what data they’re going to collect and how it will be used,” he said.

Where do we go from here?

Indeed Sheth sees the debate as whether privacy is regarded as a right or a privilege. In Europe, privacy is considered a right. In the U.S., it’s generally viewed as a privilege. He believes the U.S. will take its cues from Europe. “If you make the point that the customer owns the data and not the company, that changes everything,” he said.
Ultimately, Sheth is encouraged by the actions taken by Europe’s General Data Protection Regulation. “It’s a social contract,” he said. Sheth would like to believe we’re due for an increase in “conscious capitalism,” he added. “Where making money in any way is not acceptable.”