Data Ethics, Ownership and Privacy: The Hidden Social Contract

Consumer data is highly sought after by companies and many businesses are willing to spend a pretty penny on this consumer information. In fact, more data for marketers means better insights to target users with their advertising. As a result, U.S. digital ad spending reached $190.43 billion in 2021, which was a 14.3% jump from the year prior when spending only reached $165.81 billion. By 2022, U.S. digital ad spending is expected to grow another 19.7% and surpass the $200 billion spending mark for the first time ever.(1) And these advertising investments seem to be paying off: 56% of global consumers are more influenced by images on social media when making purchases post-pandemic.(2) But there is just one problem: So many consumers believe that they own their own personal data, and concerns over violation of privacy rights run amuck.

“There are all these ‘you own your information’ movements being pushed out there, and it’s a very righteous concept, but it’s wrong. You do not actually own your own data. However, that’s not all-encompassing; you have some rights to certain data, but it doesn’t supersede other peoples’ rights,” says Sky Cassidy, CEO of Mountaintop Data.

Marketers can own data about other people, and use it for advertising purposes, but there are limits to what can be used and how. Cassidy explains that to successfully compete in today’s marketplace, it’s wise to only gather and use only the necessary information you need to provide the best service to the consumer. A recent survey of North American consumers from McKinsey found that approximately half of the consumer surveyed said they are more likely to trust a company that requests only the information that is relevant to the products they are selling, or that limits the amount of personal information they require.(3) One reason to limit the amount of information gathered from customers is to avoid violating their privacy, Cassidy gives a fairly well-known example which involves the retail store Target. In 2012, the New York Times spoke with Target statistician Andrew Pole, about how he used the company’s computers to analyze data that assigned a “pregnancy prediction” score estimating which stage the customer was at in their pregnancy based on recent purchasing habits. In the article, an anecdotal story was shared to show how the targeting had gotten too accurate at one point: The store allegedly sent coupons for baby clothes to a pregnant teenager, and that’s how her father became aware of her pregnancy.(4)

Cassidy touches on the fact that some businesses are allowed to have information, but laws prohibit them from sharing it. For example, what you share with your doctor or therapist should remain confidential under HIPPA laws. Your doctor cannot share that you are diabetic with anyone, but if you subscribe to a magazine for diabetics, marketers can use that information to target you in their advertising. But when it comes to data ethics, the biggest breach of all is when someone takes your personal data and uses it for their own financial gain.

Many consumers owe their confusion over data ownership to differing state and national laws, such as HIPPA. The United States does not have a single data security and privacy law covering all of its different states like the General Data Protection Regulation (GDPR) in the European Union (EU). This simplifies privacy laws for businesses that operate under it, since they have one definition of personal data and one set of rules regarding privacy, how to respond to data breaches, etc.(4)

However, the U.S. could be headed toward a national law similar to GDPR. Cassidy states that he doesn’t like GDPR as a law in particular as it removes the capability of marketers to have an opt-out list, so the default setting for everyone is that no one can have, or use, their information. He does agree with the law California has passed that incorporates similar concepts—the California Consumer Privacy Act (CCPA). “People do not have the right to tell someone to forget you. It’s anticapitalistic and it makes things incredibly difficult.”

The CCPA, however, has more of a balance according to Cassidy. It gives people the choice to opt-out of the solicitation of certain products or services, but it is not the “default” setting. They will be on a marketer’s list, but they can easily remove themselves. Besides California, Virginia and Colorado are the only other states in the U.S. that currently have comprehensive data privacy laws. Though the laws vary slightly between the three states, the basic idea is that businesses must inform consumers they are selling their data. Consumers have control over whether their personal data is to be deleted or moved. Consumers get to decide whether or not they are okay with this, and they also have the power to access, delete, correct or move their data. There are laws in other states that cover individual aspects of data privacy, such as the Illinois Biometric Information Privacy Act (BIPA), but there is concern over the risk of too many state laws causing confusion for both businesses and consumers.(5)

This conundrum begs the question of how businesses can ensure the data they purchase is within the law and being used ethically. Cassidy advises companies to talk to multiple data providers, and thoroughly vet them all by asking questions that will give insight into their legitimacy. “The simplest way to do it is ask [the data provider] if their emails are opt in. If they say yes, run!” warns Cassidy, explaining that “a lot of companies want to say that their emails are opt in because they know people want to hear it.” Additionally, Cassidy recommends companies prepare to interview potential data providers by putting together a list of revealing questions (such as requesting a sample, which disreputable companies will object to doing, or they will send documents that you did not request). Using a list of questions such as Ten Questions to Ask a List Vendor will effectively vet these troublemakers.

“When people give their information to a particular business for a specific purpose, it should be used only for that purpose. If a business doesn’t stick to this, they're violating their agreement with whomever gave them the information,” states Cassidy.

About MountainTop Data
MountainTop Data, headquartered in Los Angeles, CA, has been providing data services for B2B marketing for almost two decades. With an unrelenting commitment to quality, they were the first company to guarantee the accuracy of their licensed data and business emails.  They provide marketing lists, data cleaning, data appending and data maintenance services. Their data services have been used by some of the world’s biggest brands across a multitude of various industries from multi-national telecommunication companies to office technology, to PR firms and more. For more information visit:

1. MacRae, Duncan. “US Digital Ad Spending to Pass $200bn Mark by 2022.” Marketing Tech, September 13 2021.

2. Hillier, Lizzy. “Stats Roundup: The Impact of COVID-19 on Ecommerce.” Econsultancy, October 22 2021.

3. Anant, Venky. Donchak, Lisa. Kaplan, James. Soller, Henning. “The Consumer Data Opportunity and the Privacy Imperative.” McKinsey & Company, April 27 2020.

4. Hill, Kashmir. “How Target Figured Out a Teen Girl Was Pregnant Before Her Father Did.” Forbes, February 16, 2012.

5. Faitelson, Yaki. “Why U.S. GDPR-Style Privacy Laws are Good for Business.” Forbes, December 19 2019.

6. Klosowski, Thorin. “The State of Consumer Data Privacy Laws in the U.S. (And Why it Matters)”. New York Times, September 6, 2021.


Follow Us

Subscribe to Our Newsletter

What's Next, Updates & Editorial Picks In Your Inbox

Related Articles

© 2017-2021 Advisors Magazine. All Rights Reserved.Design & Development by The Web Empire