Privacy Policies: a key prerequisite for data monetization in the telecommunications industry

Data monetization has long been a business that companies like Google, Facebook dominated (or even “owned”). From the perspective of a telecommunications provider (“telco”), this was (and still is) a frustrating situation: Telcos provide connectivity and mutual access, they have excellent relations with their customers and know them much better than a simple search engine or chat-tool. Unfortunately, telcos, especially European telcos, do not play a relevant role in the (personal) data-driven business today. The “OTTs” (“Over The Top” services) have almost completely occupied this market, only slightly restricted or regulated by legal frameworks such as the GDPR. This ensured the excellent reputation of telcos as “privacy-preserving” companies. People trust their telco provider more than their bank or their social network.

Telcos thus face the challenge of maintaining the trust of their customers while withstanding the economic pressure of the market. Usually, telcos are conservative in the best sense of the word (they preserve their customers’ assets).

But from time to time, opportunities arise that can potentially change the market: The applicability of the GDPR was one of those rare events (May 2018, 4 years ago). A project related to TRAPEZE (SPECIAL), laid the basis for privacy policies, and a very active W3C working group (DPV WG) outlined formal and theoretical foundations for defining rules for the use of personal data. TRAPEZE builds on this foundation. So does Deutsche Telekom.

Now, another event is on the horizon: Tracking Cookies on websites will be abandoned (or banned). The concept of “asking” the user for consent via cookie banners is both impractical and, in most cases, illegal. Therefore everyone is looking for alternatives to the creation of user profiles and (even more urgently) to the legal use and sharing of these profiles.

The industry needs alternatives, and the people (users, customers, citizens, etc.) demand more control, more privacy and even more and better services. Google is working on “Topics” and some telcos are exploring “TrustPID“. All these approaches start with the business/monetization perspective and try to ease concerns later or separately.

With Privacy Policies formulated in an open, standardized language, the industry can go the other way:first formulate the rules and restrictions and leave the control and transparency with the user. Then personal data can be monetized accordingly and the user asked for further consent if needed. It is expected that a language and platform like the one developed by TRAPEZE (and SPECIAL), will cover all needs and tools for “consent management” and “data sharing”. Cookies will be obsolete, user-centric rules like policies are the best candidates to preserve privacy and enable data driven business models even beyond the current “OTT” business.

By Martin Kurze