Why We Built Sense360 & Our Approach To Privacy — Eli Portnoy — Medium
Why We Built Sense360 & Our Approach To Privacy
Amazon versus the world.
In 2009, I joined Amazon as a Product Manager. It was obvious almost 10 years ago that Amazon was going to annihilate every business in its path. They understood technology, they had a brilliant strategist leading them in Jeff Bezos, but above all else, they had data. Tons and tons of data which allowed them to surface the right product, at the right price, to the right person in a way that no one else could. Consumers loved the convenience, selection, and price that resulted and a perpetual cycle was set in motion that has continued to speed up and become more powerful.
With the rise of Amazon came the fall of traditional retail. Retailers could not keep up with the personalization, selection, or price and they started to feel the Amazon effect quickly. It started with weakened financials, which eventually led to layoffs, and ultimately to bankruptcies.
The Beginnings of Sense360
It was with this backdrop that my co-founder and I started Sense360. We didn’t know exactly what we were going to build, but through iteration, a few hard pivots, and a lot of introspection, we realized that if traditional retail was going to survive it needed to better serve their customers. Retailers and restaurants needed access to the same level of data that Amazon was using to crush them. In other words, retailers (and soon everyone else) desperately needed data to help them build better experiences for their customers.
So we started working on a product to solve this for retailers. Our hypothesis was that if we could anonymize, aggregate, and combine multiple datasets, including location data and survey data, we’d be able to level the playing field for restaurants and retailers and give them access to high-level insights that would help drive their strategies and help them better cater to their consumers.
Privacy Principles & Commitment
The first decision we made on day one of this journey was a commitment that privacy had to be core to our mission. We wanted to build a data business that helped retailers and restaurants better serve consumers, but one that was built on a humane approach to privacy deeply weaved into the very fabric of our DNA, our product, and our approach. To that end, we started by asking ourselves (and many others) what made us comfortable and uncomfortable about data and privacy and used that to cement our approach to privacy.
Our Approach To Privacy
Anonymity: The first thing we heard was that people strongly prefer that their data be anonymous. They do not like the idea of someone, somewhere, being able to know who they are and what they are doing. This was table stakes for us and we designed our system so that the data we collected was linked to a device and not an identified person, but we’ve gone much further than just avoiding collection of personally identifiable information like names and email addresses. We identified several pieces of data that, while not PII, could be used to reverse-engineer who the person is, and we took protective measures to protect them. As an example, if someone collects location 24/7, it wouldn’t be too hard to figure out where a person lives and then they could figure out who the person is. So we built an algorithm that figures out where home is, which is then stored on the user’s device (not in our servers or systems), and automatically scrambles visits that are within a 1,000 foot by 1,000-foot box (think several city blocks) around the person’s home. But we didn’t just center the box on the person’s home, because then every home address could be deduced simply by looking at the center of the box. Instead, our software places it over a randomly selected off-center area that includes the home.
Sensitivity: The second thing that became evident is that there are some places that people feel are safe and public and okay to share, but others that they feel are private. We built our system so that we ignore records of visits to over 550 categories of places; think places of worship, lawyers’ offices, medical facilities. If we recognize that someone goes to one of these categories, we just classify the visit as “personal” and irrelevant, and we don’t store any inference about the specific category or type of location where the person went.
Consent: We also realized that people want to control when and if they share their data. iOS and Android have done a really great job of ensuring that consent is collected at the system level. If an app wants to collect location data on Android, a pop-up appears that consumers have to actively agree to before the app can collect data. On iOS there is a pop-up with the option not to share location data, to share it while the app is in use, or to share it continuously (“always on”). Apple then pushes a second pop-up two days after a user consents to “always on” location asking them if they meant to accept that permission. This ensures that consumers are aware and consenting to the collection of their location data. If a user does not provide that consent, we will not collect any data. What’s more, we ask all of our apps to ensure that in their privacy policy they explicitly call out that they share the location data (and we actually audit all of their privacy policies).
Value Exchange: Consumers want to benefit when sharing data. In many cases, our app partners are using our technology to power core parts of their functionality. Examples of this include survey apps that use our SDK to power unique and engaging surveys and couponing apps that use our aggregated and anonymous metrics to serve their users more relevant content and coupons. More generally, people want to use free apps and they want fewer ads, we help app developers make money so their apps can be free and the experience less obtrusive.
Use Case: We also realized that there are uses of data that people tend to be comfortable with and uses that they are not. As an example, if the data is anonymized and aggregated and used for broad trends and research many people are comfortable. However, we were less comfortable with other uses of data that targeted individual people specifically or when used to make specific decisions about them. So we made a very concrete decision that we would never sell individual-level data, and the only use case we would support was market research (focusing on broad, anonymized trends).
In some cases, we provide an additional service to help a customer understand data collected through the customer’s own app about the customer’s own users (such as help interpreting the user-specific location data collected through the customer’s app).
Other Things We Do
We also recognize that there are regulatory elements to privacy and have asked our privacy law-firm to do annual reviews of our privacy and security practices.
We use state of the art encryption and security practices.
We also make sure everyone on our team understands the importance of privacy and that privacy has a voice in every decision we make. We conduct a privacy session with every new employee that joins. Every employee also signs a privacy pledge where they agree to abide by our privacy tenets and to be respectful of the data.
For a deeper and more technical read on our approach to privacy, please see here. You can also read our privacy policy here.
On The Horizon
But there is always more that we can do and we recognize that. Over the last several months, we have been working with our app partners to introduce an additional layer of consent so that, when it is deployed, consumers will specifically opt-in to share their location data with us and specifically for market research. We are making headway and have aggressive internal goals to get there as soon as we possibly can.
We are also designing additional functionality and reward systems to create additional value-exchange with users who opt-in. We are very excited about both of these initiatives and the progress we are making.
Conclusion
We started this company because we passionately believe that retailers and restaurants need to better cater to their consumers in order to stay relevant, and the only way they can do that is with aggregated and anonymized data similar to what companies like Amazon already use.
We equally passionately believe that the only way to build a data business is to put privacy first and we have embedded privacy into every decision, every product, and every corner of our existence. But much like building a startup is a constant process of getting feedback, incorporating it, and improving, we will continue to do the same across both our product and our approach to privacy.
Originally published at medium.com on September 21, 2018.