The IABC Trends Watch Task Force identified and researched six key trends shaping communications in 2021 and beyond. This article presents research about ethics, privacy and the risks and rewards of the Internet of Behaviors. Read on to understand why this trend is relevant to IABC members, and look forward to the full publication of the 2021 Trend Report, coming soon.
Definition of the Trend and Its Context
Lines have blurred between physical and digital. The Internet of Things (IoT) — the vast array of physical objects connected to the internet — is now extending to human behavior and physiology with the Internet of Behaviors (IoB) — the online monitoring, tracking and analysis of our everyday actions and biology.
The IoB includes data not just from your online behaviors, such as your social media activity, but activity across your devices, including:
- Connected home devices (Ring/Nest cameras, smart locks, etc.)
- Wearables (Apple Watch, etc.)
- Smart vehicles
- Voice assistants
By connecting behavioral science with the “digital dust” of our lives, organizations can strategically target their marketing and communications efforts to better understand, predict and ultimately influence our behavior. This has immense commercial, political and societal implications — both good and bad. Communicators must balance the risks and the rewards, ensuring that the creep factor and cybersecurity concerns do not outweigh the commercial benefits of IoB applications.
Potential Impact and Scope (Based on Scenarios)
The IoB is the Holy Grail of personalized one-to-one marketing. It combines online and offline data with behavioral science, using detailed data profiling to influence behavior. For instance, a coffee chain might use facial recognition software tied to its security cameras to track a customer across locations, match faces to transactions and use behavioral data to geo-fence relevant marketing offers.
Companies might track employee compliance with standards, such as wearing a mask, by using facial recognition to identify non-compliance. Governments could use this data to track citizens and monitor IoB data for signs of undesirable behavior, such as terrorism or organizing political protests.
“The IoT itself isn’t inherently problematic; a lot of people like having their devices synced and get benefits and convenience from this setup. Instead, the concern is how we gather, navigate and use the data, particularly at scale. And we’re starting to understand this problem.” —Chrissy Kidd, technology researcher and author
The IoB raises questions of data ownership, personal privacy and data security. These datasets can be combined across intermediaries, with third parties buying and selling aggregated data to give companies ever-more granular insights about individual consumers. There are also ethical concerns related to the tracking of individuals and then aggregating this data into an actionable format to influence behavior.
- Scenario One: Violation of privacy laws
- Your organization has been using IoB data in ways that violate local privacy laws.
- It is subject to fines and penalties, as well as the labor cost and reputational damage resulting from these violations.
- Scenario Two: Hackers breach your firewall and steal user or customer profiles that aggregate IoB data
- Detailed personal information is now in the public domain.
- Your organization is at risk of being sued by individuals, as well as facing government fines.
- Scenario Three: Compliance with user opt-out requests
- Your organization must comply with local privacy regulations, which may vary widely across regions. It must conduct rigorous data mapping to assess what data it stores about what clients, customers or users, and it must comply with laws concerning where and how this data is stored.
- Only then can it be certain it is deleting data as requested by users and avoid fines for non-compliance.
- Scenario Four: Your organization faces a backlash for its monitoring of employee behavior
- Your organization may be complying with the law but still behaving unethically in the eyes of its stakeholders, both internal and external. In 2020, Barclays Bank faced repercussions when it attempted to introduce a system that tracked the time employees spent at their desks and sent warnings to those spending too long on breaks.
- Your organization’s use of data is legal but destroys trust and threatens to damage vital stakeholder relationships.
- Scenario Five: The personalization of your products or services goes too far and is seen as creepy and intrusive.
- Personalization makes products and services more attractive, deepening our loyalty and allegiance. But personalization can go too far. The U.S. retailer Target discovered this when it identified 25 products that, when bought in combination, culminated in a “pregnancy prediction” score. Customers rightly complained when they realized Target knew about their pregnancies before they did.
- Your organization needs to consider the limits of personalization. You must not only comply with the law, but also ensure your collation and use of data is seen as ethical and moral in the eyes of your customers and the public.
Communicators as the Ultimate Integrators of the Human Experience
Read about how communicators are the drivers of integrating the human experience, another trend identified by the IABC Trends Watch Task Force
Who Will Be Most Directly Impacted?
Networked devices now outnumber people, says McKinsey. From smartphones to smart speakers, voice assistants and security cameras, that adds up to over 30 billion connected devices worldwide.
These devices, equipped with sensors and automatic-activation functions, are set to pervade all areas of our lives — constantly transferring huge volumes of personal data to organizations for real-time analysis.
These devices are reaching into every aspect of our lives. By 2023, Gartner predicts individual activities of 40% of the global population — three billion people — will be tracked digitally in order to influence human behavior. It is becoming impossible to escape the ever-present eye of these connecting devices that can record our every action.
With all of these devices tracking us, and artificial intelligence making data analysis faster and more precise, the IoB has significant implications for business and society more generally, which are philosophical and ethical, as well as legislative. As Chief of Research and Gartner Fellow Daryl Plummer observes, the existence of these devices — and how their data exhaust is being used by governments and corporations requires rethinking our existing frameworks:
“With IoB, value judgments are applied to behavioral events to create a desired state of behavior. Over the long term, it is likely that almost everyone living in a modern society will be exposed to some form of IoB that melds with cultural and legal norms of our existing pre-digital societies.”
Why Is the Trend Relevant to IABC Members?
The IoB has significant implications for communicators. First, the upside: Marketers have long known the personalization of products and services drives customer acquisition and retention. The IoB allows us to personalize in more profound and fundamental ways.
However, falling foul of regulators or misjudging public opinion could result in significant financial penalties and, even more damaging, a loss of trust and mass rejection from consumers who feel their privacy has been violated.
Few companies are asking themselves whether they are handling personal data in a moral and ethical manner. It is time they did. Share prices, earnings — the very survival of organizations — will rest on how they choose to collect, handle and use the “digital dust” of our lives.
Organizations that use connected devices and data are especially at risk, as these devices are uniquely vulnerable to attack. Often, IoT devices have limited security protections, use easy-to-guess factory passwords and are infrequently updated.
And it is not just access to the devices themselves that poses a problem; it is what hackers can do with the information once they have it. Hackers can use these personalized data points to develop sophisticated phishing attacks where they impersonate colleagues, friends and other known associates. The IoB is the tip of the spear, helping hackers phish more frequently and effectively.
There is also growing concern surrounding privacy and security. This is reflected in increased legislation, such as the General Data Protection Regulation (GDPR) in Europe, Lei Geral de Proteção de Dados (LGPD) in Brazil (their answer to GDPR) and, more recently in the U.S., the Internet of Things Cybersecurity Improvement Act of 2020. The intense scrutiny around privacy will only grow in the coming years.
Communication professionals must understand the risks and rewards of holistic tracking technologies, both to minimize exposure to bad publicity and maximize the positive impact on business objectives. We must prepare for a range of scenarios and assess how exposed our clients are, or our organization is, to potential pitfalls of the IoB.
What Do IABC Members Need to Know and Do by Audience?
Connected devices offer more and more digital “breadcrumbs” from our customers and users' lives to collate and analyze. As a result, communication teams must have a clear risk management strategy and playbook defining the role, responsibilities and response of key players in different scenarios (see above).
In the event of a data breach that exposes IoB data, communicators need a crisis communications game plan. Since this data is often more personal in nature, breaches have greater reputational risks that could lead to long-term brand damage.
The IoB raises a number of significant issues and actions for all our audiences:
Employees are your front line. These are the people who make the most impactful decisions about how technology is used, which security practices are followed and the overall culture that amplifies the rewards of IoB while minimizing its risks. The right culture is your best defense.
- Internal communications professionals need to ask themselves: “What is our current strategy concerning the monitoring and surveillance of employees and how is the organization planning to screen employees in the future?” For example, most office workers know, on some level, their work emails and messages are not private. But they may not realize the extent to which their communications are being analyzed for signs of happiness and satisfaction.
- Identify what your workforce considers to be an acceptable level of data collection and surveillance.
- Consider how transparent your organization should be around the collection, storage and use of this data.
- As brand ambassadors, your employees will have views on how your organization uses its customer data. Consider your messaging to employees on your organization’s guiding principles surrounding data collection and usage.
- Training may be required to ensure internal communication teams understand the risks:
- Training is especially important for those communicators who are designated subject matter experts.
- You may need to create an incentivized environment for calling attention to potential security issues before they escalate.
- You will need to work alongside external communication colleagues to create an agreed crisis communications playbook.
- Fire drills may be needed to train communicators on what needs to happen in the event of an issue.
Customers and Clients
As we have seen with the SolarWinds cybersecurity breach, it is critical to understand the risk profile not just of your own organization but those of your customers and clients. In an interconnected system such as ours, each node takes on the risk profiles of the nodes in its network. The weakest link is your greatest risk.
- External communication teams need to be aware of how their organization currently gathers and monitors information about customers, clients or users. They need to understand what customers believe is a fair exchange for their personal data.
- They need to proactively plan for a possible data breach:
- Prepare relevant messaging in advance so it is approved and ready to be published quickly in the event of an issue.
- Stay ahead of the conversation by developing security and data privacy threads in your communications strategy across content, PR and social media.
- Provide customer service training as appropriate to build trust and develop stronger collaborative relationships with customers.
- Drive awareness around the priorities of your customers so you ensure complete alignment between your internal organization and customer expectations.
- This includes understanding expectations for cybersecurity best practices and how customer data will be collected, stored and used (both internally and among affiliated third parties).
Communicators who advise leadership teams need to equip executives to deal proactively with IoB issues both legal or ethical. This includes:
- Detailed training on how to message company's security practices
- Thorough understanding of relevant local laws and regulations
- Thought leadership that puts the company ahead of the privacy conversation
- “Buck Stops Here” ownership of data collection, storage and management practices
The walls of all organizations are now highly permeable. What happens internally can all too easily become public knowledge. Transparency is key. (See trend No. 6, “Could Radical Transparency Be the Solution to an Eroding Trust in Authority?” later in this report for more.)
It is advisable to stay ahead, or at least abreast of public opinion, and assume data policies and usage can and will be shared beyond the walls of your organization. Develop your communications strategy with an eye on what matters most to your target constituents.
Media and Opinion Influencers
Media strategies need to consider both the risk and reward of personal data collection and usage.
Risks need to be considered when media teams are crisis and incident planning — what is their response in the event of a data breach or data mismanagement? Equally, the upside needs to be considered — can favorable media coverage be gained by demonstrating a particularly ethical approach to the management of personal data?
Government and Regulators
Even with the latest flurry of data protection laws in Europe and the U.S., regulation is likely to struggle to keep pace with the IoB. This will likely result in an explosion of personal data and countless, creative ways of using this data for commercial gain.
Communicators and business leaders would be wise to understand the letter and the spirit of the law, and where possible form alliances with governing bodies to better understand and help shape data regulation over the long term.
Katie Macaulay and Nick Vivion
With more than 30 years of internal communications experience, Katie Macaulay has supported many high-profile organizations through change and transformation — consulting on major change programs for the London Stock Exchange, Barclays, KPMG and Roche. She has a deep understanding of the challenges of communicating with employees in operational environments. Her longstanding clients include Royal Mail, Network Rail, the Post Office and Heathrow. All have large, highly dispersed, deskless employees with little or no access to digital channels. Macaulay is managing director for AB Comm, a full-service IC agency, and is the host of the award-winning Internal Comms Podcast. She also is the author of “From Cascade to Conversation – Unlocking the Collective Wisdom of Your Workforce.” Macaulay sits on the International Executive Board of the International Association of Business Communicators (IABC) and is a member of the Society of Leadership Fellows. She was named “Change Maker” by the Institute of Internal Communication and is a regular keynote speaker.
Nick Vivion is the principal at Ghost Works Communications, where he amplifies tech brands with integrated communications across PR, digital, content and brand marketing. He also really misses talking to random strangers. So please say hi: firstname.lastname@example.org.