This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Honoring Data Privacy in the Age of Personalization

DataGrail, December 21, 2022

Personalization makes a lot of online experiences more fun. Getting tailored news content, product recommendations, the fastest driving route, and even your annual Spotify Wrapped list are all ways companies use consumer data to create experiences.

At the 2022 Lesbians Who Tech Summit, DataGrail CTO Cathy Polinsky hosted a session on honoring data privacy during a time when personalization is so critical. To kick things off, she shared her own example of effective personalization: using Wordlebot to analyze her daily Wordle performance.

Every individual has a boundary when it comes to sharing data. But regardless of where that line is, it’s hard for consumers to fully know when their information is collected and how it’s used.

Data privacy is a fundamental human right, but the reality today is that it’s under attack.

There’s a real concern that personal data can be used against someone. For example, someone could easily aggregate data from location, search, and period tracking apps to find people who have considered or gone through an abortion. In her session, Polinsky notes how the Dobbs decision “shines a light on what harm could happen if personal data isn’t protected.”

And there are plenty of other examples where consumers have had to deal with the fallout of their personal data being used in ways they didn’t expect.

The Rise of Data Privacy Regulations

In 2018, the Cambridge Analytica scandal raised alarm bells when they took personal data from Facebook users without their knowledge or consent to target and influence elections. 

This certainly wasn’t the first incident of data privacy infringement, but it did spark one of the most significant regulations in data privacy: the California Consumer Privacy Act (CCPA), the first comprehensive, statewide consumer privacy bill in the US.

US regulators are taking increasingly stronger positions on privacy as well. 

The first public settlement for violations under the CCPA was with Sephora, one of the largest retailers in the world. Sephora suffered damaging headlines and agreed to a $1.2 million fine to resolve allegations of multiple data privacy violations. As part of the settlement, Sephora must clarify how it is selling and sharing data and provide mechanisms for consumers to opt out of the sale of their personal data. 

In her session, Polinsky noted a particularly interesting aspect of the Sephora incident that goes back to the heightened risk to women’s privacy in a post-Dobbs world. The California Attorney General highlighted that Sephora also allegedly shared with third parties the location data of women and information about their shopping cart contents, which could include products like prenatal vitamins.

Consumers Care About Data Privacy

With data privacy getting more of the attention it deserves, consumer sentiment is changing. People are more informed about privacy tradeoffs and are demanding more control over their data. In fact, a recent DataGrail report found that eight out of every 10 Americans believe there should be a federal regulation protecting their privacy.

In addition, people are taking action to protect their privacy — and have actually been doing so for years in various ways. Every time a consumer unsubscribes from unwanted emails, uses an ad blocker, or retunes their mobile device’s data-sharing settings, they are exercising their right to privacy.

The good news is that most companies aren’t malicious in their abuse of personal data, like Cambridge Analytica. Many want to do the right thing by their customers, but simply may not know where to start.

3 Ways Businesses Can Honor Data Privacy

DataGrail has found that, on average, companies use more than 150 SaaS applications that could potentially have personal data in them. It’s not too difficult to manage personal data when it’s in a single place, but when it’s across more than 100 systems? It’s significantly more difficult to find and interpret.

It also takes time, focus, and commitment to make sure you are managing privacy rights accurately. In her session, Polinsky shared one story about a tech company that went through a painstakingly manual process to delete the personal data for one user in more than 50 systems. When the company used an old email system a few months later to promote a new product, the company accidentally sent the email to the user who wanted their data deleted.

It was a mistake that they missed one system, but it jeopardized their industry trust and brand reputation when the user shared this story with their friends.

So how can companies honor data privacy today?

  1. Use customer data for a meaningful purpose. When customers see that their data has a purpose, they’re more willing to share it with you. Polinsky, who was previously the CTO at Stitch Fix, said that even though new customers had to fill out a style profile with 100+ questions, they were more inclined to do so because they saw firsthand how it resulted in better-fitting clothes and truly customized experiences.
  2. Treat customer data responsibly. Drawing on her experience at Stitch Fix, Polinsky said they invested heavily in the privacy and security functions, and never sold data to third parties. It was solely used for its intended purpose.
  3. Create a culture of trust. This starts with building trust internally at your company. People are more likely to speak up when they see or hear something that isn’t right, and you’ll be able to find problems sooner and fix them before they impact your customers or your company. Building a culture of privacy is a natural extension of this.


Consumers are getting savvier about who they shop with and the services they use. It may only take one bad experience (or one unsolicited email) to break their trust. In fact, our 2022 Privacy Awakening Research shows that three out of four people would rather spend more money shopping with a brand they trust. 

Consumers expect and love personalized experiences, but they also want their data treated respectfully and only used for intended purposes. And building personalized applications or experiences does not have to be in conflict with data privacy, but it does take attention and commitment to do this well.

As a privacy professional, there are two important things you can do to help your company be a better steward of personal data: understand what data you have and where you keep it, and be a strong champion for creating a culture of trust. Your organization will be stronger for it.

subscribe to GrailMail

Like what you see?

Get data privacy updates sent straight to your inbox.