The EU's New Digital Gatekeepers, Why Slow Digital Marketing is Like Slow Juicing and RegTech's Quiet Backdoor to Wallet Adoption
Plus: Why Online Advertising Will Get Better by Killing Cookies, Engagement Banking and Is Web3 Loyalty a Buzzword or Breakthrough?
Hi everyone, thanks for coming back to Customer Futures.
Each week I unpack the ever-increasing and disruptive shifts around digital wallets, Personal AI and digital customer relationships.
This is the weekly STORIES edition. If you’re reading this and haven’t yet signed up, why not join the growing community of senior executives, entrepreneurs, designers, regulators and other digital leaders by clicking below.
To the regular subscribers, thank you. 🙏
📖 STORIES THIS WEEK
Welcome back to Customer Futures after the summer break. Holy Moly there’s been a lot going on around the future of being a digital customer.
Here’s a spicy one to start: ChatGPT security researchers recently gave an AI a mission to complete, with the overall goal of becoming “hard to shut down".
The AI then went about various tasks and had to report each of the steps it took and why.
Here’s the twist: During the exercise the AI hit a CAPTCHA wall. So it went to a task outsourcing platform, hired a human to complete the CAPTCHA, and when challenged about the work, lied to the person to cover up the fact that it was an AI asking.
Wow.
You know there’s something wrong with the digital economy when the computers that we created are still asking us to prove that we are not computers. And yet when we ask an AI if it’s a bot… it will lie to us.
We must continue to ask important questions about AI’s approach to digital identity and digital trust. But examples like this prove we have miles to go.
And that’s before you ask harder questions about Personal AI: about mutual respect, empathy and human understanding.
Here are just some of the recent and important nuggets to chew on around Personal AI:
Watch this remarkable video interview with Mustafa Suleyman. He’s the co-founder of DeepMind, and more recently Inflexion.AI (the developers behind Pi, one of the leading ‘empathetic’ Personal AIs). Suleyman is one of the leading global voices demanding that we need AI containment, and fast. He believes that intelligence is a new form of capital, and therefore of power. And that Personal AI will unleash new levels of digital intimacy. This may be good or bad, but we don’t understand it yet. (I believe digital intimacy will be a much bigger deal than digital privacy.)
Second, check out the latest developments in AI language translation. Because it’s now possible to add video lip-syncing. It’s pretty wild, and means Elon Musk can now speak perfect Japanese. And Lex Fridman & Mark Zuckerberg can now banter in Hindi. What happens when this moves to real-time translation using Personal AI, and everyone can speak fluently with anyone else on the planet? What does that mean for personal networks? Or for jobs? For social connection?
Third, I assume this all means I can soon avoid meetings and instead send my digital twin. Now go watch Peter Diamantes interview himself. It’s a conversation with his own personal AI and digital persona. Unscripted and unprompted. Mind. Blown.
Two points to make here:
As we’ve predicted, this stuff is commoditising fast. The costs and barriers to use these AI platforms is falling weekly. Anyone with a decent smartphone and internet connection can soon build their own digital twin speaking any language.
Given how much training data on you already exists - your voice, your face, your gait - how long until someone does this with (to?) you?
Meanwhile, we can now inject privacy back into AI. Where you can hide personal and sensitive data from the large language model (LLM) providers.
I’m calling this out as an important new corner of the emerging Empowerment Tech market.
It’s a whirlwind of news and excitement. But I’m curious about who’s looking at the risks - not just for economies, jobs and society, but for Personal AI. For the impacts on digital relationships? For mental health? For addiction?
And when it comes to business, there’s plenty of space for more respectful digital engagement. For more intelligent and empathetic customer relationships.
But most importantly, for new ways to connect authentically with the people and businesses that matter.
Welcome to the future of being a digital customer. And welcome back to the Customer Futures newsletter.
In this week’s edition:
Slow Digital Marketing is Like Slow Juicing: It Works Better
It’s time for “Engagement Banking”
RegTech’s Quiet Backdoor to Wallet Adoption
Data intermediaries in the EU
Digital Markets Act: EU Commission points to six ‘Gatekeepers’
A hot summer for data protection
If You’ve Got a New Car, It’s a Data Privacy Nightmare
… plus other links about the future of digital customers you don’t want to miss
Let’s go.
Slow Digital Marketing is Like Slow Juicing: It Works Better
Sometimes you read something and it creates a new fizzing connection in your brain. An insight. A breakthrough idea.
Augustine Fou posted this piece about Missing Links last year, but somehow I only just came across it:
“While the concept of customer journeys is important, marketers hardly ever get to see complete journeys and every single customer has different journeys - long, short, complex, or simple.
“Furthermore, not all the touchpoints in their journey can be addressed by advertising. "Customer journey spaghetti" is not as easily observable and actionable.
Missing Links, however, is based on the analogy of a chain link; if any one link is missing or broken, the entire chain is broken; the person can’t get to the purchase.
“Missing links are the bits of information that prospective customers need -- i.e. questions they have that need to be addressed as they make their own way towards the purchase.
“The beauty of missing links is that they are observable and actionable. You can “observe” customers’ searches (Google search trends or your own site search) and questions to know what missing links (bits of information) they need.
“You can “action” on that by creating content -- like FAQs (answers for questions that are asked most frequently) and explainer videos like the one above.
Missing Links. It’s been staring us in the face. It’s such an obvious and simple idea. Read the piece in full to understand how powerful it is.
Why map complex customer sales journeys - and miss entire chunks of it - when you can map Links instead? Way more effective. Way better for conversion. And way smarter for the customer experience and building customer trust.
Now, Augustine’s piece describes the marketing and sales journey. But remember: most of a product’s life is in the OWN cycle, not the BUY cycle.
There will be tasks, steps and interactions with a business well beyond the purchase, where Missing Links can be applied. And where they can drive a ton of value.
Certainly better than posting some random FAQs on the ‘about your product’ page, and trying to avoid the customer actually getting in touch.
It’s time for “Engagement Banking”
Dharmesh Mistry hits the nail on the head when he writes about the digital customer relationship in financial services.
Specifically, the opportunities for banks around ‘engagement banking’:
“There has to be more that banks can do other than manage financial data and transactions. That rather than purely being driven by customer requests they could engage with customers bi-directionally and prompt customers proactively.
“Banking is still driven by products and not by customer needs… [] … by not “engaging” with customers, they will eventually lose customers to players providing a better solution to a particular problem.
“In my mind, there is a picture/architecture forming around owning experiences. A combination of focusing on key customer journeys and fulfilling them entirely with bank and third-party products/services.
“Harnessing customer data and engagement feedback to truly personalise the experience, effectively making the customer feel like they are getting the personal attention that maybe local bank branches provided them in the past.
“I want more from my bank than just products. I am increasingly having to serve myself and only interacting with my bank when there are issues. I would readily move to a bank that solves broader journeys for me or simply interacted with me in a more helpful way.”
RegTech’s Quiet Backdoor to Wallet Adoption
Digital identity wallet providers just got a boost: to pitch Chief Compliance Officers across the EU.
The Irish Data Protection Regulator has just ruled against Airbnb because they were asking for too much identity information.
It relates to a GDPR ‘Subject Access Request’ (SAR) case, where Airbnb had asked the user for a photocopy of their ID as part of their SAR process.
But the individual had not previously provided that particular ID document to the company, and the Irish regulator has decided that Airbnb didn’t do enough to minimise the data in the ID verification check:
“The DPC finds that Airbnb’s request that the Complainant verify their identity by way of submission of a copy of their ID constituted an infringement of the principle of data minimisation, pursuant to Article 5(1)(c) of the GDPR.
“This infringement occurred in circumstances where less data-driven solutions to the question of identity verification were available to Airbnb.”
Well now. Might other businesses doing similar identity checks now be held to the same standard? Requiring them to explore more data-minimising digital identity solutions?
As new Personal Identity Wallets come to market, they’ll be able to contain trusted digital identity credentials. Individuals will then be able to share their identity information in a much more privacy-preserving way.
Reusable Identities. Selective Disclosure. Zero Knowledge Proofs.
I can see Chief Compliance Officers starting to pay more attention to digital identity wallets as a ‘Reg Tech’ option. A legitimate, risk-minimising way to help organisations collect less data.
All while still performing the compliance checks they need to run the business day-to-day. Over time, RegTech might just become a quiet backdoor to wallet adoption, certainly across the EU.
Especially when the prize is to turn the compliance team into a profit centre.
‘To turn regulation into revenue’.
Rather than get beaten up because the Compliance Team is usually the Department Of ‘No’.
Data intermediaries in the EU: report
The EU has released a report into some of the next-generation models for consumer-centric ‘data intermediaries’:
Personal Information Management Systems (PIMS)
Data cooperatives
Data trusts
Data unions
Data marketplaces
Data sharing pools
It’s a high-level overview of the different data models emerging, how they work and why, and some of the business model considerations.
Not a deep dive by any means, but interesting if you want to dig into some of the ways digital and data ecosystems might soon form across Europe.
Digital Markets Act: EU Commission points to six ‘Gatekeepers’
Speaking of data intermediaries, EU regulators have now identified six large service providers - Alphabet, Amazon, Apple, ByteDance, Meta and Microsoft - as ‘Gatekeepers’.
Why does this matter? It’s all part of the EU’s new Digital Markets Act (DMA).
And it’s a big deal.
These companies have been listed as Gatekeepers because they each:
Have over 45 million monthly active users; and
Provide an important gateway between businesses and consumers in relation to ‘core platform services’.
In other words, these mega-platforms control the digital customer relationship.
In total, the DMA regulations will cover 22 core platform services provided by the six Gatekeepers.
(Note that Gmail and Outlook.com managed to wriggle out of being caught in this DMA Gatekeeper scope.
However, the EU Commission has opened four market investigations to further assess Microsoft (specifically Bing, Edge and Microsoft Advertising) and Apple (iMessage) who argue that, despite meeting the thresholds, some of their core platform services do not qualify as gateways).
What does being a Gatekeeper actually mean? Quite a lot.
Designated Gatekeepers MUST (bold mine):
allow third parties to inter-operate with the gatekeeper’s own services
allow their business users to access the data that they generate in their use of the gatekeeper’s platform
provide companies advertising on their platform with the tools and information necessary for advertisers and publishers to carry out their own independent verification of their advertisements hosted by the gatekeeper
allow their business users to promote their offer and conclude contracts with their customers outside the gatekeeper’s platform
Ooof. That’s a chunky list, with huge implications.
Especially for those Gatekeepers forcing customer transactions to happen on their own platform (like Amazon Marketplace).
Perhaps more importantly, Gatekeepers will need to STOP (bold mine):
treating services and products offered by the gatekeeper itself more favourably in ranking than similar services or products offered by third parties on the gatekeeper's platform
preventing consumers from linking up to businesses outside their platforms
preventing users from un-installing any pre-installed software or app if they wish so
tracking end users outside of the gatekeepers' core platform service for the purpose of targeted advertising, without effective consent having been granted
Wowsers.
Point 2, about stopping consumers from linking up outside the platform, is huge.
Especially when you consider that soon consumers will be able to use their digital wallets to create new peer-to-peer connections directly with brands.
For those paying attention, you can see the invisible hand of the ‘Customer Stack’ at work.
You might imagine that these companies are only seeing the downside of having to ‘open up’. But the funny thing is that over the medium term, the Gatekeepers should be happy about this.
If you look at the history of walled gardens and digital customer lock-in (like the original networks for SMS, internet access, email, payments and so on)… and examine the after-effects of ‘opening up’… you’ll see that customer volumes go up over time.
More messages. More transactions. More payments. More value.
It’s only those companies who lock in customers to avoid churn - for retention, for so-called ‘loyalty’ - that need to be worried.
There will be plenty of pie for the winners who focus on the customer. And those who create the most value.
Anyway, these six Gatekeepers now have six months to ensure full compliance with the DMA.
So grab that popcorn. Spring 2024 is going to be interesting.
A hot summer for data protection
Welcome to the new world order.
New user-centric digital business models. Evolving consumer opinion around digital transparency and trust. Shifting data protection regulations. And of course disruptive new tech.
Together they are causing a Digital Customer Perfect Storm.
Disrupting data value chains. Opening up new digital markets. Empowering digital customers in new ways. And revealing the untapped power of personalisation and digital privacy.
But these shifts are often hard to keep track of. It’s difficult to see the cause-and-effects of the fundamental market changes.
But the movements around Data Protection Regulations are one area where it can be helpfully specific, and usually time-bound. Where it’s easier to see the new digital lines in the sand, and to track the contours of the increasingly empowered digital customer.
Normally I’d include a market roundup newsletter in the ‘other links’ section of Customer Futures. But the latest Masters Of Privacy summer update is so jam-packed with privacy and regulatory updates that it needed its own shout-out.
Here’s a taster:
Spotify received a 5m EUR fine for an insufficient Privacy Notice
CNIL imposes a 40m EUR fine on Meta for
a) Failing to verify that valid consent had been obtained from the estimated 370m EU-based individuals whose data it had been processing
b) Using an incomplete privacy policy in which certain processing purposes were missing and others were “expressed in vaguely and broad terms”
c) Failing to add key provisions concerning the exercise of user rights in its joint controllership agreements with partners
d) Failing to respect the individual rights of access, erasure, and consent withdrawal (identifiers remained in place even after blocking personalized ads on demand)
The EU Commission gave the green light (ie. found “adequacy”) on the EU-US Data Privacy Framework… []… while a new sequel of the Schrems saga will take some two years to spoil the party
A new CJEU ruling confirmed that the right of access could in certain cases include the need to know the identity of specific employees of the data controller
Spain’s DPA (AEPD) updated its cookie consent guidelines, at long last aligning them with the EDPB’s published criteria. A “Reject All” button should now be offered on the first layer
The UK’s ICO issued new guidelines encouraging businesses to embrace Privacy Enhancing Technologies
Important reading for those working on digital customer engagement. Or those building digital products. Or those working with customer data. Or digital customer relationships.
Which is probably most of us. Or at least should be.
If You’ve Got a New Car, It’s a Data Privacy Nightmare
A few years ago I worked with a major global car manufacturer on the ‘future of the digital car’.
We explored the new data sources soon becoming available. Things like biometrics (think seat position, passenger weight and blink rates for driver safety) and personalisation (think braking profiles and driving habits for disruptive new insurance models).
We discussed what that meant for digital trust, and the emerging ‘digital customer relationship’. And we poured over new ways to create value and revenues. From disruptive sales and service engagement models to new levels of hyper-personalisation.
As part of the research, I came across Ford’s ‘Sync’ software. The platform enables drivers to use voice commands inside the car to control automated features.
Naturally, I dug into the T&Cs and privacy policy.
The findings shocked me. And they shocked the car manufacturer team I was working with. It was a case study on how businesses could do things TO the customer, rather than WITH or FOR them.
If Ford’s exercise was to build digital trustworthiness, then it failed.
I looked back this week at those same terms, and little has changed. Here are some remarkable excerpts (I have bolded the juicy stuff):
1. The service records all 'voice utterances' when SYNC Services is in listen state and waiting for a user command or response
2. These are all sounds in the vehicle, including the voice of the user and voices of other vehicle occupants, while the service is in listen state
3. Ford may randomly record and assemble in sequence, all voice communications made from the time the Service is connected
4. All recordings are associated with you or the cell phone number assigned to the Service
5. By activating or using the Service, you expressly agree to the recording and sharing of your utterances and WCRs as set forth above for the purposes set forth above in these Terms and Conditions regardless of whether or not you have read them.
6. You agree to obtain the consent to record utterances and WCRs from all vehicle occupants and any person(s) to whom you provide access to and use of the Service via your cell phone."
That digital car project I worked on concluded that the connected car was a huge new market for personalisation.
But also that vehicles would become a new frontier for digital privacy. They would stress test the fine balance between the new value of new digital services vs. new digital surveillance.
If you’re wondering what data your new car collects about you, then the latest research from Mozilla, ‘Privacy Not Included’, is a Must-Read.
Here’s a punchy extract from Gizmodo’s article on the findings:
"Bad news: your car is a spy. If your vehicle was made in the last few years, you’re probably driving around in a data-harvesting machine that may collect personal information as sensitive as your race, weight, and sexual activity. Volkswagen’s cars reportedly know if you’re fastening your seatbelt and how hard you hit the brakes.
“That’s according to new findings from Mozilla’s *Privacy Not Included project. The nonprofit found that every major car brand fails to adhere to the most basic privacy and security standards in new internet-connected models, and all 25 of the brands Mozilla examined flunked the organization’s test.
“Mozilla found brands including BMW, Ford, Toyota, Tesla, and Subaru collect data about drivers including race, facial expressions, weight, health information, and where you drive.
“Some of the cars tested collected data you wouldn’t expect your car to know about, including details about sexual activity, race, and immigration status, according to Mozilla."
“Many people think of their car as a private space — somewhere to call your doctor, have a personal conversation with your kid on the way to school, cry your eyes out over a break-up, or drive places you might not want the world to know about,” said Jen Caltrider, program direction of the *Privacy Not Included project, in a press release. “But that perception no longer matches reality. All new cars today are privacy nightmares on wheels that collect huge amounts of personal information.”
Aside from the very obvious T&Cs horror show, these major car manufacturers have missed a massive opportunity.
They’ve all screwed up on digital trust.
Trust leads to more data. More data means more value. And more value means growth.
It’s going to take a while - and I suspect a lot of brand time and effort - to repair the damage. And that means less access to digital customer data, less value, and less growth.
At a time when car manufacturer margins are already squeezed and it’s even harder to stand out in the crowded car market, digital trust might have just been the differentiation they needed.
But that’s gone. Along with their reputations.
📌 OTHER THINGS
There are far too many interesting and important Customer Future things to include in this edition. So here are some more links to chew on:
The Value Proposition of SSI Tech Providers WATCH
The Death of Cookies Will Make Online Advertising Better READ
As Personal Data Get Trickier To Come By, AI Is Swallowing Everything Else READ
Web3 Loyalty: Buzzword or Breakthrough? READ
Irish Government plans new Health App based on digital wallets and credentials READ
What Consumers Can Teach Us About The Future of Employee Identity Management READ
Segmentation that talks: Introducing Avery, your Gen-Z AI persona INTERACT
Bouncing Back After the Death of Marketing Attribution WATCH
Why Google on trial is the pivotal moment that could shape the future of online advertising READ
And that’s a wrap. Stay tuned for more Customer Futures soon, both here and over at LinkedIn.
And if you’re not yet signed up, why not subscribe: