Forrester logo Download the report

Data Privacy: Businesses That Got it Wrong in the Past and What We Can All Learn from Them

Earlier this week, we wrote about the value of respecting user privacy laws and dispensed a few tips on how businesses can establish customer trust. Continuing the theme of data privacy, we’re looking at two companies that ran into privacy violations in the past to glean insights on how businesses can avoid similar mistakes and better communicate a commitment to transparency and integrity when handling users’ data.

Even in an age where users purposefully store and share personal photographs on Instagram, post life updates in real-time on Twitter, and announce wedding engagements over Facebook, data privacy is still a subject of much contention and controversy. When using social data to better understand their users, businesses walk a fine line between leveraging this data to create personalized online experiences and respecting their users’ privacy. By investigating companies that have failed to protect and use social data with discernment in the past, businesses can learn to become more responsible with the information entrusted to them.

Instagram’s Revised Privacy Policy Sparks Negative Online Buzz

In December 2012, Instagram released an updated privacy policy that appeared to grant Instagram the rights to sell users’ photographs without their permission. Legions of disgruntled users took to social networks to express their disapproval with the changes and egg each other on in protest against Instagram’s new terms of use.

A few days following the initial change, Instagram CEO Kevin Systrom published a blog post apologizing for the ambiguities of the newly drafted privacy policy and expressing his commitment to “modify specific parts of the terms to make it more clear what will happen with your photos.” More specifically, Systrom clarified that Instagram has no intent to declare ownership over their users’ photos or sell them to third-party advertisers and promised to remove the ambiguous language from the policy.

Lesson Learned: Make Privacy Simple

Legal documents are confusing and easily misinterpreted. Make it your duty to demystify them for your customers, particularly if your business is planning on rolling out significant changes to its privacy policy. One way to reduce ambiguity surrounding privacy policy changes is to release a blog post outlining the changes in user-friendly terms in conjunction with the revision. Though Systrom’s blog post does clarify Instagram’s new privacy policy, it showed up a few days too late for Instagram to avoid the backlash from news and social media outlets.

Also, it’s crucial to listen and respond to customer questions and complaints in a timely, sensitive matter. Systrom’s public response, which was released to counter the wave of negative buzz over Instagram’s privacy policy, can be effectively summarized in the title of his blog post, “Thank you, and we’re listening.” Responding effectively to user feedback, Instagram demonstrates a consideration for its customers by inviting them into the product and policy modification process.

To continue reading, click here.

By Emma Tzeng

Meet us at

Rogers Cup
Toronto, Canada

August 5-13, 2017
View Event >