Telefónica in Germany has announced a partnership with U.K. firm People.io to power an app in which the telco giant's customers can control some of their data.
The app for customers to manage data, branded as O2 Get, is now part of Telefónica's O2Germany app portfolio for Apple and Android devices. It will be promoted to Telefónica's 44 million customers in the country, where data protection laws already reflect GDPR.
The partnership, and Telefónica's approach to handing over more data control to its customers, could serve as a template for what other telcos across the European Union and other markets might do as strict General Data Protection Regulation rules take effect next year in the EU. The regulation, or GDPR, will require companies with data about EU citizens to obtain explicit consent for various data gathering, usage and sharing practices.
Phone carriers that provide mobile and web services are among the most prolific data harvesters, ingesting near-constant trails of information showing customers' physical locations and virtual activities. Unlike many companies that gather data on people who visit various websites, moreover, telcos possess personally-identifiable data on their customers. Many are fostering relationships with third-party technology firms that help them turn that information into new revenue streams by putting it to use for advertising and marketing purposes.
Companies handling data related to EU customers around the world are now scrambling to ensure that their technologies and data management, privacy and security regimes suit the GDPR standards coming down the pike.
"Data protection is key for Telefónica," said a Telefónica spokesman. "The app is much aligned with GDPR requirements for transparency, user control of own data and data portability."
To be clear, the O2 Get app user will have control only over data provided directly to or within the app, and it appears Telefónica will continue storing data on its users generate outside the confines of the app.
"Telefónica will continue to act as a mobile operator, which requires the handling of customer data -- within the strict German legal framework," the Telefónica spokesman said. "Our objective of launching this product with people.io is that, over time, we can help our customers to benefit from the value of their data -- whether it's collected through the app or through the network."
"Our decision to partner with People.io was driven by their team's commitment to creating a consumer-centric data model, which forms the foundation of GDPR," he added, calling the regulation an opportunity, not a burden.
While Telefónica's new offering provides consumer control over a relatively minimal amount of data, it has merit, according to Pam Dixon, who often works with organizations in Europe as executive director of World Privacy Forum.
O2 Get "finally gives people some control over their data, and ownership," Dixon said. "Even though plenty of other unrelated data will still be circulating outside of the app, we have to start somewhere to improve our relationship with our data, and this is a good start."
Unlike in Europe, U.S. privacy regulations seem likely to keep getting looser. Congress in March killed off Federal Communications Commission privacy rules for telcos providing internet connectivity. But companies that operate on both sides of the Atlantic are considering whether they should create holistic approaches that standardize technological requirements in each market.
People.io founder Nicholas Oliver argued that Americans "are becoming more concerned" about their data privacy as a result of Congress's recent action. Opportunities are developing for services giving consumers more control, he said.
A new internet provider might get a foothold in the U.S. by playing the savior on the privacy front, Dixon argued. "It is my hope that the People.io app and others like it will come to the U.S. market," she said. "People are still angry about ISP privacy. An ISP that chose to give people more control of their data would be a hero."
Companies that believe they own data about their consumers are "arrogant," Oliver said. Brands shouldn't get to keep data on, for example, customers that stop being customers, he suggested.
"That's not your data, that's a person's data," he said, adding, "Don't even call it 'first-party' data because you're not the first party."
Telefónica's new app stores profile data about users based on their answers to survey questions and other interactions. Users are paid when they answer questions, agree to allow location data tracking, interact with ads in the app or sync their email accounts with it, giving it the ability to enrich profiles with information showing whether the user receives emails from Uber, Amazon or other companies, for instance.
They are paid in the form of credits that can be exchanged for gift cards for Amazon, Starbucks and iTunes or charity donations.
Though downloading the app won't be a requirement for Telefónica customers, it arguably will afford those who do more control over which companies can access information generated by their mobile and web interactions.
People.io considers its deployment with Telefónica to be the initial stage of its "vision is to build a firewall for people." In the future, the company expects people to connect fitness trackers, streaming music services or personal finance accounts to the app the way they can attach their email accounts today.
People.io is not a data management platform, and doesn't simply share consenting consumers' anonymized data with other platforms, said Oliver. The company lets advertisers target ad messages to users within the app. Oliver declined to name any advertisers using the platform.
People.io takes in revenue from ad sales, giving users 70% to 80% of that revenue in credits, according to Oliver. App users can earn the equivalent of around $20 in credits in their first month.
The data wallet concept is nothing new, and the app has only been downloaded by around 40,000 U.K. consumers thus far. However, the adoption of the app by Telefónica, a big telco player, is notable, particularly as other companies in the sprawling data ecosystem contemplate approaches to handling consumer data under GDPR.
"We're in conversations with around 12 telcos that cover 35 international markets," said Oliver, declining to identify any of the companies.