Media Data & Privacy Data

Data is water, not oil: how democratizing data went rogue

By Femi Taiwo | Head of Consultancy



The Drum Network article

This content is produced by The Drum Network, a paid-for membership club for CEOs and their agencies who want to share their expertise and grow their business.

Find out more

May 30, 2023 | 11 min read

As we gasp for air at the bottom of a lake of data, the only way is up. So says Assembly’s Femi Taiwo – as part of The Drum’s deep dive, The New Data & Privacy Playbook – in a damning indictment of modern data practices that trick users and risk leaks and breaches.

Hands in fingerless gloves typing on a laptop

Have dark practices been smuggled in behind the veil of ‘democratizing data’? / Towfiqu Barbhuiya via Unsplash

It used to be said that “data is the new oil”. Somewhere in that idiom was an appreciation of the potential (unrealized?) value data could generate, the gargantuan efforts that would be required to make something useful of it, and the idea that those willing to put the work in would reap the rewards.

Fast-forward a few years and the winners were clear: the big tech platforms. But, thanks to the rapid rise of e-commerce and a retail ecosystem turbocharged by the global pandemic, others have been able to get into the action and build their own data troves. Large retailers know vast amounts about their customers: browsing habits, purchase histories, and even social media activity. Technology has enabled us to turn oil into water: ubiquitous, commoditized, and, most importantly, democratized.

No longer do marketers need to rely on industry monoliths to help them make sense of their data. Today, brands have in-house data scientists, helping them to create highly targeted and personalized marketing campaigns that can deliver better results than ever before.

But, right when we should be celebrating a watershed moment of redistributed power and leveled playing fields, instead, we’re watching in horror as the downsides of democratization unfold.

Dark patterns and manipulation: how everyone becomes an ad network

With brands empowered to build out their own equally sophisticated teams of engineers and scientists to handle, model and segment data, they can fall prey to the same tactics they once decried from the tech companies. With low consent rates and a need to be seen to comply with regulations like GDPR, organizations are turning to unethical means to differentiate the efficacy of their ‘owned’ first-party data from the seemingly endless (and lower-grade) data that can be acquired through other means.

Consent rate optimization (CRO), ‘fingerprinting’ and similar ‘dark pattern’ activities used to be the domain of the leading technology companies under the guise of A/B tests and the betterment of their algorithms. But now websites like Skyscanner tell the user that they do not use their data to drive up prices: hardly a glowing picture of consumer confidence.

Of course, consumers know that there’s an exchange of (their) data to access information but the vast majority are unaware of the extent to which they are manipulated into making that exchange by the brands they have come to love and trust. Over time, everybody becomes an ad network.

The ones you’ve probably encountered are the automatic opt-in (or uncheck-the-box-to-opt-out) to enroll users in a marketing email list or the use of confusing language to hide the fact that a user is agreeing to share their data with third-party advertisers. A tell-tale sign is how many clicks it takes to get to the option to reject legitimate interest through the consent banner.

Third-party brokers are less obvious and more invasive

What purpose do these rogue data practices play in the advertising ecosystem? What happens to all this data that is mined from users? It’s repurposed by, and sold on to third-party brokers – but not in the obvious, nefarious, shady ways that tend to get the ‘data breach’ headlines. Rather, it’s through the many leaks coming from websites that have placed trackers from known partners and trusted them to collect data only for the purposes they need it.

While there’s nothing inherently wrong with this practice, it raises questions about how much control consumers have over their own data, and how informed they are about what they’re consenting to.

Brands are also oblivious to this level of granular tracking, but this helpful public GitHub repository updates information about known advertising tags that contain fingerprinting code (to create a unique picture of your browsing behavior across multiple websites) and the servers the data is sent to. All that data is sold to other companies for use in marketing campaigns.

While third-party brokers were deemed necessary to break out of the worlds created and dominated by big tech, now that the data has been democratized, their activities are less obvious and more invasive and are rarely spotlighted (except in Cambridge Analytica or Clearview AI-type scandals). Previously, it was easy for brands to point fingers at the offending actors. Now, the fingers are pointing back at them.

Suggested newsletters for you

Daily Briefing


Catch up on the most important stories of the day, curated by our editorial team.

Ads of the Week


See the best ads of the last week - all in one place.

Media Agency Briefing


Our media editor explores the biggest media buys and the trends rocking the sector.

Increased risks of data breaches

Perhaps the biggest risk associated with the democratization of consumer data is the increased potential for data breaches. The more data brands collect, the more attractive a target they become for hackers and malicious actors. This will in turn draw the attention of legislators and regulators who have so far focused their efforts on big tech.

Breaches can have serious consequences for the company and its customers. With 109,000 data breaches across Europe known to regulators last year, these events are not as uncommon as one might think. In addition to the potential financial losses associated with a breach, customers’ trust in the company and its ability to protect data is paramount. The stakes have never been higher as the ecosystem becomes more complex.

Redressing the balance

We can’t (and shouldn’t) prevent the democratization of consumer data; it’s a necessity to help us redress the balance of power. But how do we prevent data from going rogue?

1. Transparency

This shouldn’t be a revolutionary idea five years into GDPR, but there’s still a requirement for brands to be honest with customers about how their data is being collected and what it’s being used for, and by whom.

If this means reducing the number of advertising technology partners to zero, that’s an experiment worth conducting. Revenue is linked to transactions and transactions contain rich data, where the value exchange is clearly articulated. Transparency in purpose and process needs to be supplemented with a choice; it’s imperative that consumers are given the option to opt in/out of data collection as they see fit.

2. Security

Implement strong security measures. This is table stakes for customer data (CRMs, data warehouses/lakes, etc) but rarely gets adequate consideration when thinking of advertising. As well as encryption to protect data (in transit and at rest), have you ensured that all your advertising accounts (and everybody that has access, including your agency) have implemented multi-factor authentication? How are you proactively preventing unauthorized access? Are you regularly auditing to ensure your peripheral systems are secure? Do you review account access periodically? Do you keep logs of when access levels are changed? Does that person that left your agency partner three months ago still have access to your analytics system?

3. Ethics

There’s an increased focus on the impact of advertising on the environment and the human mind. We should also be mindful of the ethical implications of using consumer data.

This means auditing your ‘trusted’ partners carefully to make sure that neither you nor your partners are using deceptive tactics or engaging in fingerprinting to gather data. Make sure that the data you have permission to collect is only used for the purposes that are clearly stated and agreed to by the customer. If you want to expand those purposes, ask your customers. You’ll be surprised how many of them would value being part of a Beta trial, especially if there’s a tangible value like a limited-edition product or an exclusive colorway.

Based on our current trajectory, it won’t be long before we hit rock bottom. But we won’t have struck oil. When data is this ubiquitous, the steps from excess to commoditization, and then to abuse are short and quick.

In this vast ocean of data, everybody has access to data but very few know what to meaningfully and impactfully do with it. But we can do things differently if we make the right choices.

Or in the words of Coleridge, “Water, water, everywhere, nor any drop to drink”.

To read more from The Drum’s latest Deep Dive, where we’ll be demystifying data & privacy for marketers in 2023, head over to our dedicated hub.

Media Data & Privacy Data

Content by The Drum Network member:


Ad Age's Purpose-Led Agency of the Year. We're the modern alternative, bringing together data, talent, and tech to find the change that fuels growth.

Find out more

More from Media

View all


Industry insights

View all
Add your own content +