You May Be Sharing Data With the Competition and Not Even Know It


This post was originally published on

When most people talk about data privacy, they’re referring to the way it has traditionally been understood: Companies are hacked, enabling their user network or offline data, cookies, mobile profiles, commission percentages, past order histories, average order values, or credit card numbers to fall into malicious hands.

But there’s a broader discussion happening around data privacy regarding the conflicts of interest that can arise in the performance marketing (affiliate) industry.

As data flows through increasingly complex relationships within the industry, it changes hands between merchants, parent companies, and even competitors.

Throughout each phase of this information funnel, it becomes less clear to whom that data belongs — and how it may be used in aggregate fashion down the road. This convoluted landscape makes it increasingly important for marketers to set expectations early when vetting their marketing and technology partners.

It’s important to know:

  • Where your data originates, as well as who might find it useful.
  • What your partners do with the information you’ve provided.
  • What options you have for protecting your information.

Protected by the Family?

Consider a hypothetical example of data flowing from a subsidiary that could be used as a competitive advantage. Let’s say a merchant is on the CJ affiliate network, and sales come in through Ebates, an affiliate. Ebates knows the average price paid for particular items and each item’s conversion rate, among other details. It’s also owned, however, by Rakuten — which has an affiliate network that’s a competitor of CJ’s.

Here’s where that information could come into play:

  • Could Rakuten try to win that merchant’s business away from CJ by showing comparable performance on its own network?
  • Could Rakuten offer a better deal from Ebates in a package that included working with both parties?

Accidentally Helping the Competition

Similar to the network example, data could also flow from one merchant to a competitor. For instance, Rakuten also owns Rakuten Global Market, which could be considered a competitor of many of the merchants getting sales through Ebates. Meanwhile, CJ’s parent company, ValueClick, offers display and retargeting products.

These questions naturally follow:

  • Could a parent company with a competing online retail presence use this information?
  • Could a parent company use anonymized pooled data from individual retailers as part of a data profile that’s sold to potential competitors wanting to target a specific demographic?

Do Your Data Due Diligence

These challenges don’t have black-and-white solutions or clear answers. Many of the moral and ethical standards of data sharing are evolving and will likely be handled on a case-by-case basis.

Set upfront expectations with potential partners by asking these questions about how they’ll use your data:

  1. Who does this data belong to? Can you control who shares it? To protect yourself, you need to know who owns your data and how that ownership can be transferred or shared.
  1. Is data shared on an individual, pooled, and/or anonymized basis? Can I opt out? It’s important to know whose eyes are on your data, how it’s being used, and whether you can dictate that usage. For example, you can’t assure customers that their information won’t be shared if your network or technology partner’s contract states that it can share information with third parties or use that data, combined with other data, to try to identify an individual.
  1. If you’re doing a deal with a subsidiary, does it flow to every section of the parent company? Like in the Ebates example above, you have to make sure you’re not unintentionally shooting yourself in the foot by empowering competitors — via their parent or sister companies — with your customer and sales data.
  1. What security is in place for the data? Have there ever been any security issues? This relates more to the traditional definition of data security, which focuses on preventing and reacting to breaches. You must do your due diligence to vet the safety of valuable information, for both the sake of your client relationships and your company’s health. Plus, no one wants to face the PR nightmare that accompanies a security breach from a vendor or partner.
  1. If clients leave, is their data destroyed?If you ever decide to sever ties with the firm, you’ll want to ensure that your data can’t be used against you or shared with others in any way in the future.

Another Route: Licensing

Of course, there’s always the option of working with providers who don’t share or pool their data at all. We’re seeing more organizations move to SaaS platforms that allow them to license their own versions of the technology in lieu of joining a pool.

Target, for instance, uses a SaaS vendor for the Target Affiliate Program. This gives the company total control over its brand through data ownership, direct relationships with partners that don’t require third-party oversight, and a first-party cookie relationship with customers.

Data leaks and breaches aren’t the only things your company has to worry about. As the funnel of network- and company-owned data becomes increasingly complicated, you must have a handle on who can see and use your data at all times.

Ask potential partners these questions to vet their approach from the start. You’ll ensure that proprietary customer and company data stays safe, avoid unintentional conflicts of interest, and keep from unwittingly sharing data with your competitors. Do you know what your partners are doing with your data?

Leave a comment

Your email address will not be published. Required fields are marked *