What is Zero-Party Data?

We recently realized that, after a couple of years talking about Zero-Party data, we had not yet paused for a minute to try and define it in a clear, simple way.

Forrester Research provided a good starting point: 

“Zero-party data is that which a customer intentionally and proactively shares with a brand. It can include preference center data, purchase intentions, personal context, and how the individual wants the brand to recognize her.”

eConsultancy had a go at it too, explaining that Zero Party data “aligns with the customer’s desire for personalisation, as it enables them to proactively state what they want from a brand in exchange for their personal information”.

These and other independent analysts have done a good job of explaining different scenarios where businesses may resort to capturing such data -which some would simply label “declared data”- so as to round the picture they currently hold about their customers on a CRM (Customer Relationship Management platform) or other “retrieved information” repositories.

And yet, we believe the definition is not complete without a full understanding of its ultimate implications. 

Let’s say, for now, that the very concept of Zero-Party data makes most sense in the context of what Marketing Technology (MarTech) looked like back in 2016, at the time that the EU’s General Data Protection Regulation (GDPR) was given the green light (entering into force two years later). 

Whichever data being held by an organization about a given audience (in customer acquisition scenarios) or customer base (in customer loyalty scenarios) could then mostly be classified according to two different criteria: 

• It was either PII (Personally Identifiable Information) or not (unable to uniquely identify a particular individual)
• It was either First-Party, Second-Party, or Third-Party, on the basis of the existing relationship between the said audience or customer base and the organization holding the data. Whereas First-Party implied a direct connection between them, Second-Party data was the result of combining (and “deduplicating”) datasets held by two or more separate businesses, each of them having originated as First-Party. Third-Party data had, in turn, been collected by others in the context of their own direct relationship, then passed along through a given chain of custody. 

The first distinction, very US-centric, ended up meaning little: pseudonymous, non-PII data such as IP addresses, geolocation coordinates, or cookie values would eventually trigger privacy compliance in both the EU and California (since a combination of two or more data sources could lead to individualization). 

The second criterion turned out to be very relevant. The arrival of the GDPR, first, and the CCPA (California Consumer Privacy Act), second, resulted in an immediate appreciation of data which: 

1. Carries less risk in terms of its storage, processing, or activation
2. Can justify a longer life span
3. Counts on an easier path to obtaining the required legal basis for its processing. This would initially point towards relying on the data subject’s consent – facilitated by a direct relationship.

This led MarTech, analytics, or digital advertising professionals to embrace alternative software solutions, platforms, and media channels built on the more solid grounds of First-Party data. 

In such context, while once-promising Data Management Platforms (DMP) matched pseudonymous data patterns in order to obtain and enrich (“onboard”) audience profiles, newly-arrived Customer Data Platforms (CDP) offered to consolidate various First-Party data sources around unique customer IDs that could more easily be addressed or “activated”.

When it came to media spend, the promise of behavioral programmatic advertising and its enhanced targeting capabilities, was seriously questioned, as it requires gathering the individual’s consent through a complex sequence of intermediaries, as well as relying on a “black box” (in order to sort out a plurality of participants) which is incompatible with the transparency principles ingrained in the new regulatory framework. 

Even social media campaigns ended up being subject to burdensome “joint personal data processing” conditions (demanding clear written agreements between social media platforms and advertisers, as well as additional consent checkpoints and information requirements). 

But that was not all, and the world is a very different place four years later, thanks to two particular factors: 

1. The new legal framework did not come out of the blue or show up unaccompanied. It has only taken us a few months to appreciate an important readjustment of social priorities, if only boosted by the 2020 pandemic. Whereas Permission Marketing had a marginal following when first discussed by Seth Godin (back in 2008), the new Customer Centricity is an unstoppable trend. To the point that we are often discarding the word “customer” to speak of Human Centricity.
2. The law itself paves the way for what we believe is a much more powerful legal basis than individual consent for the collection, processing, storage, or use of personal data: legitimate interest, derived from a cause-effect relationship between the information provided by the data subject and the service received as a result. 

In other words, a value proposition built around the declared preferences of our potential customers, limiting data collection efforts to those strictly necessary for the task at hand, has good chances of not even requiring the interruption associated with consent management. And it also makes it easy to find alignment with the current social demand for transparency and control. 

Furthermore, this sort of direct causality is perfectly aligned with Privacy by Design principles -a core component of the GDPR and other privacy frameworks around the world. 

All of the above has become fertile ground for Zero-Party data: a step forward towards market dynamics controlled by demand, and not by supply, as a result of more efficient information flows between people and organizations. A deeper incursion into Customer Centricity and, as a result, into Human Centricity.

While First-Party data relies on gathering the individual’s consent at any cost, inheriting the worst practices of unbalanced clickwrap contracts (suffice to appreciate the abuse of dark patterns in cookie banners), Zero-Party data stems from the acceptance of a relationship between equals. 

While First-Party data originates primarily in behind-the-scenes data collection, Zero-Party cannot exist without an act of positive will (to expose such information) on the part of the individuals to whom such data points pertain. 

While businesses consider First-Party data their own, well-earned property, Zero-Party data is born out of consensus between people and organizations, without risk of commoditization or trade – and thus stored in shared or escrowed repositories (with decentralization becoming an option at a more advanced stage). Facilitating the exercise of privacy rights ceases, then, to be an afterthought to become a natural part of the data life cycle, as individuals are able to modify or delete them at any time without need for tedious requests, and businesses are spared costly deletion, modification, or portability efforts. 

Thus, in a Zero-Party data world things have changed again: 

Where a Customer Data Platform’s (relative) success may be entirely dependent on its ability to gather consent in a way that satisfies the minimum legal threshold (where more information and clear choices result in greater friction and lower acceptance rates), the new shared repositories do not require tricks or interruptions to ensure legal compliance. They do not even incur in a fraction of its costs (technical or compliance-related), as they displace most of the processing logic to the edge. The audience or customer base decide at all times which data they choose to expose, as they are able to see what potential suppliers are capable of doing with such information in terms of the relevance or convenience of a given value proposition. 

While media spend on behavioral programmatic ads (Real Time Bidding, or RTB) clings to life despite: 1) Very clear signs that it cannot meet the set conditions for valid consent; 2) widespread social rejection of digital surveillance and overall creepy advertising; 3) having witnessed the steady disappearance of every one of the technical pillars sustaining it (Third-Party cookies, mobile device identifiers, etc.); and 4) suffering unmanageable levels of fraud, Zero-Party data facilitates demand generation (or discovery) across multiple channels. 

Where addressing “lookalike” profiles  (through bulk customer data uploads) and running hyper-targeted campaigns on Facebook or YouTube are increasingly subject to social and regulatory scrutiny, Zero-Party data enables a direct exchange with new and existing audiences over non-proprietary communication channels – email, mobile apps, QR codes, etc.

How does it work in practice?

Zero-Party data will quickly turn into mere “retrieved” information (First-Party) if we follow the natural instinct of brand-centric approaches. That is, sending out a few surveys for the enrichment of profiles on a CRM. This would then be followed by segmentation and messaging, or targeting. Very promising on paper.

A basic rule must instead be followed if we are to play this new game: True personal agency. There is no better way, in this day and age, to avoid building yet one more copy of somebody’s outdated, inaccurate profile, piling up risk and legal obligations in the process.  

In other words, Zero-Party is put into practice the other way around:

• Each organization decides on the levers determining its value proposition, or defines a hypothesis on the manner in which such levers will be moved by the customer’s needs, preferences, or data. 
• Such possibilities are exposed to the audience, representing an “API” (Application Programming Interface) of sorts to the company’s offering.
• Individuals pick the levers they find most suitable, naturally providing whichever values or data points resolve the variables on display.

In a scenario of highly atomized supply (e.g., Direct To Consumer retail), an entire value proposition will be determined by very specific signs of belonging to the particular niche being served. And it will be necessary to establish a connection between such long tail and the individual’s repository of preferences, needs, or information – often a Personal Information Management System, or PIMS. 

This is why we will surely work with various interactive feedback tools, forms and surveys, either in isolation or tied to specific offers requiring additional fine-tuning. 

But we could also employ pre-existing data sources in the hands of our customers. If they wish to connect their bank account transactions to save time in future purchases, we shall make it simple and safe for them to do so. If they wish to connect socio-demographic data stored on Facebook because there really is a use for them, we should let it happen. If ecommerce preferences currently stored in Amazon bring convenience to other, niche transactions, let’s facilitate that (with a little help from a new regulatory push for free data flows on both sides of the Atlantic). 

And there is a key, essential difference: rather than scattering their data across an infinite number of brand-specific repositories, people remain in control of their data by feeding a single instance of their preferences, needs, or personal information. 

What about activation? As mentioned above, there is plenty of room for open protocols in one-to-one communications, both with existing customers and anonymous audiences. These can be easily plugged into brokered, escrowed, or decentralized “customer data hubs”. 

A dream scenario? Selling more and churning less, at a lower cost and merely capturing aggregate data, incurring in the least possible risk for both parties, the organization and its customers. All of it while leveraging very precise information on people’s real needs, as shared by themselves with trusted ad-hoc environments. We are starting to call this “the new DMP”: A Dataless Marketing Platform. 

We believe people are ready for this. Is your business ready?