Ahead of GDPR, Segment sees growing pushback against third-party data sharing

The customer data platform is offering new features to comply with the impending rules, which fit into the platform's focus on first-party data.
Written by Stephanie Condon, Senior Writer

The customer data platform Segment is rolling out new features to help companies stay in compliance with the impending GDPR rules -- rules the company says are just the latest indication of the growing pushback against third-party data sharing.

"There's sort of two macro trends in terms of consumer desires," Segment co-founder and CEO Peter Reinhardt said to ZDNet. "People want more personalized experiences, but at the same time they don't want companies selling and sharing their data between different places."

Reinhardt pointed to Apple's strict, new anti-tracking feature in Safari as evidence of the growing intolerance of data tracking. Meanwhile, the Equifax breach, he said, offers an "example of how wrong it can go."

Within the next few years, third-party data brokering businesses are going to be "in a bad spot," Reinhardt predicted. As browsers start to change the rules of the game, he said, it will be "not just a regulatory issue but a functional issue -- their product to some extent will just stop working."

Segment -- which collects customer data from different platforms and then sends it directs it to the proper tools for marketing, analytics and other purposes -- already focuses on helping businesses manage their own customer data. "We're really uninterested in helping companies share that data between them," Reinhardt said.

With GDPR taking effect on May 25, offering compliance capabilities was a natural progression for the company. The EU's General Data Protection Regulation (GDPR) gives EU citizens the right to erasure (the right to be forgotten), the right to object, and the right to restrict processing of their data.

To support those rights, Segment is supporting deletion requests, enabling a company to delete an end user's data from Segment by issuing a single command through the HTTP API. If an end user is associated with a delete command, Segment will place them on a data suppression list-- this means all personal data moving forward won't be tracked by Segment. The platform also enables GDPR compliance by letting a company compile and share with a user a complete picture of all the data sent to Segment about that person.

It's easy enough for a company to receive an end user's request for deletion, said Chris Sperandio, a product manager leading Segment's GDPR efforts.

"But functionally, that's a challenge because they have these different tools instrumented across their site and apps automatically collecting data about these users," he said. "It's hard to keep track.in the context of that app or site whether a person has opted in or out. What we're trying to do is make it easier on them by keeping that state of a user having opted out on their behalf."

The new compliance capabilities align well with Segment's recently released product Personas, which effectively helps companies build profiles of their end users. "When you think about end user privacy, it's very user centric rather than time-streaming centric," Reinhardt said.

Sperandio said he expected to see more consumer-focused Segment customers show more concern about GDPR compliance, but the issue has been "pretty uniformly top of mind" for all customers, he said.

"The reality is really every business who interacts in a digital context with EU citizens, which increasingly is most digital businesses -- needs to be thoughtful about these regulations."

Previous and related coverage:

Editorial standards