Securing Consumer Data: The Challenge for OTT Players
With the number of OTT service subscribers set to multiply after the roll-out of 5G, data privacy is back in focus.
With the number of OTT service subscribers set to multiply after the roll-out of 5G, data privacy is back in focus. (Photo: istockphoto.com)

Securing Consumer Data: The Challenge for OTT Players

For over-the-top (OTT) content providers, the impending rollout of 5G presents an enormous opportunity – one which will only gain pace as viewers increasingly “cut the cord” and switch viewing allegiances from TV to the internet. Faster internet speeds and the ability to access OTT content over any device, at any time and location, will only add to this trend.

Nearly 800 million people (about 10 percent of the global population) already access at least one OTT subscription video service per month, according to an eMarketer report.

The emergence of 5G will also see an evolution in subscriber data management. Already several years ago, regulators identified the security aspects of this issue and raised a red flag accordingly. In response, they began to bring together experts to evaluate the various techniques, technologies, processes and devices to create a data protection framework that would secure subscriber data. One of the key outcomes was the General Data Protection Regulation (GDPR), which came into effect in Europe in May 2018.

To better understand the purpose of regulation vis-a-vis data, let’s delve a little deeper into how personal information is obtained and used by OTTs.

Subscribers interact with their providers’ network by consuming multiple services, whereby the network captures session data related to those interactions. This data represents a critical business asset for OTT programmers and distributors alike, as it enables them to better understand their viewers (i.e. who is watching, as well as when and via which media they are watching it).

The information captured is subsequently combined with additional data, including from third-party sources, and may include information on the viewers’ other interests and characteristics. Together, this is all used by the OTT to improve their services and provide relevant, personalised up-sell opportunities.

The danger, however, comes from the risk with collecting, storing and using this data. The three main sources of vulnerability include internet-connected devices, the network and content providers.

In practice, most OTTs already apply a variety of controls to safeguard their consumer data. For example, GDPR requires businesses to protect the personal data, as well as privacy of EU citizens for transactions carried out within EU member states. Yet OTTs have even greater compliance requirements when it comes to data processing activities performed by third-party suppliers, with the application of specific rules of engagement between the two entities (the supplier and the third-party supplier).

Meanwhile, regulators in some countries that don’t come under the GDPR are obligating (or considering obligating) their own OTT communication service providers, content providers, device manufacturers, as well as browser and operating system providers to their own data privacy laws.

Such regulations are of particular concern to OTT executives due to the business and legal risk of non-compliance.

To avoid finding themselves on the wrong side of the law, OTTs who are yet to take action would be well-placed to begin by conducting a “data protection by design” review of their applications and services. In parallel, this should be accompanied by the development and implementation of a mitigation plan for any privacy risks and shortcomings.

Such a plan should comprise a combination of processes, communications and programs, rather than a single-point-in-time solution. To help them, various workshops are available, which provide detailed guidance on how to collect data from a consumer’s different devices using cross-device linking techniques.

Some OTT players are already well on the ball.

One approach, for example, is to apply privacy engineering principles to the generation, collection and processing of device IDs. This allows the OTT to collect only the data they need, making it much easier to manage and secure personal data responsibly.

But to ensure compliance with all current – and future – regulations, such a proactive approach needs to be taken further. This means extending it all the way to addressing issues of data ownership, privacy and security in OTT distribution agreements. This will be particularly crucial as privacy regulators and advocates increasingly scrutinise online practices to ensure privacy and security of consumer data is appropriately protected.

Overall, such a comprehensive approach to data security is the only way to both securing data as a valuable business asset, and at the same time, mitigating compliance – and reputation – risk.

Vijay Khandelwal is head-customer services unit, APAC, Amdocs. The views expressed above are the author’s own. The Quint neither endorses nor is responsible for the same.

(Participate in the second edition of The Quint's My Report Debate and win Rs 10,000. Write an essay on how to fix India and Pakistan's relationship. Submit now)

Follow our Blogs section for more stories.

    Also Watch