Posted: 15 Feb. 2021 4 min. read

Three Questions for Deloitte’s Global Privacy Lead: Annika Sponselee

With consumer behavior shifting online, more personal data is being shared through digital means than ever before. With that, privacy is in the spotlight. From online shopping, to digital marketing and even digital ethics, organizations are rethinking privacy in the context of our digital world. To take a deeper dive into these topics, Deloitte’s Global Privacy Lead Annika Sponselee recently joined Cybercrime Magazine’s podcast: Cyber Everywhere. Privacy and Trust, part of a series featuring leaders within Deloitte Cyber Risk. Let’s take a closer look at the summary of Annika’s responses to three key privacy-related questions:

Question 1: With the increase of online purchases due to the COVID-19 crisis, consumer trust has become more important and, for some organizations, this can be challenging. How should organizations be thinking about data, privacy and trust?

For a long time, privacy was thought about in the context of complying with rules and legislation. Now we see a shift toward handling personal data responsibly and ethically, not because of rules and legislation, but because of the opportunities this presents organizations. If an organization can properly handle data, and show responsibility around it, then consumer trust can be created, adding significant value beyond simple compliance. When consumers know their personal data is kept safe and is not irresponsibly shared with others, they will trust this organization and are more willing to share their information.

Personalization is a big part of the online marketing world these days. Although many consumers prefer a certain amount of personalization built into their online experience, it should not cross any lines or become “creepy” to the point where a consumer starts to think “how do they know this about me?” Personalization should not go too far and should stay within the boundaries of what is responsible and ethical.

The idea of creating and maintaining consumer trust is important, because if that cannot be achieved, or if that trust is broken, it is very difficult to regain. For example, a data breach or the misuse of data can have a negative impact on brand reputation. This is why it is so important to handle data carefully. Data misuse can result in a loss of trust, reputation and everything around it. The organizations that maintain a consumer-centric approach know what consumers want from them, stick to the rules, and determine their own strategy for creating consumer trust. Responsible data use is the future.

Question 2: Digital ethics adds the element of moral and conscious decision-making to the consumer journey into new technologies. What can organizations do to be more responsible about data and technology?

There are privacy regulations about following the rules, but not about following your own moral compass. Regulations like General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) don’t provide a “roadmap” for your own way of working. There’s a trend emerging that digital ethics has become a part of technology and data; for example, with artificial intelligence (AI) and robotics. When this happens, organizations must move beyond the boundaries of laws and regulations and ask themselves several important questions, such as:

  • What do we as an organization want to do with the data?
  • How do we ensure that we deal with the data responsibly?
  • How do we deal with the technology responsibly?
  • How do we make sure that, as an organization, we follow our own moral compass; not led solely by regulations, but something we view as important?

Digital ethics ties back to responsible business and the way in which an organization chooses to operate. This involves making sure that whatever technology is being leveraged, such as AI or IoT is not biased and that no unlawful or inappropriate profiling is taking place. All of these factors need to be taken into account when framing digital ethics, because the scope is so broad. Trust comes when an organization can prove it manages and uses data ethically and it is looking beyond the law.

Question 3: Third-party cookies have been a hot topic. What is happening in digital marketing to further protect privacy?

Consumers can find it annoying to have prompts pop up all over the websites they visit. In addition, it can be difficult for consumers to understand what other parties do with the data collected by cookies on your website (third-party cookies). When processing personal data and information, transparency is key. Consumers want to know what is happening with their information, who is securing it, and who is handling it. Cookies very much operate in the “dungeons” of the internet, and they can sometimes be very secretive and hidden. As a result, more organizations are now making use of first-party data. By making use of first-party cookies, organizations are more in control of the data, and are in a better position to use personal data responsibly. First-party data can provide a level of insight that we don’t typically see. Ultimately, this ties back to the idea of allowing for more consumer trust.

When working with first-party data, organizations have the opportunity to be transparent and in control of the data. Privacy laws and regulations shouldn’t always be a “showstopper.” Now there is more awareness as privacy and ethics are becoming more important to consumers. The concept of privacy by design is increasingly being considered. We’re seeing this through examples such as Google’s announcement that Google Chrome will stop using third-party cookies by 2022. It will be interesting to see how organizations respond to this.

You can listen to more of Annika’s thoughts on privacy and the full Cybercrime Magazine podcast here.


Return to the Responsible Business home page to discover more insights from our leaders.

Key Contact

Annika Sponselee

Annika Sponselee


Annika Sponselee is Partner at Deloitte Risk Advisory and heads the Privacy Team. This Privacy Team exists of 20 privacy experts, all dedicated to and qualified in their field of expertise (i.e. legal, security and/or compliance). She also leads Deloitte’s General Data Protection Regulation (GDPR) offerings both Globally and for Northwest Europe. Annika is committed to combining the legal, technical and organizational aspects of privacy in the advice to clients and has over 10 years of experience in this field. She has regularly coordinated multi-jurisdictional privacy projects, which involved dozens of different countries. In doing so she gained a lot of knowledge on privacy legislation applicable in other (EU) countries. Annika gives training courses and presentations on this subject too.