The Low-Down: Does Your Company Need a Digital Ombudsman?

Probably more than you know and sooner than you think. JL

Robert Stribley reports in Medium:

The need extends well beyond obvious digital and social media companies. Anyone who is shuttling your data around the Internet and among apps including but not limited to those who may be bartering with and marketing it . Companies should see this role as an opportunity to preemptively protect their brand. Companies run into ruin not just by breaking laws, but by ignoring consumer concerns. So consider the fact that your brand can still take a battering even if you’re technically staying within the boundaries of the law.

Does your local newspaper have what may seem like an unusual job? An ombudsman? It’s a unique job and I’ve long wondered why most companies don’t have a similar role by now — specifically to represent consumer concerns from a privacy and data security perspective, but also for handling other issues that affect users, such as so-called “fake news” and dark experience patterns. Let’s call this role a “digital ombudsman.”

As the amount of data pertaining to each of us continues to grow at an astronomical rate, this role becomes an increasingly important way of keeping companies in check. It provides them with a form of consumer conscience. And it provides balance for consumers who face of an enormous imbalance of power.

If you’re not familiar with the ombudsman, it’s a role often found within newspapers, universities, government bodies, and sometimes, within corporations. Wikipedia’s crowd-sourced definition explains the role of ombudsman or ombud as a public advocate or “an official who is charged with representing the interests of the public by investigating and addressing complaints of maladministration or a violation of rights.”

There are other descriptors like “adjudicator,” “arbiter,” “assessor” — the “A” section of your Dictionary weighs heavy with these judgment-oriented labels — but these terms don’t touch on the element of consumer advocacy implicit to “ombudsman.”

“Ombudsman” is not a great gender neutral term. “Ombudsperson” sounds awkward. “And “ombud” sounds … weird? The word comes from the Norwegian “ombudsmann” and in turn from the Old Norse “umboðsmaðr.” And with that exciting examination of the word’s origins out of the way, let’s accept that the title comes with its own issues for the moment. Suggest your own alternative job title in comments if you like.

Who Needs this Role?

Google famously convened an ethics board to ruminate over the possible dangers A.I. poses for the future. That’s admirable from a Let’s-Avoid-the-Robopocalypse perspective, but Google needs this position of digital ombudsman to focus on their users’ concerns now. (A quick Google search reveals that I’m not the first to suggest it.) Facebook needs this position. So does Twitter. And Snapchat. And Amazon. But the need extends well beyond these obvious digital and social media companies. Anyone who is shuttling your data around the Internet and among apps including but not limited to those who may be bartering with and marketing it — they all need this internal watch dog position. And those companies are innumerable. From AT&T to Verizon. From Comcast to Spectrum. From Bank of America to Wells Fargo. From Audi to Volkswagen. And on and on and on.

This Is Not the Legal Department

This digital ombudsman should be a consumer activist, not a lawyer. Legal departments don’t operate on behalf of users or consumers. They operate on behalf of companies. To keep them from getting sued by users and consumers. Certainly, good lawyers would encourage adherence to data protection laws, but legal departments are typically motivated… by legal motivations. Their job is to ensure the letter of the law is kept. So it’s quite possible for a legal department to give a thumbs up to activity, which though technically legal flies in the face of valid consumer issues and concerns.

Similarly, some organizations have a Data Privacy Officer that acts somewhat like an ombudsman but that individual is typically a lawyer and may report to General Counsel. The digital ombudsman is concerned with ethics from a consumer’s perspective — and sometimes even human rights — not just laws or regulations or protocols.

Remember a few years back when Facebook suddenly made everyone’s “likes” public overnight? That meant that whether you had liked Outward Bound or Outback Steakhouse or Out Magazine on Facebook, your likes were suddenly revealed for everyone to see — without your knowing or agreeing to it. At that time, I brought up the ethical implications of this sudden change with a Facebook employee. Her response aligned neatly with Zuckerberg’s justifications. It was fine, she argued, because Facebook alerted users to this change — after the fact. I was a little flabbergasted by that response. But now, I wonder, would Facebook’s legal department have disagreed with her? I doubt it.

In reality, let’s consider even just one use case: How many people were outed when the LGBTQ-friendly companies and groups they had liked were suddenly made public? How many people lost “friends” immediately without

having any say in the matter when Facebook suddenly made their sexual orientation or gender identity radically transparent to everyone? There’s likely myriad stories we’ll never know.

Similarly, legal departments may not care how your data is shared or sold, so long as the law allows for it and you’ve signed off on it when you accepted the transaction tacitly within the tiny terms and conditions copy you never read. (This gives us reason to celebrate the EU’s GDPR. More on that later.)

What would the role, duties and deliverables for such an employee look like?

The mission for the ombudsman should be to represent consumer needs and concerns in order to shape corporate policy and products as they are developed, but also by offering firm and explicit criticism of established policies and products when they conflict with consumer needs and concerns.

Characteristics to look for in this employee? He or she must be rigorous, detail-oriented, ethical, dogged, and diplomatic, yet — potentially, occasionally — combative. They should also be discreet when handling confidential user feedback.

Example of a dark UX pattern within Apple’s iOS 6 from The Verge’s article “Dark Patterns: inside the interfaces designed to trick you”

This position requires that someone be a subject matter expert and thought leader, so they must be well-qualified, having earned some relevant technical and digital design experience along the way. Why digital design experience? Because in addition to representing users from a privacy and data security perspective, the ombudsman should be familiar with dark design patterns so he or she can defend users against those, too. Most importantly, this person should have deep experience with user-centered research methodologies.

The digital ombudsman should probably report via dotted line directly to the CEO. Regardless, this employee needs unusual leeway: he or she must be able to operate independently as an open critic of the organization without fear of reprisal or getting fired.

That doesn’t mean such a person couldn’t get fired, of course. If you don’t complete your duties and deliverables comprehensively and in a timely fashion, you get fired. If you’re a jerk, you get fired.

Duties

The duties for a digital ombudsman would include robust and ongoing research, including but not limited to surveys, focus groups, and one-on-one interviews (each having their own unique advantages and disadvantages). The ombudsman would certainly be monitoring social media across the most prominent channels such as Facebook, Twitter and Instagram for user feedback on company activities. They should also be monitoring press mentions, too.

Deliverables

Primary deliverables would be regular internal presentations to relevant stakeholders and c-suite executives, including (and especially) the CEO, CIO, CTO and President. Also to lead designers and UX professionals where relevant and, of course, to any groups responsible for managing and distributing consumer data.

Versions of this information should also be presented publicly in order to maintain transparency but also to ensure the public understands that the company is paying credible attention to its concerns over data privacy and other pronounced experience issues. Therefore, a public platform such as a blog and a Twitter account would be valuable for posting this information and for responding to user feedback.

If it sounds like these roles and responsibilities would provide the ombudsman with extraordinarily broad access for a single, relatively untethered position, keep in mind that this person has little power beyond making recommendations, even if they may be delivering them to C-suite individuals. In fact, some valid criticism I’ve heard in response to this idea is that the position wouldn’t have much teeth. At least, however, this position enables a voice within organizations, which can better educate executives as to legitimate consumer concerns and feedback.

From the digital ombudsman’s perspective, this could be both a rewarding and a frustrating job (the job of ombudsman almost certainly always is). Success may mean seeing just a fraction of your recommendations come to fruition. It could be a lonely job. I still think it’s a much-needed, valuable role.

(And it needn’t be a solitary role: Larger corporations could certainly offer assistant positions to the ombudsman, or even turn it into a department.)

Interestingly enough, the European Union’s recent signing of the General Data Protection Regulation (GDPR) may necessitate that American companies create a position somewhat similar to the digital ombudsman in the near future, whether they’d like to or not. Chapter 4, Article 37 of the GDPR requires that companies create a position for a Data Protection Officer. However, this DPO focuses more on compliance with the GDPR’s policy guidelines for protecting consumer data than acting as a direct voice for consumers. It’s still a helpful role. For example, the DPO would monitor regulations prohibiting processing of individual’s data, which reveals personal attributes such as their racial or ethnic origin, political opinions, and religious or philosophical beliefs. It’s a great new job for someone with the right credentials and some 28,000 DPOs will be needed in Europe to comply with the GDPR.

Still. This compliance position doesn’t map directly to this proposed digital ombudsman, whose duties would include active user research and an active role in both presenting their findings from user research and at times, combatively representing consumer feedback.

If this Data Protection Officer position exists outside of the company reporting structure, however, it might provide the foundation for a role that includes the broader duties of a digital ombudsman. An initial problem I could foresee with this combination of the roles, however, is that simple adherence to the GDPR might still occasionally conflict with legitimate consumer concerns and demands.

Why, Though?

I have to answer the looming “why?” question. Why create this role when there are no guarantees that any of the feedback and guidelines it generates would even be enforceable? What if the role doesn’t immediately appear to generate any income? Well, first, companies should see implementing this role as an opportunity to preemptively protect their brand. To look before they leap into some sort of consumer catastrophe. Companies run into ruin not just by breaking laws, but by ignoring consumer concerns. So consider the fact that your brand can still take a battering even if you’re technically staying within the boundaries of the law.

Alex Jones in full Alex Jones mode. Screen capture from YouTube

Let’s look at Facebook again. The social media titan hemmed and hawed for weeks on how to handle “fake news” on their site, especially in the case of serial fabricator, Alex Jones. Jones uses his InfoWars platform not just to disseminate fake news and bizarro conspiracy theories but to smear innocent people, sending them into hiding and to make thinly veiled threats at public figures. After Zuckerberg offered a halting explanation to Recode’s Kara Swisher why outlets like InfoWars should keep their spaces unless they incite violence. Jones then helpfully made the case for his own removal by threatening Robert Mueller and calling him a pedophile. Apparently adhering to their own evolving policy and a somewhat Byzantine system of strikes, Facebook finally suspended Jones’ personal page for one month and said they are considering taking down some InfoWars pages. That suspension came the same day Facebook’s stock plummeted by 19 percent or approximately $120 billion in shareholder dollars due to lower than expected second-quarter earnings.

Arguably, Zuckerberg is in a historically tough spot and I’m sure he has whip-smart people advising him on this internally. But had a digital ombudsman been dedicated to tracking this issue for months, gathering information from users and formulating solutions to present to Zuckerberg, perhaps he could have been better prepared to handle these escalating situations and felt more comfortable simply removing inciting, disingenuous players like Jones from Facebook earlier on.

So, yes, this is a plea for companies to care about something beyond generating income, beyond keeping the letter of the law, and beyond preserving their brand, even. It’s a plea for companies to more deeply understand the needs and concerns of consumers in order to cultivate a corporate conscience. It’s an exhortation for companies to rein in their practices in pursuit of a bottom line in consideration of a deeper, consumer driven sense of ethics.

Saving your company itself may be a by-product of this new emphasis.

Times are changing, and hopefully for the better where privacy and security is concerned. As you likely noticed via the deluge of privacy policy updates flooding your email inbox a few weeks back, U.S. companies are finding that following the GDPR is the safest route for them to keep playing in the European space. And that means the changes they make often affect us here in the United States, too.

Consider all this, but also consider the mounting battle against “fake news.” Consider the contentious issue of what constitutes “free speech” online. Consider the evolving cloud of dark design patterns, which we’ve barely touched on here — patterns, which often use deception to grant companies access to tremendous troves of your information.

Your company should hire someone to research and advise them on how to handle these issues and to more vigorously represent the demands of real live consumers at play in digital spaces that are evolving at dizzying speeds. And they should do it soon.