The basement of the modern web: Moving privacy from the cost center to the profit center.

Growing up in the midwest of the U.S., nearly every house had a basement. They all have similar attributes: a little dark, slightly dingy, a waft of mildew. They are always a little cooler than the rest of the house, most have cement floors, and it's where you store your out of season holiday decorations, books you “might” read again, the water heater, the HVAC, and fuse-box. You only go down there when you need to or when something is broken. When your friends come over, you don’t invite them to your basement unless you have spent time and effort to turn it into a real livable space.

Most basements are “cost centers” of a house. The goal of a cost center is to minimize costs since they do not directly contribute to the overall value or experience of the rest of the structure. So, very often “good enough” is settled on. No one buys a house based on the basement; large kitchens with plenty of gadgets and beautifully curated bathroom spaces sell houses. In modern companies, the kitchens and bathrooms are akin to profit centers. They are: sign-up flows, checkout flows, and the app user experience. Personal data collection, data privacy, and data security are relegated to the dank, dark basement and results in hidden, neglected, and under-utilized privacy strategies.

Over the past months, we have visited hundreds of websites to better understand the huge gap between the upstairs and basement of some of the most recognized apps and companies in the world. It is obvious that most companies treat personal data and data privacy as a cost, not an opportunity.

There are a few types of classic old basements: The “it was cool 25 years ago look”: shag carpeting, faux wooden panel walls, slightly stained drop ceilings. Or the “cement, cinderblock, and exposed pipes” look. Now, I will say, some people actually invest a lot of money to turn basements into livable spaces, usually to open up new opportunities, new square footage, and increase the value of their homes, but for some reason, most homes will have a utility space.

This is how most large companies currently treat their privacy experience. Where they might spend millions of dollars and tens of thousands of development hours optimizing a new feature or a button but their privacy experience looks like it is from the early internet.

Example 1: Facebook’s Privacy Basement — Concrete and musty

For a company that pride’s itself on having an amazing UX and UI, they sure bury this process deep and it even looks dated. Instead of creating a delightful experience here, you have to dig around, find the door, head to the basement, and are greeted with concrete walls, concrete floors, and a bunch of pipes everywhere. For a company closer to a trillion dollar valuation than not, they should do better. Imagine what 10 developers and 2 designers, could make this look like in 6 months if they wanted to? A shame.

The sad news is, this is the standard. Most brands and organizations do not update their privacy experience with best practices, they feel old, they are largely text, and on purpose, are not delightful.

Example 2: Taco Bells’s Basement — Hide and seek

As a kid, I used to play hide and seek. One of the best places to hide was the basement. The seeker would not look there right away, it was dark and there were a lot of nooks to crawl into. Taco Bells’ privacy experience is like that. It’s URL is:; you have to find your way to legal notices, then to privacy. When you get there, there is SO MUCH to get lost in. Their privacy policy is full of legal language and it takes a few years of law school to fully understand what is going on.

This is frustrating because most companies think data privacy is just a privacy policy and a few cookie popups. But, as we are seeing more and more, data privacy is a driver of consumer decisions. Who would want to make a critical decision when you have to click and search for even the most simple information: What data are you collecting?

Lead pipes, knob and tube wiring, and lead paint: Old data subject request forms

The basement is also the last place to get critical upgrades. This is where you find lead pipes, old, dangerous wiring, and lead paint. Since GDPR was passed in 2016 and implemented in 2018, one of the most critical rights that end-users got was the right to see and manage their personal data. There was a rush towards compliance and some companies like OneTrust filled that critical compliance gap with form-based “data subject request forms.” But then the innovation ended.

Since most companies categorize data privacy as a part of a cost center, the goal is to minimize the investment. Companies took GDPR and the new data privacy tools and threw them into the basement, next to risk tools, compliance tools, and legal tools.

This is what they get: a horrible user experience. Fill out a form, wait 6–8 weeks, and maybe, if you meet the criteria, you get an answer.

Remodel the basement: from cost to profit

The real danger of putting data privacy in the basement is that as consumer behavior changes, these companies are in the dark. Cost centers are disconnected from their upstairs profit centers. Profit centers listen to customers, keep their pulse on society, and their goal is to invest in experiences to increase revenue and key KPIs. The shift has already begun. Privacy is starting to really matter. According to a KPMG survey in 2020, 87% of consumers say data privacy is a human right! As a general rule, don’t put human rights in the basement.

Consumers are becoming increasingly concerned with and distrustful of how companies safeguard their personal data against misuse and theft. Companies must take steps now to keep pace with expectations — or risk losing access to the data that increasingly drives strategy, insights and success.

So, how do you turn a dingy, musty, old basement into new useable square footage? You have to remodel it and that is not cheap. The utilities have to be modernized and hidden, you need drywall, new flooring, new drainage, an architect, and an interior designer. But, in the end, a finished basement is a great investment and so is a well-thought-out and consumer-facing data privacy platform.

Google’s own research arm found that data privacy can be used to increase profit-center KPIs like click-through rates, signup rates, and consumer trust all leading to higher revenue and higher repeat customer rates.

When customers are clear about how and why their data is being collected, and can recall giving permission, brand messaging is more effective. We found that those who remember giving permission to advertisers to use their data are more positive about ads shown to them…

People are three times more likely to react positively to advertising when they feel a greater sense of control over how their data is used. People feel empowered when they have this sense of control. For some, this creates a desire to further tailor their marketing experiences to better suit their needs — opening up additional opportunities for brands to build long-lasting relationships that offer value to both parties. — Think with Google

A finished basement not only creates more space and opportunities for a house but adds to the usable square footage, creating more value. The cost center becomes a profit center and everyone wins. Homeowners can take their guests into the finished basement without being embarrassed and the home value goes up! Organizations need to invest in their privacy strategy and experience and they will see similar new opportunities open up.

Rownd is focused on the next 10 years of the internet, where privacy and personal data collection is firmly in the profit center, where consumers make calculated and informed decisions around what data they lend and for how long.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store