MSD 365 Customer Insights Partnerships

Microsoft rolled out a set of enhancements to its Customer Insights CDP earlier this month, including a set of technology and data partnerships. I covered the functional enhancements yesterday.

“Organizations can automatically augment profiles with survey responses to truly uncover sentiment and drive detailed segmentation of customers, empowering agile actions that build brand loyalty and driving detailed understanding of customers,” said James Phillips, President of Microsoft Business Applications.  “Furthermore, organizations can enrich customer profiles with proprietary audience intelligence on brand affinity and user interests or by using third-party enrichments such as Experian and Leadspace.”

Leadspace supports B2B firmographic enrichment use cases, including industry codes, discrete and ranged sizing variables, geocodes, social media links, URLs, and standardized addresses.  Leadspace plans to include more advanced account-level insights such as company hierarchy and site-level details, as well as lead and intent scores, in future releases.  Firmographic updates may be processed daily or weekly with company matching performed by Leadspace.

The Leadspace data license is written on Leadspace paper and based upon the number of records under management.  Volume discounts apply.  When additional content sets are available, tiered pricing will be employed.

“We’ve been really honored to collaborate closely with the Microsoft Dynamics 365 Customer Insights team as their first B2B data enrichment partner and excited about the value it’ll bring our joint customers who want a single source of truth to fuel their sales and marketing efforts.  This offering goes a long way to helping them improve their ability to segment, prioritize, and personalize engagement across the customer lifecycle.”

Leadspace CTO Amnon Mishor

Experian supports consumer data enrichment spanning lifestyle segmentation, demographics, purchasing habits, brand preferences, life-event triggers, and mobile location data.  

Microsoft also rolled out a set of new Customer Insights integrations that “drive meaningful actions across the customer journey.”  Customer Insights is vendor-agnostic, “from ingesting data from any source to activating insights on multiple destinations.”  New partners include AutopilotHQ, Bing ads, dotdigital, Facebook, Google Ads, HubSpot, LiveRamp, Marketo, Mailchimp, and SendGrid (Twilio).

Phillips emphasized Microsoft’s commitment to data privacy and security “by enabling organizations to better control and secure sensitive data with data classification and permissions from Microsoft Information Protection.”  Organization can “configure policies to classify, label, and protect data based on its sensitivity.”

Customer Insights pricing begins at $1,500 per tenant per month for up to 100,000 profiles.

CJEU Invalidates EU-US Privacy Shield Data Transfers

The Court of Justice of the European Union (CJEU) struck down the EU-US Privacy Shield that allows firms to transfer EU citizen’s private data to the United States for data processing.  The EU maintains higher consumer data privacy laws that conflict with US security and legal policies.

“Today’s decision effectively blocks legal transfers of personal data from the EU to the US.  It will undoubtedly leave tens of thousands of US companies scrambling and without a legal means to conduct transatlantic business, worth trillions of dollars annually,” said Caitlin Fennessy, research director at the International Association of Privacy Professionals (IAPP).

The CJEU held that “the requirements of US national security, public interest and law enforcement have primacy, thus condoning interference with the fundamental rights of persons whose data are transferred to that third country.”

“In the absence of an adequacy decision, such transfer may take place only if the personal data exporter established in the EU has provided appropriate safeguards, which may arise, in particular, from standard data protection clauses adopted by the Commission, and if data subjects have enforceable rights and effective legal remedies…

The Court considers, first of all, that EU law, and in particular the GDPR, applies to the transfer of personal data for commercial purposes by an economic operator established in a Member State to another economic operator established in a third country, even if, at the time of that transfer or thereafter, that data may be processed by the authorities of the third country in question for the purposes of public security, defence and State security. The Court adds that this type of data processing by the authorities of a third country cannot preclude such a transfer from the scope of the GDPR.

Regarding the level of protection required in respect of such a transfer, the Court holds that the requirements laid down for such purposes by the GDPR concerning appropriate safeguards, enforceable rights and effective legal remedies must be interpreted as meaning that data subjects whose personal data are transferred to a third country pursuant to standard data protection clauses must be afforded a level of protection essentially equivalent to that guaranteed within the EU by the GDPR, read in the light of the Charter. In those circumstances, the Court specifies that the assessment of that level of protection must take into consideration both the contractual clauses agreed between the data exporter established in the EU and the recipient of the transfer established in the third country concerned and, as regards any access by the public authorities of that third country to the data transferred, the relevant aspects of the legal system of that third country.

Regarding the supervisory authorities’ obligations in connection with such a transfer, the Court holds that, unless there is a valid Commission adequacy decision, those competent supervisory authorities are required to suspend or prohibit a transfer of personal data to a third country where they take the view, in the light of all the circumstances of that transfer, that the standard data protection clauses are not or cannot be complied with in that country and that the protection of the data transferred that is required by EU law cannot be ensured by other means, where the data exporter established in the EU has not itself suspended or put an end to such a transfer.”

“Data Protection Commissioner Ireland v Facebook Ireland Limited, Maximillian Schrems,” 16 July 2020

The EU-US Privacy Shield was implemented several years ago after the CJEU held that the prior US Safe Harbor regime was insufficient.

Privacy advocate Max Schrems brought the cases that invalidated Safe Harbor and EU-US Privacy Shield.  Following the ruling, he stated:

“It is clear that the US will have to seriously change their surveillance laws, if US companies want to continue to play a role on the EU market…The Court clarified for a second time now that there is a clash of EU privacy law and US surveillance law.  As the EU will not change its fundamental rights to please the NSA, the only way to overcome this clash is for the US to introduce solid privacy rights for all people — including foreigners.  Surveillance reform thereby becomes crucial for the business interests of Silicon Valley…

This judgment is not the cause of a limit to data transfers, but the consequence of US surveillance laws.  You can’t blame the Court to say the unavoidable — when shit hits the fan, you can’t blame the fan.”

Privacy Advocate and Plaintiff Max Schrems

“This leaves a huge question mark over data transfers to the US, said Tanguy Van Overstraeten, partner and global head of privacy and data protection law at the law firm Linklaters.  “The Court has struck down the EU-U.S. Privacy Shield because it considers the US state surveillance powers are excessive.  For the thousands of businesses registered with the US Privacy Shield, this will be groundhog day; this is the second time the FTC operated scheme has been struck down after the Shields predecessor — the Safe Harbor — was struck down in 2015.  Businesses will now look to EU regulators to propose some form of transition to allow them to move away from Privacy Shield without the threat of significant sanctions and civil compensation claims.”

The ruling also puts in question data transfers to Russia, China, and potentially the UK post-Brexit.

“The CJEU’s judgment could have implications for the UK’s prospects of gaining adequacy at the end of the Brexit transition period,” said Peter Church, counsel at Linklaters.  “This will necessarily involve an assessment of the UK’s surveillance powers under the Investigatory Powers Act 2016.  However, there are a number of differences between the UK and US regimes.  For example, the UK regime has already been reviewed by the European courts and a number of amendments have been made to bring it into line with European law.  In addition, the UK regime does not have the same distinction between UK and foreign nationals, unlike US law which does not grant the same rights to non-US citizens.”

“This is a bold move by Europe,” said Jonathan Kewley, co-head of technology at law firm Clifford Chance.  “What we are seeing here looks suspiciously like a privacy trade war, where Europe is saying their data standards can be trusted but those in the US cannot.”

Standard Contract Clauses (SCCs) may also be insufficient.  “If the law in the relevant country – let’s say the USA – could override what the contract says, they don’t work,” said Kewley.  “I don’t know how much appetite they have to do this, but it’s hard to imagine that any European regulator would say that SCCs work for the US, and the pressure will pile on for them to make the assessment.  I don’t think SCCs escaped the court’s judgement – for some key countries, it’s probably just a stay of execution.”

One likely impact will be the localized processing of EU consumer data within EU data centers.  Over 5,300 companies rely upon the EU-US Privacy Shield as part of their GDPR and broader EU compliance.  Companies that rely upon the Privacy Shield span a broad set of B2B data, DaaS, social networking, CDPs, and cloud companies [searchable list].  These include Zoominfo, Dun & Bradstreet (including Lattice Engines), Experian, Infogroup, TechTarget, Microsoft (including LinkedIn), Facebook, Twitter, Google, Amazon (including AWS), Oracle, Salesforce, HubSpot, Adobe (including Marketo), LiveRamp, Melissa, TowerData, 6Sense, Leadspace, SalesLoft, Outreach, Groove, VanillaSoft, Yesware, and ConnectLeader.

Firms are also likely to ramp up their GDPR and CCPA compliance messaging, but that does not address the weaker data privacy structures of US law.

CCPA Now in Effect

The California Consumer Privacy Act (CCPA) went into force this week, but enforcement will be delayed for six months.  “We’re going to help folks understand our interpretation of the law,” said California Attorney General Xavier Becerra.  “And once we’ve done those things, our job is to make sure there’s compliance, so we’ll enforce.”

Microsoft indicated that CCPA will be used as a national standard. Microsoft has already extended EU GDPR compliance globally and called privacy “a fundamental human right.”

“CCPA marks an important step toward providing people with more robust control over their data in the United States,” wrote Microsoft’s Chief Privacy Officer Julie Brill.  “It also shows that we can make progress to strengthen privacy protections in this country at the state level even when Congress can’t or won’t act.”

CCPA requires firms to be transparent in how they collect and use consumer data.  Individuals also have the option to block sales of personal data.  However, “Exactly what will be required under CCPA to accomplish these goals is still developing,” wrote Brill.

Microsoft supports a national privacy law which cover “more robust accountability requirements” including minimizing data collection, transparency around how data is being used, and “making them more responsible for analyzing and improving data systems to ensure that they use personal data appropriately.”

Facebook is hedging, saying “we do not sell people’s data” without acknowledging that its business is based on monetizing member data and that it has a poor history of controlling partner data collection on its platform.

Salesforce CEO Marc Benioff called Facebook the “new cigarettes for our society,” which undermines societal trust.  On CNN’s Reliable Sources, Benioff called for Facebook to be regulated or split up.  “They’re certainly not exactly about truth in advertising.  Even they have said that.  That’s why we’re really in squarely a crisis of trust, when the core vendor themselves cannot say that trust is our most important value.  Look, we’re at a moment in time where each one of us in every company has to ask a question: What is our highest value?”

“I expect a fundamental reconceptualization of what Facebook’s role is in the world,” continued Benioff.  “When you have an entity that large with that much potential impact, and not fundamentally doing good things to improve the state of the world, well, then I think everyone is going to have it in its crosshairs.”

LinkedIn Restates Its Members-First Principles

LinkedIn Logo

In a blog titled, “Maintaining the Trust of our Members,” LinkedIn recommitted itself to a members-first approach.  The Microsoft subsidiary frames its decision-making with the question, “Is this the right thing to do for our members?”

Along with a members-first policy, LinkedIn employs four principles to frame decisions:

  • Members maintain clarity, consistency, and control over their data. This goal is manifested in a broad set of privacy settings, observing the stated wishes of each member, and protecting their data.  Microsoft employs a global GDPR standard and does not transfer member data to other companies.  For example, LinkedIn Sales Navigator limits data access to member-data view-only access, which displays profiles within CRMs and other partner applications but does not transfer data to those platforms.
  • LinkedIn will remain a safe, trusted, and professional platform.  The firm removes content which violates their Professional Community Policies and removes fake profiles, jobs, and companies.
  • LinkedIn is committed to removing unfair bias from its platform so that individuals with equal talent have equal access to opportunity.  “To achieve this goal, we are committed to building a product with no unfair bias that provides opportunity to all of our members.  There is a lot of work still to do, but we are focused on working across our company, with our members and customers, and across the industry to close the network gap.”
  • As a global platform, they are committed to respecting the laws that apply to them and “contributing to the dialogue” about legal frameworks.

LinkedIn Advertising is subject to an initial review.  LinkedIn vets ads to ensure they are non-discriminatory:

“Even if legal in the applicable jurisdiction, LinkedIn does not allow ads that advocate, promote, or contain discriminatory hiring practices or denial of education, housing, or economic opportunity based on age, gender, religion, ethnicity, race, or sexual preference.  Ads that promote the denial or restriction of fair and equal access to education, housing, or credit or career opportunities are prohibited.”

Blake Lawit, LinkedIn General Counsel

The statement of principles comes at a time when other social media firms are struggling to develop rules and policies around political advertising. LinkedIn does not carry political advertising and also restricts adult content, illegal, health, gaming, weapons, multi-level marketing, alcohol, tobacco, and financial (payday loans, cryptocurrency) products.  

LinkedIn continues to grow its customer base with 660 million members across 200 countries and 30 million companies.  The top countries are the United States (165M members), India (62M), China (48M), Brazil (40M), and the UK (27M).

LinkedIn maintains offices in nine US cities and 24 international locations. The platform supports 24 languages.

LinkedIn Concerned about Tech Regulations

LinkedIn CEO Jeff Weiner raised concern about a tide of tech regulation following recent data privacy scandals.  Of particular concern is the impact of removing tech company immunity for the content shared by users under Section 230 of the Communications Decency Act.  If the Section were removed, social networks would be forced to proactively censor posts.

“Even if the [technology] industry were to do greater self-regulation, you’re going to see more regulatory oversight.”

Just as the wide use of algorithms has provided a megaphone to misinformation and fringe social media, regulation can have unintended consequences.  “The unintended consequences work both ways,” said Weiner.  “Companies make decisions only with the best of intentions, and there are unintended consequences of those decisions.  But from a regulatory perspective, I think it’s the same thing.”

“You could stifle a lot of innovation.  You could stifle a lot of openness.  You could stifle a lot of the things that create value by virtue of changing these liability rules and laws. That is just almost a canonical example of where these unintended consequences would really proliferate.  The things companies would need to do to ensure that they were protected is going to hurt the way in which people can communicate with one another.”

LinkedIn CEO Jeff Weiner

LinkedIn operates in China where it is subject to censorship.  The firm decided to enter the market as it’s mission is to create economic opportunity globally.  “The censorship issue in China is always a painful one,” he said.  “It has to be navigated and managed in the context of the broader vision.” While LinkedIn is advocating for Section 230, its parent company has taken a pro-regulatory view on data privacy, calling for an American version of GDPR.  Microsoft has built GDPR into the infrastructure of its platforms.

Court Rules LinkedIn Scraping Legal

In a ninth Circuit Court ruling last week, the Court sided with hiQ Labs which had been barred from accessing LinkedIn for the purposes of scraping public profiles.  hiQ Labs, a data analytics company which identifies employees who may be looking to depart, won a preliminary injunction against LinkedIn.  This is the second court which has evaluated the case and sided against the Microsoft subsidiary.

LinkedIn argued that scraping after a cease-and-desist letter was “without authorization” under the federal Computer Fraud and Abuse Act (CFAA), but hiQ Labs argued that the content was public and that scraping public data was not akin to hacking.

The Court ruled that “there is little evidence that LinkedIn users who choose to make their profiles public actually maintain an expectation of privacy with respect to the information that they post publicly, and it is doubtful that they do.”

The Court continued, “LinkedIn invokes an interest in preventing ‘free riders’ from using profiles posted on its platform.  But LinkedIn has no protected property interest in the data contributed by its users, as the users retain ownership over their profiles.”

The National Law Review summarized the case:

Most notably, the Ninth Circuit held that HiQ had shown a likelihood of success on the merits in its claim that when a computer network generally permits public access to its data, a user’s accessing that publicly available data will not constitute access “without authorization” under the CFAA.

In light of this ruling, data scrapers, content aggregators and advocates of a more open internet will certainly be emboldened, but we reiterate something we advised back in our 2017 Client Alert about the lower court HiQ decision: while the Ninth Circuit’s decision suggests that the CFAA is not an available remedy to protect against unwanted scraping of public website data that is “presumptively open to all,” entities engaged in scraping should remain careful. The road ahead, while perhaps less bumpy than before, still contains rough patches.  Indeed, the Ninth Circuit cautioned that its opinion was issued only at the preliminary injunction stage and that the court did not “resolve the companies’ legal dispute definitively, nor do we address all the claims and defenses they have pleaded in the district court.”…

On appeal, the parties offered dueling visions of what the law surrounding the CFAA and scraping should be:

LinkedIn: “[A]uthorization from LinkedIn—the server’s owner—is ‘needed’ to avoid CFAA liability, regardless of whether those servers also host data that LinkedIn generally makes available on its website.  hiQ lacked that required “authorization” once LinkedIn sent hiQ its cease-and-desist letter and implemented additional technological barriers restricting bot access.”

HiQ: “LinkedIn does not grant permission to access its public content because those pages are, by definition, open for all to see and use.  hiQ, like any other Internet user, simply requests LinkedIn’s public pages, and LinkedIn’s servers automatically provide them.  There is no “authorization” for LinkedIn to revoke.  Reading the statute in accordance with the language’s ordinary significance, “without authorization” refers to circumstances where authorization is a prerequisite to access.”

National Law Review

Intentional access without authorization under the CFAA generally covers hacking and employee access after permission has been rescinded.  As public profiles are not subject to passwords, the question of whether the CFAA applied was in question.

“It is likely that when a computer network generally permits public access to its data, a user’s accessing that publicly available data will not constitute access without authorization under the CFAA,” wrote the Court.  “The data hiQ seeks to access is not owned by LinkedIn and has not been demarcated by LinkedIn as private using such an authorization system.  HiQ has therefore raised serious questions about whether LinkedIn may invoke the CFAA to preempt hiQ’s possibly meritorious tortious interference claim.”

Thus, the ruling supports web scraping of public sites.  What it doesn’t address is whether harvesting member data for the purposes of generating datasets which counter the interests of social media sites and its members is against the public interest.  This question may be more of a public policy question than a legal one.  Members join LinkedIn for the purposes of professional networking, job searching, and self-marketing.  While public LinkedIn does not publish emails or direct dials, it includes work and educational histories, interests, affiliations, and other personal content.  Furthermore, it is easy to guess at emails making it fairly trivial to assemble email files for spammers.  It is very possible, that the HiQ Labs ruling conforms with US law but due to the Personally Identifiable Information content being gathered is counter to European GDPR.  The result could well be the loss of public LinkedIn profiles or a thinning of publicly posted profiles.

The Court focused on the CFAA and did not evaluate other arguments when granting relief.  “State law trespass to chattels claims may still be available.  And other causes of action, such as copyright infringement, misappropriation, unjust enrichment, conversion, breach of contract, or breach of privacy, may also lie,” stated the Court.

Orin Kerr, a law professor at UC Berkeley called the ruling a “major decision for the open internet.  It doesn’t establish that scraping websites is completely legal, but it goes a long way toward establishing that it’s not a federal crime.”

In the case of HiQ, they offer predictive attrition models which could result in individuals not being hired or employees not being promoted.  “Keeper is the first HCM tool to offer predictive attrition insights about an organization’s employees based on publicly available data,” says the firm.  While some high-value employees may enjoy additional leverage due to these models, others may be mistrusted.  

One could imagine other detrimental use cases such as credit companies tracking employment and lowering credit scores.  The result would be higher interest costs and a lowered ability to find a job.  The result would be decreased transparency and truthfulness on LinkedIn.

As such, the scraping of LinkedIn data could undermine the trust members have in LinkedIn or limit the permissions granted to LinkedIn.  If LinkedIn played fast-and-loose with member data, they would have less standing, but LinkedIn does not permit downloading of member data to Excel or the uploading of member data to CRMs.  Sales Navigator treats member data as view only in its SNAP connectors.  Thus, LinkedIn is placing data privacy rules on itself that it cannot place on third-parties that gather LinkedIn data.  More broadly, parent company Microsoft has committed itself to GDPR as a global data privacy standard.

Analyst David Raab of the Customer Data Platform Institute had a tongue-in-cheek view of the case: “In what I like to think of as CSI: Obvious Division, a federal appeals court ruled that LinkedIn can’t block scraping of published member data because people had no expectation of privacy for their public profiles.  It’s rather amazing LinkedIn thought they could win with that one.” .dialogRendere

GDPR First Anniversary (Is Your Data More Secure?)

EU Flag

As GDPR hit its first anniversary on Saturday, Microsoft once again called for a US privacy law which shifts the onus of data privacy from the individual to corporations.  Today, Americans operate in an opt-out regime which requires them to find and manage their privacy settings.

“This places an unreasonable — and unworkable — burden on individuals,” wrote Microsoft’s Deputy General Counsel Julie Brill.  “Strong federal privacy should not only empower consumers to control their data, it also should place accountability obligations on the companies that collect and use sensitive personal information.”

Microsoft prefers a single federal standard to piecemeal state-level laws such as California’s CCPA.  Brill said the legislation should be interoperable with the GDPR to help reduce the “cost and complexity of compliance.”  This framework should reflect ”the changing understanding of the right to privacy in the United States and around the world.”  The proposed legislation should “uphold the fundamental right to privacy through rules that give people control over their data and require greater accountability and transparency in how companies use the personal information they collect.”

“For American businesses, interoperability between U.S. law and GDPR will reduce the cost and complexity of compliance by ensuring that companies don’t have to build separate systems to meet differing—and even conflicting requirements—for privacy protection in the countries where they do business,” said Brill.

According to eMarketer analyst Ross Benes, the US ad industry has shifted from a call for self-regulation to supporting national privacy regulations, fearing ”a patchwork of different rules” as “legislation looks increasingly inevitable.”

A TrustArc/Ipsos survey of UK adults (16 – 75) found a 36% improvement in trust concerning personal data since GDPR went into effect.

Source: TrustArc / Ipsos GDPR Survey of 2,230 UK adults (May 2019)

A Snow study found that 39% of global business professionals believe their data is better protected since GDPR passed, with the biggest increase in the APAC region (48%).  40% of Europeans also believed their personally identifiable information is more secure, but only 30% in the US held the same belief.

74% of surveyed professionals believe that the technology industry needs more regulation with 83% of APAC and 72% of US respondents wanting additional tech regulation.

The EU has yet to strictly enforce the law with only one large fine ($56M) versus Google in France. However, Google and the social media and advertising companies are all subject to ongoing suits:

The latest investigation — the first by the Irish watchdog into Google — brings to 19 the number of open cases by the regulator targeting big U.S. tech companies. They include probes into Apple Inc., Twitter Inc., eight probes into Facebook Inc., plus one into Instagram and two into WhatsApp.

Los Angeles Times, “Google could face hefty EU fine over possible privacy violations,” May 22, 2019

“What is important to recognize is that the EU is taking GDPR very seriously, with fines being established for any breach,” said Ben Feldman, SVP of strategy and innovation at NYIAX.  “I would expect that the first six-to-nine months of any new regulation action would be spent working out the kinks and processes of implementation.  It is quite likely that we will see more fines in the coming months.”

Quora: Does LinkedIn Sell Your Info?

The following is a Quora post answering the question, “Does LinkedIn Sell Your Info?”


This is likely to fall into a semantics question. If data is employed in the aggregate and your personally identifiable information is not disclosed, then I would argue that your information is not sold. Likewise, if you are presented an ad because your LinkedIn profile conforms with a target audience definition, your data is also not being sold.

I can’t answer for LinkedIn Recruiter, but can answer in the Sales and Marketing context.

LinkedIn offers a sales product called Sales Navigator. Users can view company and contact information on Navigator just as they can on the free service. It even supports viewing this data within third-party SNAP products. However, Navigator and SNAP are view only. Sales reps cannot download your profile or sync it with any of their partner platforms. They also restrict display of your email and phone information to your direct connects as well as other content you flag as restricted.

LinkedIn Marketing sells advertising on LinkedIn and Bing based upon your profile attributes. Advertisers define their target audience across a broad set of firmographic, career, and location variables, but these segments are not provided directly to the marketer. Instead, they are used for advertising display. Thus, your data isn’t sold, just your eyeballs.

LinkedIn treats its member’s data with respect. Microsoft, its parent company, has called for a US version of GDPR, the European data privacy standard. CEO Satya Nadella stated that “privacy is a fundamental human right” on an April 2018 earnings call and said that the firm has implemented an “end-to-end privacy architecture” which is GDPR compliant.

The LinkedIn SNAP AppExchange connector displays LinkedIn content and functionality within Salesforce, but does not sync any company or contact data with SFDC.
The LinkedIn SNAP AppExchange connector displays LinkedIn content and functionality within Salesforce, but does not sync any company or contact data with SFDC.

LinkedIn Email Downloading

LinkedIn users can block connections from downloading their emails.
LinkedIn users can block connections from downloading their emails.

LinkedIn added the option to restrict downloading of emails by their connections.  LinkedIn does not generally allow profile downloading or CRM synching except for permissioned connections.  Users now have the option to permit connections to view their emails but block them from downloading emails.  By default, emails are not downloadable unless users change their settings to permit downloads.

While the change is pro-privacy and consistent with GDPR, TechCrunch took a negative view of the new setting.

A win for privacy on LinkedIn could be a big loss for businesses, recruiters and anyone else expecting to be able to export the email addresses of their connections.…[The new option] could prevent some spam, and protect users who didn’t realize anyone who they’re connected to could download their email address into a giant spreadsheet. But the launch of this new setting without warning or even a formal announcement could piss off users who’d invested tons of time into the professional networking site in hopes of contacting their connections outside of it…

On a social network like Facebook, barring email exports makes more sense. But on LinkedIn’s professional network, where people are purposefully connecting with those they don’t know, and where exporting has always been allowed, making the change silently seems surreptitious. Perhaps LinkedIn didn’t want to bring attention to the fact it was allowing your email address to be slurped up by anyone you’re connected with, given the current media climate of intense scrutiny regarding privacy in social tech. But trying to hide a change that’s massively impactful to businesses that rely on LinkedIn could erode the trust of its core users.


Josh Constine, TechCrunch

TechCrunch overstates the loss.  Member control their data, not LinkedIn or LinkedIn connections.   Second, there are multiple ways to reach users from within LinkedIn including InMail, messaging, and PointDrive.  Unless the email is blocked on the profile, connections still have access to emails from within LinkedIn.  Finally, most emails in LinkedIn are personal emails, not business emails (an issue they should address by allowing both and setting privacy and messaging rules around multiple emails), so reaching out to individuals on their emails only makes sense for friends, family, and recruiters on LinkedIn, not businesspeople networking with colleagues and clients.

While LinkedIn wasn’t transparent about the privacy change, it enhanced the privacy of its members.  As such, looking for nefarious reasons for the enhancement is a reach.

Salesforce: Trust is the Key Value for Tech Companies

Salesforce: Trust is the Key Value for Tech Companies

Speaking to Jim Cramer on Mad Money, Salesforce CEO Marc Benioff argued that for technology companies, the key value is no longer the great idea, but trust:

In technology over the last two decades, the most important thing has been the idea. That is, the best idea wins.   That has been what gets you funded, that’s how you grow your company, that’s been your highest value: the best idea wins. No longer true.

The current highest value is trust, and if trust is not your highest value, if the most important thing to you and your company is not trust, you need to look again, and that’s what’s happening with these companies today.

Salesforce CEO Marc Benioff

Benioff observed that a lack of trust is eroding Silicon Valley companies such as Facebook.  “Their executives are walking out, employees are walking out,and that happens with a lot of companies in tech right now. We’ve had a lot of walkouts this quarter.  And the reason why is because it’s kind of amessage to the executives: it’s time to transform.”

“Every company has to hold themselves to a new level of trust, and if your brand is not about trust, you’re going to have customer issues, and you can see that in that brand,” observed Benioff.

And trust has long been part of Salesforce’s value proposition.  The firm emphasizes it’s 1:1:1 philanthropy program (Donating 1% of technology, people, and resources) which has been adopted as a model by other companies.  Salesforce also promotes local nonprofits at Salesforce events, emphasizes Trailhead and meetups for skills advancement, embraced a San Francisco tech company tax to address homelessness, called for a US GDPR to protect privacy, raised womens’ wages to address a pay equity gap following a self-audit, and spoke out against anti-gay legislation.  Under a short-term profit-maximization model, these activities make little sense, but under a longer-term stakeholder’s approach, they make perfect sense.

Trust is based on a stakeholders approach to corporate governance.  It recognizes that Milton Friedman’s stance against social responsibility (“there is one and only one social responsibility of business to use its resources and engage in activities designed to increase its profits so long as it stays in the rules of the game, which is to say, engages in open and free competition, without deception or fraud.”) is wrong.  A stakeholders approach recognizes that employees, customers, partners, investors, and the general public all place value on companies that take a long-term view of their role in society.  Simple profit maximization is a short-term approach which fails to recognize that you can’t attract the best employees or close multi-million dollar deals if you are not trusted.

And you can see this in the stock price growth of Facebook and Salesforce over the past five years.  Facebook’s stock price outpaced Salesforce for the past five years, but once Facebook lost trust, its stock price declined.

Salesforce and Facebook both had strong stock price growth over the past five years, but Facebook retreated this year after it lost trust amongst stakeholders.
Salesforce and Facebook both had strong stock price growth over the past five years, but Facebook retreated this year after it lost trust amongst stakeholders.