top of page

The World of Permissioned Data

The term zero-party data bubbled up over a year ago. It has the following meaning:

Zero-party data is personal data that a customer deliberately and proactively shares with a brand or a retailer.

Long before the term zero-party data was invented, we referred to such data as permissioned data at There’s also the term “declared data,” which may confuse the picture — that’s data acquired by such activity as consumer surveys. It is also permissioned data or zero-party data. But let’s not be confounded by the terminology; beneath it all lies an important development in the world of advertising and marketing.

Businesses are beginning to recognize that many individuals are aware that they own their personal data and they are eager to put it to good use. There are many reasons why this has come to pass: because of government regulation, because of outrage at the exploitation of personal data by some vendors, but most of all, it has become clear that personal data has significant value.

Just so we are clear about how this idea emerged, let us quickly describe first party data, second party data, and third party data.

  1. First Party Data. This is the data that a business gathers directly from its interactions with its audience, usually via its website, or possibly by emails, records of conversations, and any other direct interaction with either its customers or prospects. The important point to note is that until quite recently, first-party data was the highest quality data a business could collect concerning its customers and prospects. Unless it is regularly renewed, it gradually ages.

  2. Second Party Data. This is no more nor less than second-hand first-party data. It’s the data an organization collects from its audience that it sells directly to another company. Second-party data is likely to be of lower quality than first-party data because, by the time you get your hands on it, it has aged and because you will inevitably be less aware of its context than the company providing it.

  3. Third Party Data. This is data you can purchase from data brokers and data aggregators. The source companies did not originally collect the data (as first-party data) but aggregated it from multiple sources. Some of the data may be obtained from public sources, government records, social network profiles, and so on. Some of it may come from purchased first-party data. Some may even come from hacker data. Naturally, the quality of the data will vary according to the methods and diligence of the aggregator. In general, item for item, it is likely to be relatively low-quality data.

The Emergence of Permissioned Data

It was against the landscape of these three types of differently-sourced data that the term, zero-party data, first emerged. It was invented by the analyst company Forrester. In the wake of GDPR legislation in the EU, Forrester realized that there was another category of data that did not fit into the first, second, and third-party data categories. And it was important because it was high-quality data.

Because we at Permission had been pursuing a business model based on the productive use of personal data more than a year before GDPR came into force, we had our own ideas about personal data and our own term for it. We called it permissioned data. In our view, permissioned data is personal data that individuals are willing to share with other parties.

There can be a variety of reasons for wishing to share personal data. One obvious example is medical data. People will obviously want to share their personal health data with healthcare organizations. They may want to share their employment data and educational data with potential employers. They may want to share financial records with financial service companies.

And, of course, they may want to be able to share that data in contexts where they can be rewarded for its use. That’s what is about and that’s also what Forrester was talking about with Zero-party data.

The Quality of Permissioned Data

Permissioned data is data that individuals own and manage and make available directly. It is high quality for several reasons:

1. It is likely to be up-to-date.

If permissioned data is well managed it will be more up-to-date than first, second, and third party data. Such data was always captured some time ago, possibly quite a while ago. Permissioned data is current data.

The reality of data is that it changes. Addresses change, qualifications change, jobs change, financial status changes, marital status changes, and preferences change. When you think about it, most data is akin to a photograph. Assuming it has not been corrupted, it gives you information that was true at a particular point in time and may no longer be true.

2. It is the prime source.

Regulations are making it increasingly costly to store personal data. You only need to study the EU’s GDPR to realize how onerous storing personal data can be. The data owner has:

  1. The right of consent

  2. The right to access the data

  3. The right to change data

  4. The right to complain

  5. The right to erasure

  6. The right to portability

The point is that if you’re going to store personal data, then you will need systems and software procedures that enable you to accommodate the rights of the data owner.

You will also need a Data Protection Officer. The reason is simple, the EU insists that you appoint one. And by the way, if you violate an EU citizen’s data rights, the fines are steep — up to 4% of your annual revenue (this is not a misprint).

Doesn’t it make a lot more sense to simply rent the personal data you’d like to use, by arrangement with its owner?

Now you may be thinking, “well I don’t deal with EU citizens.” And that may be the case, but if that’s what you think, make sure of it. Because if you hold the data of even one EU citizen, then these rules apply. And if you don’t, but one suddenly gets into your system, then these rules apply. And these rules apply to all organizations in the world, irrespective of jurisdiction.

And, also, you probably need to watch out for your local data regulations too, no matter where your company is based, because the global trend is for governments to increase the regulation of data. The smart move may be to evade those laws by letting the data owner put in all the effort.

3. It is accurate and comprehensive.

Permissioned data is likely to be more accurate. This is partly because it is the prime source and, hence, when you get hold of it, either it has never been copied (because you are using source data directly) or it has been copied just once, temporarily into your analytics system.

Permissioned data is likely to be more coherent in the sense that the data is organized and there is nothing ambiguous about its meaning. Because, at the moment, very few people directly manage their own data, the quality of permissioned personal data will improve over time. Indeed, once data owners get into the habit of curating their own data, they will have a growing incentive to make it as comprehensive as possible. In making this point we are, to a certain extent anticipating the way things will be, but we have little doubt where this trend is heading.

Bear in mind that there are different categories of data:

  1. Curated data: Information, including credential data, that the data owner naturally assembles from their activities.

  2. Declared data: Information knowingly provided by a user through surveys or online forms. Some of this will simply be user opinion and it is well known that user behavior does not necessarily align with stated user opinion. Nevertheless, what a user thinks is useful information and matters. Increasingly users will always retain such data.

  3. Aggregated data: Data aggregates in which user data may participate. For example a collection of the personal data of all the people who support a particular sports team.

  4. Inferred data: Data logically inferred from a user’s personal data. For example, certain user preferences can be known by employing correlation algorithms to user data.

  5. Behavior data: Data gleaned from tracking user activity in any context, particularly online, to determine preferences.

Permissioned data will be better in all these contexts. Not only is it likely to be more accurate, but it will also be more coherent — less likely to contain puzzling contradictions.

4. It will improve with time.

The final important point is that permissioned data will get better over time. On the one hand, once data owners get into the habit of permissioning their data, they will also cease to let their data be copied, legally or otherwise. And once they realize that it is possible to monetize their data most people will try to maximize its value, which will mean accumulating as much of it as they can.

The sources of first, second, and third party data will, at some point, begin to wither on the vine.

Data Evolution

Recent activity, by Apple in providing its iPhone and iPad users the ability to opt-out of sharing IDFAs (IDs for advertising) and by most of the browser software companies in sidelining third-party cookies to the point where they will become obsolete, has put marketers in an awkward position. You don’t need a weatherman to know which way the winds blow here. Third-party data is going to become harder to accumulate.

As this corner of the market runs into problems, at the other end of the spectrum the evolution of permissioned data has only just begun. The point is this: permissioned data is in its infancy.

Yes, of course, it will prove extremely useful to brands and retailers and it will soon drive a new and exciting advertising platform. Advertisers will enjoy higher quality data than they’ve ever previously known and the ROI on their advertising will improve, perhaps dramatically.

And by the way, did I mention that once you have direct interactions between consumers and advertisers, all of those bots which plague other advertising markets will be locked out? If we do this right, the hackers and the scammers will melt away like snow on the water.

We should see this for what it is, an evolution of the market for personal data. Once individuals control their data, innovators will naturally enter into the market with new ideas about how the data owners can profit most.

This is not the same data that has been collected in a fragmented way by those who deal in first, second, and third party data, this is a data resource assembled from an alliance of the data owners. It is higher quality, it is far more coherent, and it will prove to be far more useful, not just to advertisers and brands, but to all organizations that interact with individuals.


bottom of page