The Zen of workplace data privacy - Zoho's Raju Vegesna on productivity monitoring, privacy as a best-of-breed weakness, and Google's "cookieless" campaign

Jon Reed Profile picture for user jreed March 19, 2021
Software vendors claim workplace data privacy is neutral - wrong. Products influence culture. And is Google's "cookieless" announcement PR hype, or a breakthrough? Time to revisit Zoho's stance on data privacy - via a 1:1 with Raju Vegesna.

Privacy threat at work - laptop with eyes in screen © Juergen Faelchle - shutterstock
( © Juergen Faelchle - shutterstock)

The data privacy debate is fraught with the perils of disinformation. Supposedly, every company cares about our data privacy. Yeah - sure. Google recently received heaps of tech press praise for its stance on a "cookieless future."

But then we learn Chrome will still allow first-party cookies for the foreseeable. Arguably, what Google is doing is more about protecting Google investors' cookie jar than changing the consumer's privacy protections (see: Google Is Taking Away the Cookies and Plans to FLoC Us All Instead).

One enterprise vendor that isn't daunted by the risk of data privacy hypocrisy? Zoho. However, Zoho does want us to think differently about privacy. How? By expanding the conversation, from consumer privacy to privacy in the workplace.

But does Zoho have the credibility to back this up? Given how many companies claim privacy as a core value - and leverage the heck out our data at the same time - it's a fair question. But as I wrote in Zoho takes their B2B data privacy stand, Zoho makes a different type of B2B privacy case. How many companies built their own AI services, specifically to avoid the privacy implications of using big tech's AI tooling? How many built their own clouds to avoid the privacy implications of putting customer data on third-party "public clouds"?

Google's third-party cookie announcement - privacy breakthrough or PR spin?

To get cookies off their site, Zoho had to build their own analytics tools (no Google Analytics allowed). Zoho's leadership acknowledges this has potentially come at a financial cost. But then Zoho, being resolutely privately-held, can make those costly calls, without Wall Street conniptions (for more on Zoho's overall vision that informs their privacy stance, check my colleague Phil Wainewright's ZohoDay 2021 - post-pandemic business success depends on transnational localism).

I've written about how this year's ZohoDay was one of the only analyst days of the year built on an interactive format. That came in handy during the privacy breakout. But with all the breaking privacy news from Google et al, there were more topics than time. So I picked this up with Zoho Chief Evangelist Raju Vegesna after ZohoDay concluded.

The first question on my mind: the ad industry is making a big fuss over Google's "end of third party cookie" for Chrome announcements. Yet there is also blowback. Some think this is a major milestone; others think Google's next plan is just as problematic. What is your take? Vegesna responded:

1) The proof is going to be in the pudding. If Google really is stopping the tracking of users, this will show up in their ad product (Google Ads) by removing targeting options for advertisers (because they really stopped tracking). If things change within their ad product (in terms of reduced targeting options), we can say Google is reducing the tracking of users. If there are no changes within their ad product, then this is just smoke and mirrors. Unless I see changes in their Ads product, I won't believe it.

2) Google has enough first-party tracking due to their monopoly; they may not even need third-party tracking. With 92% market share in Search, 86% market share in Android,  90%+ market share with YouTube, 65% of the browser market share. 67% of the market share with Maps, 50% of the internet websites embedding Google Analytics, just to name a few. Google is a monopoly in several markets which allows them to track users directly and may not even need third-party tracking (cookies or other means). This move will likely hurt Google's competitors who don't have a similar dominant position.

Workplace privacy informs product - "employees should have visibility"

But what about privacy-at-work?  GDPR and CCPA focuses on consumers - but workers' privacy concerns don't get the same legislative attention. Vegesna:

Employees should have visibility into what is happening with their information. Today, such visibility doesn't exist. It becomes the responsibility of the employer (along with software vendors offering software to employers) to provide the visibility/transparency on how employees' data is being used and with whom it is being shared. Offering this visibility within the software is part of our roadmap.

An employer has important information about the employee...from personal information to benefits to payroll to employee activities etc. All of this information has to be protected and each employee should have the visibility.

Zoho thinks their product suite ensures a level of privacy protection best-of-breed advocates can't deliver on:

This is where we believe we have an advantage because of our broad set of apps - all this information doesn't leave our system (unlike the alternative 'best of breed' approach where each app/vendor has one piece of info about the employee and the info is as secure as the weakest link/vendor).

The remote workplace forces a work surveillance reckoning

Remote work provoked a crossroads for employers. On one disturbing path, the digital exhaust of remote collaboration turns work into a punitive surveillance activity, with volume KPIs forcing workers into stressful, hyper-active pseudo-productivity.

All kinds of work monitoring apps, which I consider industrial spyware, are hitting the market hard. Heck, even Microsoft found itself in treacherous waters with its ill-considered debut of a "productivity score" metric, which I consider a work surveillance metric. Microsoft backtracked (a bit) since that announcement, but the demoralizing, small-minded idea of judging a worker's performance via a digital exhaust "productivity score" lingers. Zoho has a different goal. Vegesna:

When it comes to employee activity, when all the activity happens online, (particularly in the remote work world), what we enable in software will have an impact on the culture of a company. We know internally that our culture shapes the software we create, and software in turn shapes our culture.

Sometimes the capability of a product influences the culture of a company. (Example: If we offer a feature that allows employee surveillance for remote work, it would have an indirect influence on how companies adopt it, particularly among companies who don't put enough thought before adopting it). Just because software allows vendors/employers to track employee's movements doesn't mean software has to offer these capabilities.

Software vendors need to reckon with these points, and pronto. For the most part, they haven't. Productivity vendors tend to view their tools as neutral. Supposedly, it's all in how the customer uses it. I lean toward Vegesna's position: features directly influence culture.

As we move into the Vaccine Economy, employers need to validate the safety of their workplaces. This ushers in a potentially unprecedented and delicate amount of personal employee health data into the workplace. Are there ethical ways to approach this, or build into the software? Vegesna:

I don't believe there should be one solution across the board. The requirements for a nurse in an ICU are going to be different from the requirements for a school teacher for special needs kids or for airline travel. Each industry/business will have their specific needs and we should let them decide what is ideal for them. Based on the industry/need, they may have to share/carry additional information.

To some extent, this was partly the case earlier too. For example, I had to carry my yellow vaccination card along with my passport when I travel between certain countries even before the pandemic (traveling from Colombia to Brazil needed yellow fever vaccination card as a proof before boarding a flight). Based on the need, the software will catch up. In either case, employee's private information (including vaccination records, test results, etc.) should be protected and employees should have visibility into who has access to their personal information.

I want to get further into Zoho's latest views on data privacy, public clouds and AI. But that will require another piece. For now, I pressed the question: can a hard privacy stance be a competitive advantage?

When AI tools are free, data privacy is expensive - does it pay off?

There are inarguable material costs to taking a hard stance - otherwise, more companies would do so. I'm always surprised, especially in the U.S., to find widespread consumer indifference about data privacy. It seems like people have become passive, accepting the supposed/diabolical tradeoff between privacy and smart phone convenience. Vegesna says Zoho's employees feel differently:

This goes back to our philosophical stance at Zoho - just because we can measure something doesn't mean we should. Also, not everything that is measured is important. We make a judgment call on what should be provided in software, and more importantly, what should not be.

One aspect I am noticing within our own employees is, they are really proud of the company's stance on privacy. Just like employees want to be with companies that are environmentally responsible, they put privacy in the same category. I was pleasantly surprised by this. Moving forward, I expect employees to ask questions and make decisions based on a company's stance on employee privacy. Employees will end up voting with their feet.

If so, companies like Zoho should fare well - and deservedly so.

Note: the bold emphasis in a couple of Vegesna's comments is my editorial decision.

A grey colored placeholder image