The "DXP Creep"


It’s the Halloween season, and you know what that means: ghost stories! Here’s a good one:

There once was a large, multi-conglomerate organization. They used their technology to spy on their customers, collect their data, and use it to do all sorts of frightening things. Like littering them with non-stop marketing spam and selling their customers’ data to third parties, who had even more devious plans in store.

People used to call this organization the DXP Creep. Because, they said, the only way the company was able to capture all this customer data and manipulate it to their own ends was because they had a Digital Experience Platform behind the scenes doing all the work. That this unseen, “creepy” technology brought their worst fears about online privacy and ownership of data to life.

…And that’s the story. There’s no ending because, unlike most ghost stories, the DXP Creep actually does exist. Many DXPs (or even worse, DMPs) do not have stringent policies in place for what an organization can do with your data once they have it, how they can manage it, and where they can transfer it. It has been a problem the customer data industry has wrestled with for years, and in all honesty continues to wrestle with even in light of recent regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). 

So it begs the question. Is Jahia a “DXP Creep”?

The short answer is no. The long answer is also no, but it’ll take me a few hundred more words to explain why.

For a DXP to function correctly, it requires a constant influx of customer data. This is done to better personalize the content, look, and feel that the customer receives across their digital interactions with an organization. In essence, a DXP uses data to enhance customer experience. However, there are a number of ways that a DXP can collect this data. Some of it can be explicit — signing up for an account, taking a survey, or filling out a questionnaire. Any action that will knowingly feed data back to the company. Then there’s the implicit stuff — search history, purchase history, browsing habits on their site or application. The stuff you don’t know they know about you.

Some DXPs have always asked for your permission to collect your data and give you the ability to opt out of collection at any time. Some don’t.

Jahia has been built and designed from Day 1 to empower customers with their own tracked data. Where the customer is always the owner, not the company, and thus they have the ability to do whatever they want with it. We did this in a number of ways. First, we pioneered an open standard called the Customer Data Platform Specification in the OASIS Open standards group, in order to make APIs transparent and open. Then we contributed this base code to Apache Unomi, an open-source Customer Data Platform that implemented stringent pro-consumer rules and features long before either GDPR or CCPA were even a twinkle in a regulator’s eye. Finally, we brought this same design back into our own CDP, jCustomer, and used it to further enhance how our DXP and overall Jahia platform functions. The idea always remained the same: Don’t take our word for it — instead, look under the hood yourself and see what is happening to your customer data. 

This was all done because we understood that there is a difference between enhancing a customer experience and being a “creep.” The former is tied to the idea that every customer is happy to be tracked to some degree, so long as they get something out of it. In this case, that’s a better experience and the knowledge that their data is not being sold or moved out of the platform. It shows a level of trust between the customer and the organization, and that trust builds to further engagement.

A creep, meanwhile, doesn’t care about any of that. They just want data. While the recent regulations, particularly GDPR, have curbed this a bit, it has always been done with the creeps kicking and screaming along the way. Things aren’t perfect now — additional regulations are being implemented all across the world that further restrict what can and can’t be done with customer data — but they’ve improved and will continue to improve in the years to come. Reacting to regulation rather than anticipating the needs of customer privacy has also been very costly for those who wait, as was the case when GDPR first launched.

You can count on Jahia to always be ahead of the curve, and to be ready for each regulation as it comes. We want to offer software that makes it possible to be transparent, open and personal. The DXP creeps? They’ll be relegated back to ghost stories. Hopefully with an ending this time.

Serge Huber
Serge Huber

Serge Huber is co-founder and CTO of Jahia. He is a member of the Apache Software Foundation and Chair of the Apache Unomi project management committee as well as a co-chair of the OASIS Customer Data Platform Specification.