S
Suzanne Scacca
Guest
Marketing privacy laws like GDPR and CCPA have evolved to give consumers greater control over their personal data. Understanding this evolution in the digital marketing landscape is critical for supporting compliance efforts and preserving customer trust.
There are so many places we can collect user data from these days. Our websites, online stores and apps. Social media platforms. Email marketing. Online forms and surveys. Even Google shares data with us.
Thanks to marketing analytics and technologies, this vast amount of data is much easier to collect and organize than ever before. And with AI-powered tools summarizing and synthesizing the findings in record time, we have a much clearer picture of who our users are and how they’re engaging with our brands.
This has enabled us to better strategize and create more appealing and trustworthy content and campaigns. So why the need for guardrails in the form of data privacy legislation? Can marketers and organizations not be trusted to secure and privatize the data collected from users?
We need user data in order to create the personalized experiences that consumers crave. Consumers fully understand that this is the tradeoff, which is why they’re willing to share data if it benefits them in ways like:
That said, there’s obviously a darker side to giving brands you might not know all that well (and even some that you do) unmitigated access to your personal data. Whether the company misuses your data or lacks adequate safeguards, there can be bad outcomes if data privacy and security aren’t a priority.
And consumers are well aware of this.
A recent Syrenis report entitled “Privacy beyond borders” reveals the very real concerns of consumers when it comes to their online data:
To start, a whopping 93% are worried about how secure their personal info is. It’s to the point where 53% have abandoned a transaction because of how nervous they were about it.
But why do they feel this way?
Sadly, some of them may be justified in feeling this way.
Consent fatigue and banner blindness are a very real problem for consumers. Although 95% wish that brands would be more transparent about how they collect and share data, 73% are overwhelmed by how many consent requests they receive online.
Because of this, 67% have mindlessly accepted all cookies despite being skeptical about them. And, according to the survey, 50% of consumers who consented to cookies have had their personal info stolen in a data breach.
So, it’s clear that there’s a lot of distrust when it comes to data sharing online. Not only that, many consumers have suffered the consequences of sharing their data with brands they shouldn’t have entrusted it to. Yet, consumers are still clamoring for more personalization—and the only way to get it is by handing over personal info to brands.
This is why data privacy legislation plays a critical role in shaping responsible marketing practices.
Of those surveyed in the Syrenis report, 59% said they prioritize their online data privacy over everything else. For many, this means foregoing certain online activities and purchases. As you can imagine, this high level of concern and avoidance of seemingly high-risk activities can’t be good for brands trying to do business online.
Marketing privacy laws are just one solution to this problem. And consumers appear to be grateful for this form of protection provided by governments from around the world.
In fact, 94% of consumers want companies to adhere to strict data privacy regulations, regardless of which country they operate from and what their local laws dictate.
What are these laws exactly? GDPR is the one that most digital pros are aware of, though there’s new legislation being added every year. As of writing this, 137 out of 194 countries have data privacy laws. Individual states have started drawing up their own laws, too.
Technically, privacy-centered legislation isn’t a new thing.
Back in 1890, an article entitled “The Right to Privacy” was published in the Harvard Law Review. The authors of this article discussed the fundamental right of people to privacy and how new inventions and innovations—like the rise of instant photography and the mass dissemination of newspapers—had begun to encroach on the privacy of individuals.
But if we’re talking specifically about online privacy, then the first major piece of legislation that addressed this issue was the European Union’s General Data Protection Regulation (GDPR). In 2018, this legislation sent shockwaves through the marketing sphere as any brands engaging with EU-based consumers had to follow rules like:
It’s also essential that companies be able to demonstrate their compliance with the GDPR’s rules. While it’s up to each business to determine how to do this, creating a data privacy policy and keeping a paper trail of the implementation of this policy is how many have handled it. Not only does this help support compliance efforts company-wide, but it’s useful in the case of lawsuits.
While we don’t see as much evidence of the GDPR in the form of cookie consent notices as we did in the first few years after the law passed, it’s still very much enforced.
For instance, Meta was fined €1.2 billion in 2023 for violating the GDPR. Amazon is another company that was sued for infringing on its users’ data privacy rights. In 2021, it was fined €746 million.
GDPR was a landmark regulation that significantly raised the bar for data privacy expectations. But it wasn’t the last legislation of its kind.
Although the GDPR protects the data privacy of EU residents, not every business sells to EU consumers. And not every consumer buys from EU-based businesses. So, there have been other location-specific data privacy laws established like:
If you’re curious about your state’s or country’s legislation, do a search for “data privacy law” and the name of your location. Many local governments have implemented or are working on implementing privacy laws to protect their residents when they’re online.
Most of the legislation thus far has tried to tame the data hoarding and exploitation efforts of businesses within certain locales. However, with the rise and proliferation of AI, there’s now legislation being drawn up to limit the risks of users engaging with AI.
The EU’s AI Act mostly deals with defining the risks of AI use in business. However, part of the amendment specifically deals with transparency. One of the obligations that brands have when using AI is to notify users when they’re engaging with AI and to also process any data collected in the exchange in accordance with the GDPR.
Google gave everyone a bit of a scare in 2020 when it announced that third-party cookies would be deprecated in the Chrome browser. Brands began scrambling, trying to figure out what to do when they lost the ability to track users with third-party cookies.
As Google began to push the timeline out further and further, it became clear that they might not have fully thought out the ramifications of such a move.
In 2022, Anthony Chavez of Google’s Privacy Sandbox announced the following:
So, third-party cookies are here to stay. But Google Chrome users now have a greater say in how they’re tracked on the web and what can be done with their data.
Google isn’t the only company making this move. Apple announced new user-centric privacy features in 2023. Here’s what Craig Federighi of Apple Software Engineering said about the changes:
While there is substantial legislation out there to protect the data and interests of consumers, these moves by tech giants Apple and Google show that it’s not enough. At least from the perspective of users. Data from the Syrenis survey backs this up, with 84% of respondents not feeling as though they have sufficient control over their data.
An estimated 43% of consumers today use private browsers. What’s more, anywhere between 40% and 75% of users (depending on country of residence and age range) configure privacy settings on social media and opt out of third-party data collection.
It’s definitely important to be aware of what’s happening in terms of legislation and to abide by the rules of your jurisdiction. At the same time, marketers need to be aware of what’s happening with devices and browsers in terms of security and privacy, too. With consumers being empowered to take control into their own hands, there are further restrictions you’ll need to work around.
According to the Syrenis report, 97% of consumers prefer to engage with companies that have proven time and again that they prioritize their users’ data privacy and security. So, it’s not data collection in and of itself that scares consumers. It’s how you handle the data that is.
On the other hand, if you do it right, it could be hugely beneficial for your brand.
When U.S. consumers were asked the top reasons why companies earn their trust, these were the top three answers given:
It just goes to show you what a critical role the exchange of personal data plays in the relationships of brands with their customers today. Sure, consumers appreciate a good product or service. But if you really want to earn their trust? You have to be responsible with the data you get from them.
To wrap up, here are some things that marketing teams can do so that their data handling processes bolster their businesses instead of hurt them:
Also, considering Google’s and Apple’s recent moves, you may want to consider moving away from marketing strategies that depend on third-party cookies, like retargeting ads. Instead, lean more into customer retention strategies that help you build more trusting and long-term relationships with your users.
Read next: Evaluating Your Email Marketing Strategy: 9 Metrics to Pay Attention To
The information provided on this blog does not, and is not intended to, constitute legal advice. Any reader who needs legal advice should contact their counsel to obtain advice with respect to any particular legal matter. No reader, user or browser of this content should act or refrain from acting on the basis of information herein without first seeking legal advice from counsel in their relevant jurisdiction.
Continue reading...
There are so many places we can collect user data from these days. Our websites, online stores and apps. Social media platforms. Email marketing. Online forms and surveys. Even Google shares data with us.
Thanks to marketing analytics and technologies, this vast amount of data is much easier to collect and organize than ever before. And with AI-powered tools summarizing and synthesizing the findings in record time, we have a much clearer picture of who our users are and how they’re engaging with our brands.
This has enabled us to better strategize and create more appealing and trustworthy content and campaigns. So why the need for guardrails in the form of data privacy legislation? Can marketers and organizations not be trusted to secure and privatize the data collected from users?
Why Do We Need Data Privacy Laws for Marketing?
We need user data in order to create the personalized experiences that consumers crave. Consumers fully understand that this is the tradeoff, which is why they’re willing to share data if it benefits them in ways like:
- Personalized content
- Timely and relevant recommendations
- Faster, easier navigation of digital experiences
- Super valuable rewards
- Customer support interactions that don’t require waiting or having to repeat oneself
- Multichannel interactions where brands already know them and their preferences
That said, there’s obviously a darker side to giving brands you might not know all that well (and even some that you do) unmitigated access to your personal data. Whether the company misuses your data or lacks adequate safeguards, there can be bad outcomes if data privacy and security aren’t a priority.
And consumers are well aware of this.
A recent Syrenis report entitled “Privacy beyond borders” reveals the very real concerns of consumers when it comes to their online data:
To start, a whopping 93% are worried about how secure their personal info is. It’s to the point where 53% have abandoned a transaction because of how nervous they were about it.
But why do they feel this way?
Sadly, some of them may be justified in feeling this way.
Consent fatigue and banner blindness are a very real problem for consumers. Although 95% wish that brands would be more transparent about how they collect and share data, 73% are overwhelmed by how many consent requests they receive online.
Because of this, 67% have mindlessly accepted all cookies despite being skeptical about them. And, according to the survey, 50% of consumers who consented to cookies have had their personal info stolen in a data breach.
So, it’s clear that there’s a lot of distrust when it comes to data sharing online. Not only that, many consumers have suffered the consequences of sharing their data with brands they shouldn’t have entrusted it to. Yet, consumers are still clamoring for more personalization—and the only way to get it is by handing over personal info to brands.
This is why data privacy legislation plays a critical role in shaping responsible marketing practices.
The Current State of Data Privacy Legislation
Of those surveyed in the Syrenis report, 59% said they prioritize their online data privacy over everything else. For many, this means foregoing certain online activities and purchases. As you can imagine, this high level of concern and avoidance of seemingly high-risk activities can’t be good for brands trying to do business online.
Marketing privacy laws are just one solution to this problem. And consumers appear to be grateful for this form of protection provided by governments from around the world.
In fact, 94% of consumers want companies to adhere to strict data privacy regulations, regardless of which country they operate from and what their local laws dictate.
What are these laws exactly? GDPR is the one that most digital pros are aware of, though there’s new legislation being added every year. As of writing this, 137 out of 194 countries have data privacy laws. Individual states have started drawing up their own laws, too.
GDPR
Technically, privacy-centered legislation isn’t a new thing.
Back in 1890, an article entitled “The Right to Privacy” was published in the Harvard Law Review. The authors of this article discussed the fundamental right of people to privacy and how new inventions and innovations—like the rise of instant photography and the mass dissemination of newspapers—had begun to encroach on the privacy of individuals.
But if we’re talking specifically about online privacy, then the first major piece of legislation that addressed this issue was the European Union’s General Data Protection Regulation (GDPR). In 2018, this legislation sent shockwaves through the marketing sphere as any brands engaging with EU-based consumers had to follow rules like:
- Collecting only the data they need
- Being open and honest about what they do with user data
- Getting explicit consent from users to collect and use data
- Deleting old, unused, unnecessary data from storage
- Keeping user data updated
- Encrypting stored data and implementing other security measures to help keep it safe
- Communicating changes to the data policy or to collection and storage methods
It’s also essential that companies be able to demonstrate their compliance with the GDPR’s rules. While it’s up to each business to determine how to do this, creating a data privacy policy and keeping a paper trail of the implementation of this policy is how many have handled it. Not only does this help support compliance efforts company-wide, but it’s useful in the case of lawsuits.
While we don’t see as much evidence of the GDPR in the form of cookie consent notices as we did in the first few years after the law passed, it’s still very much enforced.
For instance, Meta was fined €1.2 billion in 2023 for violating the GDPR. Amazon is another company that was sued for infringing on its users’ data privacy rights. In 2021, it was fined €746 million.
Other Data Privacy Laws
GDPR was a landmark regulation that significantly raised the bar for data privacy expectations. But it wasn’t the last legislation of its kind.
Although the GDPR protects the data privacy of EU residents, not every business sells to EU consumers. And not every consumer buys from EU-based businesses. So, there have been other location-specific data privacy laws established like:
- California Consumer Privacy Act (CCPA)
- Virginia’s Consumer Data Protection Act (CDPA)
- Canadian Consumer Privacy Protection Act (CPPA)
- Brazilian General Data Protection Law (LGPD)
- India’s Digital Personal Data Protection (DPDP)
If you’re curious about your state’s or country’s legislation, do a search for “data privacy law” and the name of your location. Many local governments have implemented or are working on implementing privacy laws to protect their residents when they’re online.
Most of the legislation thus far has tried to tame the data hoarding and exploitation efforts of businesses within certain locales. However, with the rise and proliferation of AI, there’s now legislation being drawn up to limit the risks of users engaging with AI.
The EU’s AI Act mostly deals with defining the risks of AI use in business. However, part of the amendment specifically deals with transparency. One of the obligations that brands have when using AI is to notify users when they’re engaging with AI and to also process any data collected in the exchange in accordance with the GDPR.
Google & Apple Policies
Google gave everyone a bit of a scare in 2020 when it announced that third-party cookies would be deprecated in the Chrome browser. Brands began scrambling, trying to figure out what to do when they lost the ability to track users with third-party cookies.
As Google began to push the timeline out further and further, it became clear that they might not have fully thought out the ramifications of such a move.
In 2022, Anthony Chavez of Google’s Privacy Sandbox announced the following:
So, third-party cookies are here to stay. But Google Chrome users now have a greater say in how they’re tracked on the web and what can be done with their data.
Google isn’t the only company making this move. Apple announced new user-centric privacy features in 2023. Here’s what Craig Federighi of Apple Software Engineering said about the changes:
While there is substantial legislation out there to protect the data and interests of consumers, these moves by tech giants Apple and Google show that it’s not enough. At least from the perspective of users. Data from the Syrenis survey backs this up, with 84% of respondents not feeling as though they have sufficient control over their data.
An estimated 43% of consumers today use private browsers. What’s more, anywhere between 40% and 75% of users (depending on country of residence and age range) configure privacy settings on social media and opt out of third-party data collection.
It’s definitely important to be aware of what’s happening in terms of legislation and to abide by the rules of your jurisdiction. At the same time, marketers need to be aware of what’s happening with devices and browsers in terms of security and privacy, too. With consumers being empowered to take control into their own hands, there are further restrictions you’ll need to work around.
Next Steps for Marketers
According to the Syrenis report, 97% of consumers prefer to engage with companies that have proven time and again that they prioritize their users’ data privacy and security. So, it’s not data collection in and of itself that scares consumers. It’s how you handle the data that is.
On the other hand, if you do it right, it could be hugely beneficial for your brand.
When U.S. consumers were asked the top reasons why companies earn their trust, these were the top three answers given:
- 66% said that the company had been transparent about how they use their data.
- 55% said that the company didn’t ask for any unnecessary personal data.
- 49% said they enjoyed the company’s products and services.
It just goes to show you what a critical role the exchange of personal data plays in the relationships of brands with their customers today. Sure, consumers appreciate a good product or service. But if you really want to earn their trust? You have to be responsible with the data you get from them.
To wrap up, here are some things that marketing teams can do so that their data handling processes bolster their businesses instead of hurt them:
- Publish a privacy policy that explains how you use user data
- Encrypt the collection of data
- Tightly secure your data storage
- Verify that the software you use to manage and process data is just as secure
- Share data with partners who agree to your data privacy policy
- Only collect data you absolutely need
- Remove data you no longer need and user accounts that are no longer valid
- Require users to consent to data collection (they can accept or reject cookie tracking)
- Allow users to choose which kinds of data you collect
- Allow users to request data deletion
- Enable customers to customize their personalization preferences
- Require logged-in users to create strong passwords and enable 2FA or MFA
Also, considering Google’s and Apple’s recent moves, you may want to consider moving away from marketing strategies that depend on third-party cookies, like retargeting ads. Instead, lean more into customer retention strategies that help you build more trusting and long-term relationships with your users.
Read next: Evaluating Your Email Marketing Strategy: 9 Metrics to Pay Attention To
The information provided on this blog does not, and is not intended to, constitute legal advice. Any reader who needs legal advice should contact their counsel to obtain advice with respect to any particular legal matter. No reader, user or browser of this content should act or refrain from acting on the basis of information herein without first seeking legal advice from counsel in their relevant jurisdiction.
Continue reading...