The U.S. is on the cusp of implementing a new national privacy law, the American Data Privacy and Protection Act (ADPPA). And while we may be late to the party (the EU’s General Data Protection Regulation, or GDPR, was implemented in 2018), it’s now high time for businesses to start paying attention to data and how it impacts consumer privacy.
The new law will have significant implications for marketers, who will need to ensure they are handling consumer data in a responsible and transparent manner. Consumers, for their part, are more invested in maintaining control of their data and reluctant to exchange personal information (even for incentives) unless they trust that you’re being careful with their data. Nearly three-quarters of consumers rank data privacy as a top value, a recent report by MAGNA Media Trials and Ketch found.
In this post we’ll cover:
Privacy in marketing is all about data — specifically, an individual’s personal, identifiable or aggregate data and how companies collect it, use it, share it and forget it. The International Association of Privacy Professionals (IAPP) defines privacy as, “the right to be left alone.”
From a data privacy perspective, that means individuals have the right:
Privacy is not an all-or-nothing proposition. There are different levels of sensitivity when it comes to the types of data companies collect. For example, a consumer’s name and email address are not as sensitive as their health data (although with the implementation of ADPPA, that could change.)
We can’t have all the shiny new marketing things — omnichannel experiences, customer centricity, personalization — without consumer data. But with big data comes big responsibility.
It may have taken consumers and especially U.S. consumers, a long time to become educated about the fact that brands engaged in granular tracking of online behavior, using the data gathered for marketing purposes or even selling it.
Ironically, U.S. brands were forced to take privacy seriously by European legislation (GDPR) because the worldwide reach of the internet meant brands could hardly guarantee to avoid engagement with European data subjects. The new horizon, however, is not just complying with applicable privacy laws — it’s being proactive about consumer privacy to build trust, establish community and secure loyalty.
Consumers care about privacy a lot, according to the MAGNA and Ketch survey, but this doesn’t mean they’re as focused on privacy compliance laws as, say, the entire digital marketing industry.
90% of survey respondents had never heard of the Virginia Consumer Privacy Data Protection Act (VCDPA). But while people may not be closely following government-imposed privacy regulations — or how businesses comply with them — they’re paying attention to companies who get flagged for poor privacy practices.
Even if consumers don’t know the acronyms as well as we do, they’re concerned about how businesses handle their data, with just 5% having no major concerns.
Here are some top concerns, according to a recent survey by Tinuiti:
While it’s true that consumers are more aware of how companies use their data and have some concerns, they’re still mostly in the dark when it comes to a business’s privacy practices — which makes them suspicious. Nearly 60% of consumers in a recent BCG/Google survey think companies are selling their data even though the reality is that most companies don’t do this.
Marketers need to do a better job of educating consumers about how we use their data and what we do to protect it. We also need to be more transparent about how we use consumer data to personalize experiences. Familiarizing yourself with the types of data you’re collecting — and why — is a good start.
Marketers use four types of data – first-, second- and third-party data. More recently, what has become known as “zero-party data” emerged (although it’s actually a subset of first-party data). Here’s an overview of each.
The term zero-party data was first coined by Fatemeh Khatibloo, VP principal analyst at Forrester Research. The term “declared data” might be a better descriptor, but Khatibloo placed the concept within the tiered hierarchy of first-, second- and third-party data.
Basically, zero-party data is derived from a customer expressing a personal preference, be it the color of an item, clothing or shoe size, quantity, birthday, how they wish to receive information or even page settings.
This is data you collect yourself, usually through your website or app. It includes information like names, email addresses, phone numbers, customer purchase histories, etc. It can also include behavioral, location and customer interaction data (e.g., chatbot transcripts). You own this data. That is, you collected it and you can use it how you see fit within the constraints of your region’s data privacy laws, of course.
This is data that another company shares with you, usually under the auspices of a partnership or some other type of business relationship. It could be something as simple as an email list that you purchased, or more complicated like activity from apps, purchase history and proprietary research. The data, in this case, is owned by the company that collected it, but you have permission to use it.
This is data that you collect from sources that are not affiliated with you in any way — think consumer data gathered by website cookies placed on someone’s browser as they surf the web.
Third-party data is used widely by marketers to target and personalize ads. New privacy regulations require companies to get express permission from consumers to collect and use cookies or risk stiff penalties. Companies like Google, Apple and Mozilla are (or soon will be) eliminating support for cookies to avoid these penalties.
The new cookieless future will make it more difficult to target ads and personalize messaging. It’s the direct result of emerging consumer privacy laws like GDPR and CCPA.
Some privacy laws like the EU’s GDPR, Australia’s Consumer Data Right (CDR) law and California’s Consumer Privacy Act (CCPA) have already been passed.
A fourth initiative, the U.S.’s ADPPA, is currently still cooking on the legislative stove. It’s been approved for a vote in the U.S. House of Representatives, then it must pass in the Senate. If approved, it will be the first comprehensive national law governing how companies collect and use consumer data in the U.S.
Here’s a (very high-level) breakdown of some important consumer privacy initiatives:
Of note, the ADPPA is the first consumer data privacy and security bill aimed at protecting Americans from what has essentially been unfettered access to and use of their data by U.S. businesses.
It’s focused on reducing “commercial surveillance” and strictly regulates what data can be collected at all. It also limits how data can be used. Businesses absolutely need to understand what’s in this bill, which is why we took a deep dive into the specifics of the ADPPA’s main points, including how it will impact marketers.
Businesses can get help from technology when it comes to addressing privacy issues. For example, both brands and publishers can take advantage of data “clean rooms.” Clean rooms are a type of privacy-enhancing technology (PET) that allows data owners to share customer first-party data in a privacy-compliant way. Clean rooms are secure spaces where first-party data from a number of brands can be resolved to the same customer’s profile while that profile remains anonymized.
Closely related is “differential privacy.” This uses a cryptographic algorithm to add statistical noise to the data, enabling patterns in the data to be detected while information about individuals is shielded. There are many other types of PET.
Consumer privacy laws like GDPR, CCPA and ADPPA impose strict rules around what, how and why data is collected. Meanwhile, consumers are becoming more invested in their own data — and how companies use or misuse it. People want more control and transparency. They want to reclaim ownership of their information from the Googles and Amazons of the world.
In addition to knowing the latest privacy regulations, marketers should better understand how consumers feel about data, including what data they’re willing to part with in exchange for incentives like discounts, freebies and convenience.
Two-thirds of respondents in the BCG/Google survey said they like getting ads customized to their interests, but nearly half are worried about sharing their data. Younger generations will give up more data for fewer incentives versus older consumers. And no matter what data you’re collecting, you need to cultivate trust and transparency with processes and technology that comply with data privacy laws and keep consumers informed.
All of this requires that marketers create a privacy-first, transparent and resilient approach to data usage and data privacy. Increasingly, it also means you’ll have better control over consumer data collection preferences and usage if you have your own data rather than relying on second- or third-party data for your marketing initiatives.
Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.