When building and launching digital campaigns, many of the key determinants of success are evaluated through digital engagement measurement and tracking. However, as websites and ad-tech have evolved in recent years, so have protections and privacy policies. It’s easy to write off the need for a comprehensive privacy policy, however, this is a recipe for disaster in the age of big data regulation and enforcement. To avoid the FTC and International regulators ire, digital agencies such as Bluetext recommend taking data privacy measures that cater to the most comprehensive regulations in effect.
For businesses with users outside of the United States, being aware of the General Data Protection Regulation (GDPR) and similar legislation is an essential consideration. The GDPR has created strict provisions for EU web users’ privacy and data rights, which extends to US browsers. As global privacy legislation evolves, North American businesses that handle global users’ data must comply with current regulations and build with an eye on future compliance. Top digital marketing agencies advise and design campaigns and websites with these policies in mind to provide frictionless engagements.
What is the GDPR?
The GDPR is an extraterritorial set of provisions that updated Europe’s data protection standards. The privacy policy strengthens the protections set in 1995, adding requirements for greater transparency and disclosure to users, in addition to modernizing the “cookie law” of 2002.
The GDPR goes beyond earlier regulation, focusing on personal data protection regardless of the type of data and how companies must document user consent in a transparent fashion. These protections apply to all persons browsing within or originating from the European Union.
The term “personal data” is not synonymous with “personally identifiable information”, or PII. PII has traditionally been a legal concern for American businesses, and it refers to a more defined set of information than the GDPR model. PII does not have to be context-specific to be regulated, in contrast, the GDPR emphasizes the consumer risks of data aggregation.
My business isn’t located in Europe, why should I care?
The GDPR’s reach is far greater than the medley of privacy protections in effect across the United States. Violators of the regulations risk penalties of €20 million ($22.6 million as of writing) or 4 percent of global annual revenues for the preceding fiscal year, whichever is greater. Comprehensive legislation at the state level in the U.S. has been varied, many forward-thinking businesses are beginning to take steps to adapt their practices to comply with the California Consumer Privacy Act (CCPA). Ultimately every website will have to comply with some set of standards, so it is wise to be proactive and implement privacy protection now. Top digital marketing agencies such as Bluetext are taking steps to protect against potential violations of the CCPA and GDPR by changing cookie collection practices, recommending new data collection practices, and designing clear consent forms.
Changing privacy policies impact sites from the bottom up, starting with development and design
In a digital-first world, data is a critical component of many businesses online and offline strategies. With the implementation of the GDPR, marketers and web developers must be more diligent about what data we collect, the means by which we collect it, and how we handle sensitive information. When building or updating websites, web developers, and digital project managers should take this as an opportunity to rethink how sites can be more transparent and adopt the Privacy by Design framework.
The Privacy by Design framework highlights design-thinking approaches to development prior to launch to eliminate the need for post-hoc privacy fixes once a project is live. Solutions such as making privacy the default setting for site visitors, making privacy standards visible and open, and giving users specific privacy information notices are easy considerations to add to the development plan.
If your site is already live, consider a development sprint focused on auditing areas of potential weakness. In assessing your data hygiene, your team can look for unsafe or unnecessary modules that can be disabled, particularly those found in APIs and third-party libraries. Adtech integrations may help source leads and retarget with better precision, but validating that their pixels and tracking are in alignment with GDPR best practices is essential.
The aesthetic design of websites is also impacted by changing privacy practices. GDPR consent requires clear and explicit opt-in notices to users. Designers, user experience experts, and marketers should work collaboratively to update existing landing page components to incorporate new disclosure features. One simple mantra to internalize in the design phase? Offer accessible, clean choices around cookies and pixels.
When building clear user permissions for data capture, the GDPR requires that websites define data retention and deletion plans for all the personal data collected. Adding GDPR conscious logic to scripts at the code level of your site can save time for site custodians and business analysts alike in the future.
Updating best practices for common marketing tactics and tools
Updating the fine print on your Privacy Policy is just the first step of complying with new regulations; common marketing campaign tactics such as cookies should also be rethought through the lens of compliance. Cookies are the small data files that can be placed on users’ browsers and provide a trove of useful insight to website operators. Under the GDPR, businesses are legally liable for any activities on their sites, specifically protecting user data from third-party cookie tracking.
Many businesses use cookie tracking to better measure the impact of their marketing strategies, and they combine tracking with other user data to build user personas. While this has been an accepted practice in the past, the new regulation now requires clear permission from European users to collect this information, whether the site is for an American or French company. As noted in the impact of GDPR on design, cookie usage has to be explained on either the homepage or a second-level page on the navigation. This immediate opt-in should allow users to understand how their data is collected, the purpose of the data, and how long they are consenting to these cookies.
As a website operator, sites must withhold all cookies and trackers on your website until you have received clear and explicit user consent on each type of cookie and tracker. This consent has to be given freely, described in explicit plain language, and users must have the ability to withdraw consent. The rights of users under the GDPR are extensive — to comply, website custodians must update their privacy policies and opt-in tools.
This sounds like a lot of work, why should I care?
Ultimately, thoughtful privacy policies, development, and design provide a safeguard for both businesses and users. The GDPR gives consumers new rights to access and manage their data on digital platforms, and businesses that do not adapt to meet these regulatory requirements can face steep fines. While these changes can seem overwhelming, a top digital marketing agency such as Bluetext can guide your business through the murkiness of data privacy design and compliance.
We recently launched our Top Marketing Trends 2019 series, that will take a close look at what digital marketers should expect for next year. We started with privacy because of a sea change in consumer attitudes about their online privacy over the past 18 months – much of it the result of huge changes in policy around the world, like the European Union’s GDPR requirements, as well as data breaches that put a massive number of Americans at risk. In our post last week, we dove into what GDPR means for marketers here in the U.S.
In today’s post, we will examine changes resulting from Facebook’s sale of its data to Cambridge Analytica, which used the information on Facebook users for controversial political targeting. Why is this a top marketing trend for 2019? Because the realization of how social media platforms like Facebook are using consumer information has had a significant impact on Facebook’s users and financial status, a trend that will extend to other social media outlets in the coming year.
Here are out three key takeaways from the Facebook fiasco that will have a significant impact on digital marketers:
The challenge with marketers who want to leverage platforms like Facebook to reach their target audiences is that the social media companies themselves are just now putting in place consumer safeguards about how their data is being used- in the face of serious public and political pressure. We all know that consumers want an easy experience when looking to research or purchase on the internet, which is what we marketers want, as well. Now that consumers see that this convenience comes at a cost, they want more control over how their personal information is used.
Our first takeaway for 2019: There’s a big difference between serving the consumer’s interest and using that same data when it doesn’t benefit that individual. Our recommendation is to take a close review of how you use your customer data and make sure it actually serves the customer.
Another challenge is expectations. Having a privacy policy at the bottom of your website, filled with unintelligible legalese that no consumer is ever going to read or understand, isn’t going to be enough. That CYA language needs to become useful.
Our second takeaway for 2019: Give visitors to your website real choices that they can understand over how their information is used. One idea that is making headway is having a privacy dashboard that is readily accessed by visitors, where they can make their own decisions about their data.
Finally, we all need to know who we are dealing with when it comes to third-party vendors. The issue with Cambridge Analytics was not simply that Facebook was providing data to an outside entity – after all, that is its business model, and in our opinion, there is nothing wrong with that when used appropriately. The scandal was that the outside firm was using the data for ways that Facebook users would never have sanctioned – to influence how they vote in elections.
Our third takeaway for 2019: Make sure you know your partners, including data brokers and ad buyers, and exactly what they are doing with the information. Ask them if they are acquiring personal data without the user’s permission. It won’t be enough to claim ignorance about your third-party vendors.
In our next post on top marketing trends 2019, we’ll look at website design and build, and what to expect next year.
Learn how Bluetext can help you make the most of the top marketing trends for 2019.
It’s time again for our top marketing trends 2019, Bluetext’s annual look at what trends are going to drive digital marketing come the new year. In this and subsequent blog posts, we will discuss additional trends for 2019, including the public’s change of attitude towards social media platforms, and then assess what to expect next year in website design, digital marketing, branding, and public relations.
For 2019, identifying an over-arching theme that will drive a significant part of the marketing industry is not hard. Privacy, ranging from significant new regulatory requirements, massive industry failures, and changing consumer expectations, wasn’t merely a distraction (or some might say annoyance) – it was a bludgeoning that top marketers had to take repeatedly, as changes to successful digital strategies got turned on their head over and over throughout the year due to changes in privacy rules as well as blow-back against platforms that appeared to disregard privacy.
First and foremost for us marketers was the General Data Protection Regulation, better known as GDPR. The regulation, which took effect in the European Union on May 25th, is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union. Of course, since just about every brand either does business now in the EU or wants to do business there, it is a framework that impacts every organization that interacts with our friends across the pond.
GDPR in and of itself tells you everything you need to know about how privacy is becoming the driving force behind changes to digital marketing. In a nutshell, the regulatory framework behind GDPR places personal information back in the hands of the individual, and removes it from the control of private companies, because it requires the explicit informed consent of an individual to make their information public. There are other requirements as well in the regulation, but it essentially requires marketers at every company that does business in the EU to obtain the “opt-in” consent from their customers (and non-customers). And because few people can be expected to give that permission, it is drastically changing how marketers can use the types of behavioral data that we generally collect for marketing (and other) purposes.
Here’s how Inc.com summarized the impact of GDPR on digital marketers:
“(A) s a digital marketer, you are going to have to be transparent any time you wish to collect data on someone. You will have to communicate very clearly that you want to collect data, and explain explicitly how that data is going to be used. You then have to gain consent while also informing consumers about their right to refuse or withdraw their consent. This means that you might have to get a lot more creative when trying to convert a website visitor into a lead.”
GDPR presents some very real challenges to digital marketers, who are going to be held to a higher standard than pre-GDPR. But it’s also forcing fresh thinking and more creative strategies, and ultimately it should help build better relationships between businesses and their consumers that are built on trust and transparency.
Next in our Top Marketing Trends 2019 series: How privacy blow-back to top digital platforms is changing digital marketing.