Data privacy features can be overwhelming. Every time you visit a new site, you’re immediately prompted with the same spiel: “Hey! Is it okay if we take your data?” You probably click ‘yes’ just to get rid of the annoying pop-up.
But what happens when you click yes? How are publishers using your data? How are we — the consumer AND the advertiser — affected by these data protection policies?
Understanding Data Protection Policies
Data protection policies really started to emerge and take force in the past several years. The most widely known data protection policy is the General Data Protection Regulation (GDPR), which was implemented in 2018. GDPR, in short, is “a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union.” You can learn all about GDPR and what exactly the regulation covers on the official GDPR site.
But say you are an American-based company, are you affected by data privacy regulations? Just months after GDPR was enforced, the California Consumer Privacy Act (CCPA) was launched. Similar to GDPR, “CCPA outlines how businesses can collect, store and transfer consumer data from Californian residents.” You can find out more about what the Act covers on the official CCPA site.
The launch of these two acts threw many users and advertisers for a loop. For starters, if users are visiting your site from California or Europe, your site must be compliant. And let’s not forget one of the hallmarks of the “worldwide web” — the ability to connect users across physical boundaries. Remember the pop-up boxes and prompts we talked about earlier? Those were implemented across sites based on these new data privacy laws. In order for websites to be compliant, there has to be an explicit opt-in consent message that appears as soon as users visit a site, and no data can be collected unless the end-user opts in. This is a change from traditional advertising regulations in America, which required the option to opt-out (does the “unsubscribe” button sound familiar?). If a company fails to comply with these policies, it could “face a fine. In most serious cases, this fine could be up to 17 million euros or 4% of a company’s annual turnover.”
Data privacy acts are no joke! It’s imperative that companies follow the correct guidelines to ensure sites remain compliant — both for the company’s sake and the consumer’s sake.
What Consumers Should Consider
The next time you are prompted with a consent message, just remember: if you click ‘yes,’ you are giving that company permission to collect and use your data. If this sounds eerily vague and leaves you questioning what a company wants from your data, you’re not alone. We encourage users to navigate to the privacy policy pages on sites before opting in; this way, you’ll know exactly how companies will use your data if you choose to click ‘yes.’
While “collecting data” sounds like a serious invasion of privacy, it’s worth noting that most companies only scrape the surface of data — data is usually anonymized and does not reflect any personally identifiable information (PII). Most companies know the importance of building trust with their consumers, especially as data privacy is at the forefront of most digital conversations. For this reason, companies are usually transparent in their privacy policy — showcasing exactly what data will be collected — and how that data will be used. Again, when in doubt, check out the site’s privacy policy page!
Many consumers have found that checking the ‘yes’ box does have its advantages. Have you ever visited an eCommerce site, eyeing a particular product, but passed because of the price tag? Many marketers set up retargeting campaigns — which are only activated if users accept the privacy policy — that enable them to serve product ads to users who leave the site without purchasing. If you’ve opted into the privacy policy, you might start to see ads of the product you wanted to purchase (or similar), and in some cases, a nice discount code will appear with the ad! In many cases, customers value the reminder to checkout their online cart and especially enjoy saving money in the process.
Another less obvious example is user experience. Websites will use consumer data to help create a more seamless experience for the end-user by understanding what the user is most interested in. We say this is ‘less obvious’ because when done right, you might think that the website is answering all your questions and solving your problems intuitively. Maybe it is — or maybe it’s the data talking.
How Advertisers Should Navigate
As mentioned above, when it comes to data privacy and data protection policies, advertisers should prioritize consumers’ safety. In order to establish yourself as a trustworthy brand or company, make sure that you’re complying with all data regulations and are transparent with users about how their information is collected and used.
As long as you’re complying with data protection laws, you still have the same targeting capabilities. Here are some ways of leveraging data to build your brand’s digital presence:
- Create retargeting lists across platforms to follow-up with users who visited the site but didn’t convert, placing a more targeted ad in front of those end-users.
- Leverage compliant 1st party data to inform content development, predictive analytics, addressable advertising, and more.
- Learn and improve your site based on analytics data. If one of your most-visited landing pages has a high bounce rate and a low avg. time on page, work to determine why users are leaving the page, and update the UX to create a better landing page environment.
- Use the data you’ve collected from current users to reach new users who share similar digital attributes, also known as ‘lookalike audiences.’ Create lookalike audiences across paid media platforms such as Google Ads, Facebook, Twitter, and more.
The list can go on and on! But first: make sure your site is compliant, and make sure you’re putting the end user’s safety first.
Bluetext has learned a lot about data protection policies and data privacy over the years. We’re constantly adapting our site to make sure it’s up-to-date to remain compliant with data policies, ensuring consumer data is always safe. Visit our site to learn more about how we have achieved success while remaining compliant. And don’t worry, we won’t collect any data unless you’ve opted in!
When building and launching digital campaigns, many of the key determinants of success are evaluated through digital engagement measurement and tracking. However, as websites and ad-tech have evolved in recent years, so have protections and privacy policies. It’s easy to write off the need for a comprehensive privacy policy, however, this is a recipe for disaster in the age of big data regulation and enforcement. To avoid the FTC and International regulators ire, digital agencies such as Bluetext recommend taking data privacy measures that cater to the most comprehensive regulations in effect.
For businesses with users outside of the United States, being aware of the General Data Protection Regulation (GDPR) and similar legislation is an essential consideration. The GDPR has created strict provisions for EU web users’ privacy and data rights, which extends to US browsers. As global privacy legislation evolves, North American businesses that handle global users’ data must comply with current regulations and build with an eye on future compliance. Top digital marketing agencies advise and design campaigns and websites with these policies in mind to provide frictionless engagements.
What is the GDPR?
The GDPR is an extraterritorial set of provisions that updated Europe’s data protection standards. The privacy policy strengthens the protections set in 1995, adding requirements for greater transparency and disclosure to users, in addition to modernizing the “cookie law” of 2002.
The GDPR goes beyond earlier regulation, focusing on personal data protection regardless of the type of data and how companies must document user consent in a transparent fashion. These protections apply to all persons browsing within or originating from the European Union.
The term “personal data” is not synonymous with “personally identifiable information”, or PII. PII has traditionally been a legal concern for American businesses, and it refers to a more defined set of information than the GDPR model. PII does not have to be context-specific to be regulated, in contrast, the GDPR emphasizes the consumer risks of data aggregation.
My business isn’t located in Europe, why should I care?
The GDPR’s reach is far greater than the medley of privacy protections in effect across the United States. Violators of the regulations risk penalties of €20 million ($22.6 million as of writing) or 4 percent of global annual revenues for the preceding fiscal year, whichever is greater. Comprehensive legislation at the state level in the U.S. has been varied, many forward-thinking businesses are beginning to take steps to adapt their practices to comply with the California Consumer Privacy Act (CCPA). Ultimately every website will have to comply with some set of standards, so it is wise to be proactive and implement privacy protection now. Top digital marketing agencies such as Bluetext are taking steps to protect against potential violations of the CCPA and GDPR by changing cookie collection practices, recommending new data collection practices, and designing clear consent forms.
Changing privacy policies impact sites from the bottom up, starting with development and design
In a digital-first world, data is a critical component of many businesses online and offline strategies. With the implementation of the GDPR, marketers and web developers must be more diligent about what data we collect, the means by which we collect it, and how we handle sensitive information. When building or updating websites, web developers, and digital project managers should take this as an opportunity to rethink how sites can be more transparent and adopt the Privacy by Design framework.
The Privacy by Design framework highlights design-thinking approaches to development prior to launch to eliminate the need for post-hoc privacy fixes once a project is live. Solutions such as making privacy the default setting for site visitors, making privacy standards visible and open, and giving users specific privacy information notices are easy considerations to add to the development plan.
If your site is already live, consider a development sprint focused on auditing areas of potential weakness. In assessing your data hygiene, your team can look for unsafe or unnecessary modules that can be disabled, particularly those found in APIs and third-party libraries. Adtech integrations may help source leads and retarget with better precision, but validating that their pixels and tracking are in alignment with GDPR best practices is essential.
The aesthetic design of websites is also impacted by changing privacy practices. GDPR consent requires clear and explicit opt-in notices to users. Designers, user experience experts, and marketers should work collaboratively to update existing landing page components to incorporate new disclosure features. One simple mantra to internalize in the design phase? Offer accessible, clean choices around cookies and pixels.
When building clear user permissions for data capture, the GDPR requires that websites define data retention and deletion plans for all the personal data collected. Adding GDPR conscious logic to scripts at the code level of your site can save time for site custodians and business analysts alike in the future.
Updating best practices for common marketing tactics and tools
Updating the fine print on your Privacy Policy is just the first step of complying with new regulations; common marketing campaign tactics such as cookies should also be rethought through the lens of compliance. Cookies are the small data files that can be placed on users’ browsers and provide a trove of useful insight to website operators. Under the GDPR, businesses are legally liable for any activities on their sites, specifically protecting user data from third-party cookie tracking.
Many businesses use cookie tracking to better measure the impact of their marketing strategies, and they combine tracking with other user data to build user personas. While this has been an accepted practice in the past, the new regulation now requires clear permission from European users to collect this information, whether the site is for an American or French company. As noted in the impact of GDPR on design, cookie usage has to be explained on either the homepage or a second-level page on the navigation. This immediate opt-in should allow users to understand how their data is collected, the purpose of the data, and how long they are consenting to these cookies.
As a website operator, sites must withhold all cookies and trackers on your website until you have received clear and explicit user consent on each type of cookie and tracker. This consent has to be given freely, described in explicit plain language, and users must have the ability to withdraw consent. The rights of users under the GDPR are extensive — to comply, website custodians must update their privacy policies and opt-in tools.
This sounds like a lot of work, why should I care?
Ultimately, thoughtful privacy policies, development, and design provide a safeguard for both businesses and users. The GDPR gives consumers new rights to access and manage their data on digital platforms, and businesses that do not adapt to meet these regulatory requirements can face steep fines. While these changes can seem overwhelming, a top digital marketing agency such as Bluetext can guide your business through the murkiness of data privacy design and compliance.
We recently launched our Top Marketing Trends 2019 series, that will take a close look at what digital marketers should expect for next year. We started with privacy because of a sea change in consumer attitudes about their online privacy over the past 18 months – much of it the result of huge changes in policy around the world, like the European Union’s GDPR requirements, as well as data breaches that put a massive number of Americans at risk. In our post last week, we dove into what GDPR means for marketers here in the U.S.
In today’s post, we will examine changes resulting from Facebook’s sale of its data to Cambridge Analytica, which used the information on Facebook users for controversial political targeting. Why is this a top marketing trend for 2019? Because the realization of how social media platforms like Facebook are using consumer information has had a significant impact on Facebook’s users and financial status, a trend that will extend to other social media outlets in the coming year.
Here are out three key takeaways from the Facebook fiasco that will have a significant impact on digital marketers:
The challenge with marketers who want to leverage platforms like Facebook to reach their target audiences is that the social media companies themselves are just now putting in place consumer safeguards about how their data is being used- in the face of serious public and political pressure. We all know that consumers want an easy experience when looking to research or purchase on the internet, which is what we marketers want, as well. Now that consumers see that this convenience comes at a cost, they want more control over how their personal information is used.
Our first takeaway for 2019: There’s a big difference between serving the consumer’s interest and using that same data when it doesn’t benefit that individual. Our recommendation is to take a close review of how you use your customer data and make sure it actually serves the customer.
Another challenge is expectations. Having a privacy policy at the bottom of your website, filled with unintelligible legalese that no consumer is ever going to read or understand, isn’t going to be enough. That CYA language needs to become useful.
Our second takeaway for 2019: Give visitors to your website real choices that they can understand over how their information is used. One idea that is making headway is having a privacy dashboard that is readily accessed by visitors, where they can make their own decisions about their data.
Finally, we all need to know who we are dealing with when it comes to third-party vendors. The issue with Cambridge Analytics was not simply that Facebook was providing data to an outside entity – after all, that is its business model, and in our opinion, there is nothing wrong with that when used appropriately. The scandal was that the outside firm was using the data for ways that Facebook users would never have sanctioned – to influence how they vote in elections.
Our third takeaway for 2019: Make sure you know your partners, including data brokers and ad buyers, and exactly what they are doing with the information. Ask them if they are acquiring personal data without the user’s permission. It won’t be enough to claim ignorance about your third-party vendors.
In our next post on top marketing trends 2019, we’ll look at website design and build, and what to expect next year.
Learn how Bluetext can help you make the most of the top marketing trends for 2019.
It’s time again for our top marketing trends 2019, Bluetext’s annual look at what trends are going to drive digital marketing come the new year. In this and subsequent blog posts, we will discuss additional trends for 2019, including the public’s change of attitude towards social media platforms, and then assess what to expect next year in website design, digital marketing, branding, and public relations.
For 2019, identifying an over-arching theme that will drive a significant part of the marketing industry is not hard. Privacy, ranging from significant new regulatory requirements, massive industry failures, and changing consumer expectations, wasn’t merely a distraction (or some might say annoyance) – it was a bludgeoning that top marketers had to take repeatedly, as changes to successful digital strategies got turned on their head over and over throughout the year due to changes in privacy rules as well as blow-back against platforms that appeared to disregard privacy.
First and foremost for us marketers was the General Data Protection Regulation, better known as GDPR. The regulation, which took effect in the European Union on May 25th, is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union. Of course, since just about every brand either does business now in the EU or wants to do business there, it is a framework that impacts every organization that interacts with our friends across the pond.
GDPR in and of itself tells you everything you need to know about how privacy is becoming the driving force behind changes to digital marketing. In a nutshell, the regulatory framework behind GDPR places personal information back in the hands of the individual, and removes it from the control of private companies, because it requires the explicit informed consent of an individual to make their information public. There are other requirements as well in the regulation, but it essentially requires marketers at every company that does business in the EU to obtain the “opt-in” consent from their customers (and non-customers). And because few people can be expected to give that permission, it is drastically changing how marketers can use the types of behavioral data that we generally collect for marketing (and other) purposes.
Here’s how Inc.com summarized the impact of GDPR on digital marketers:
“(A) s a digital marketer, you are going to have to be transparent any time you wish to collect data on someone. You will have to communicate very clearly that you want to collect data, and explain explicitly how that data is going to be used. You then have to gain consent while also informing consumers about their right to refuse or withdraw their consent. This means that you might have to get a lot more creative when trying to convert a website visitor into a lead.”
GDPR presents some very real challenges to digital marketers, who are going to be held to a higher standard than pre-GDPR. But it’s also forcing fresh thinking and more creative strategies, and ultimately it should help build better relationships between businesses and their consumers that are built on trust and transparency.
Next in our Top Marketing Trends 2019 series: How privacy blow-back to top digital platforms is changing digital marketing.