thinking from
the front lines.

How to use data and marketing to save data-driven marketing

How to use data and marketing to save data-driven marketing

by Jessica Best
VP / Data-Driven Marketing

Anyone hear the letters CCPA or GDPR this week, or working on getting privacy controls in place for marketing communications? 

Just six months after CCPA went into effect – and with half a dozen other states drafting privacy and/or data protection legislation – marketers are still clamoring to understand what it means for how we target and engage with prospects and customers. 

I get about a question a week about how laws like CCPA (California Consumer Protection Act) and GDPR (General Data Protection Regulation in the EU) impact us as marketers. Here are answers to these FAQs . . . so far.

What was the impetus for CCPA/GDPR?

These laws are about shining a light on an industry that wasn’t very transparent pre-Cambridge Analytica. 

While most consumers knew that free platforms like Facebook or news sites made their money in advertising, they were frankly shocked to see how deep those databases ran and who exactly was making money on it.

As a quick jump back in time, Cambridge Analytica was a turning point in consumer comfort with companies collecting their data. The CA debacle was three-fold:

  1. Most people weren’t reading/didn’t understand the level of data access they were giving out to apps (i.e. online quizzes) via Facebook. Users took one of CA’s seemingly innocuous personality quizzes (now banned entirely by Facebook) and in the process, gave CA access not just to the quiz answers, but to their Facebook profile data, including things like political party preference.
  2. Maybe it wouldn’t have been so bad if it had just been 50 million Facebook users being targeted with political ads after taking an online quiz that didn’t seem connected to politics. The outrage went up a notch when it became clear the friends of those who took the quiz also had their profile data shared — without their knowledge or consent. That took the toll up to 80 million profiles compromised. 
  3. Data privacy issues are always worse when they’re about healthcare, children, or politics, especially the outcome of democratic elections, where citizens have the expectation of the impression of fairness.  

Suddenly, people cared a lot more about who had access to their data and for what use case. 

Those two elements are at the core of CCPA, GDPR, and other privacy legislation. In the U.S., marketers have been nearly entirely self-regulated in the space of data. For example, CAN-SPAM law (2003 and 2008) was accurately named, since it means you “can spam” anyone whose email address you have, until they unsubscribe. 

The data-driven marketing/email marketing industry basically promised to clean up its act so that harsher regulations didn’t come down from D.C. Cambridge Analytica showed that left a loophole, one that was hard to detect without any watch dogs in place.

Does CCPA (or GDPR) mean we can’t use data at ALL anymore in our marketing?

No! Privacy laws have not stripped marketers of our ability to use data in marketing. In fact, consumers still expect the convenience of it. Many consumers trade data for relevance; they just want to know that it’s happening and have a choice.

Ultimately data privacy regulations have been about:

  1. Clarifying when data is being captured.
  2. Clarifying what data is being captured.
  3. Clarifying what the use case for the data will be.
  4. Giving the consumer a right to not have their data captured (and/or to opt-out later on) and for the company not to withhold value or charge differently for someone who opts out of data consent. 
  5. Identifying the role of brands to protect customer data, i.e. making sure that a nefarious party can’t get at the data while it’s “in transit” (i.e. forms feeding your email platform) or “at rest” (meaning a hacker can’t get into your customer database and have access to all of a consumer’s data in one fell swoop).

Our job, then, as marketers is to be clear and concise about what we’re collecting, at the time we’re collecting it, and how we’ll use it. 

The fear for the last two years has been that consumers will consent less (or opt-out more), because they don’t see the downside in opting for privacy. In a June 2019 Pew Research study: 59% said they aren’t clear how their data is used and 81% said that the risk outweighs the benefit of companies collecting data on them.

What I think most marketers are missing is that that last point can be our biggest opportunity: 

Brands and marketers need to communicate the value of the data we collect to the consumers who give us permission to collect it.

First, marketers must shift thinking to collect data in order to better serve our customers. Rather than collecting more data just to have it for future uses, think in terms of what data makes your brand, product/services, or messaging more useful, relevant, or convenient to our customer.

Second, marketers must rely more on owned database of explicit, user-provided data This offers clarity – no surprises! When a consumer gives a brand their data, the consumer isn’t unpleasantly surprised to find that data put to work by that brand. 

For example, if I sign up for a new account with an online shoe retailer and give my email address and maybe put a few pairs of shoes in my cart, I’m not surprised when I receive emails about those shoes later on. In 2020, I’m not even surprised to see ads for those shoes if I don’t check out, though that may require use of cookies, which in 2020 would require an explicit “I’m ok with cookies” permission pop up on the site. 

What has been the biggest pain point of GDPR or CCPA?

Advertisers have certainly seen some of the impact of privacy legislation, specifically because of data we can no longer buy when targeting eyeballs on Facebook or Google networks. While our in-house database and first-party collected data is fair game (with permission), third-party data has become a tough frontier. 

But in the end, these laws ensure brands don’t have any data the consumer didn’t give permission to have and use, and that’s the right way for our industry to think about data. It’s a gift to be given or withheld, and we need to be ready to build systems that give control to the consumer while making it easy and worthwhile to grant permission. 

The other cost of GDPR and CCPA has been in data requests. Both laws say consumers have the right to request all the data a brand has on them, as well as the right to be forgotten. Seems simple enough, but it’s actually a pretty big infrastructure change for most brands. 

If someone wanted to know what all you’re tracking and what data you have on them, could you answer 100% completely? What systems would that data be in? Who owns those systems within your company? That implied data access has been a doozy for many brands. 

Marketers don’t own every system that stores data about consumers, and getting a consolidated data report from every department within a brand could be a challenge if your data systems aren’t mapped out.

The next scary frontier is that if someone asks for that data to be removed, it not only needs data from each of those systems, but also requires the ability to change or remove the data in those systems — another data governance puzzle. This is where most brands are focusing their energy: getting consolidated systems in place to allow the consumer easy, centralized control of their data. If you had all that done by Jan 1, 2020 , congrats! You’re one of the few. The rest of us are taking it step-by-step to make progress in the right direction. 

Marketers, data suppliers/ad networks, and consumers are still defining the way these laws will work, pending more court cases and the precedents set by them. That said, brands are—and should be—preparing to provide insight to consumers on what data the brand stores about them. There are whole industries popping up to address this task, not just in the face of CCPA, but in response to GDPR in 2018. The gist of both laws is this: consumers have the ability to both control whether brands target or track them, and to revoke that permission easily. Marketers have sold cookies and data collection as convenience, i.e. remembering my favorites when I return to a site, or making ads that I see more relevant to what I actually want to buy. Now all of that must be transparent and explicit, with the option to opt-out of it at any time. 

The good news for most brands is that big advertisers like Google and Facebook will likely take the first hits, like they did with GDPR. The rest of us will watch, learn and adapt accordingly.

The bad news is that, if even 1% of your consumers asked for all the data you have on them—what would it take to deliver on that? For some brands, the answer is: a lot.


Jessica Best is the VP, Data-Driven Marketing for Barkley. This article documents the impact of data privacy developments on brands and marketing strategies. This is not legal advice. Businesses should consult their legal advisors and data privacy specialists for guidance.

Barkley US

Jul 07, 2020

filed under:
Email, Marketing, Media, Modern Consumer


Go Back Next Article