by Jessica Best
VP / Data-Driven Marketing
Anyone hear the letters CCPA or GDPR this week, or working on getting privacy controls in place for marketing communications?
Just six months after CCPA went into effect – and with half a dozen other states drafting privacy and/or data protection legislation – marketers are still clamoring to understand what it means for how we target and engage with prospects and customers.
I get about a question a week about how laws like CCPA (California Consumer Protection Act) and GDPR (General Data Protection Regulation in the EU) impact us as marketers. Here are answers to these FAQs . . . so far.
What was the impetus for CCPA/GDPR?
These laws are about shining a light on an industry that wasn’t very transparent pre-Cambridge Analytica.
While most consumers knew that free platforms like Facebook or news sites made their money in advertising, they were frankly shocked to see how deep those databases ran and who exactly was making money on it.
As a quick jump back in time, Cambridge Analytica was a turning point in consumer comfort with companies collecting their data. The CA debacle was three-fold:
Suddenly, people cared a lot more about who had access to their data and for what use case.
Those two elements are at the core of CCPA, GDPR, and other privacy legislation. In the U.S., marketers have been nearly entirely self-regulated in the space of data. For example, CAN-SPAM law (2003 and 2008) was accurately named, since it means you “can spam” anyone whose email address you have, until they unsubscribe.
The data-driven marketing/email marketing industry basically promised to clean up its act so that harsher regulations didn’t come down from D.C. Cambridge Analytica showed that left a loophole, one that was hard to detect without any watch dogs in place.
Does CCPA (or GDPR) mean we can’t use data at ALL anymore in our marketing?
No! Privacy laws have not stripped marketers of our ability to use data in marketing. In fact, consumers still expect the convenience of it. Many consumers trade data for relevance; they just want to know that it’s happening and have a choice.
Ultimately data privacy regulations have been about:
Our job, then, as marketers is to be clear and concise about what we’re collecting, at the time we’re collecting it, and how we’ll use it.
The fear for the last two years has been that consumers will consent less (or opt-out more), because they don’t see the downside in opting for privacy. In a June 2019 Pew Research study: 59% said they aren’t clear how their data is used and 81% said that the risk outweighs the benefit of companies collecting data on them.
What I think most marketers are missing is that that last point can be our biggest opportunity:
Brands and marketers need to communicate the value of the data we collect to the consumers who give us permission to collect it.
First, marketers must shift thinking to collect data in order to better serve our customers. Rather than collecting more data just to have it for future uses, think in terms of what data makes your brand, product/services, or messaging more useful, relevant, or convenient to our customer.
Second, marketers must rely more on owned database of explicit, user-provided data This offers clarity – no surprises! When a consumer gives a brand their data, the consumer isn’t unpleasantly surprised to find that data put to work by that brand.
What has been the biggest pain point of GDPR or CCPA?
Advertisers have certainly seen some of the impact of privacy legislation, specifically because of data we can no longer buy when targeting eyeballs on Facebook or Google networks. While our in-house database and first-party collected data is fair game (with permission), third-party data has become a tough frontier.
But in the end, these laws ensure brands don’t have any data the consumer didn’t give permission to have and use, and that’s the right way for our industry to think about data. It’s a gift to be given or withheld, and we need to be ready to build systems that give control to the consumer while making it easy and worthwhile to grant permission.
The other cost of GDPR and CCPA has been in data requests. Both laws say consumers have the right to request all the data a brand has on them, as well as the right to be forgotten. Seems simple enough, but it’s actually a pretty big infrastructure change for most brands.
If someone wanted to know what all you’re tracking and what data you have on them, could you answer 100% completely? What systems would that data be in? Who owns those systems within your company? That implied data access has been a doozy for many brands.
Marketers don’t own every system that stores data about consumers, and getting a consolidated data report from every department within a brand could be a challenge if your data systems aren’t mapped out.
The next scary frontier is that if someone asks for that data to be removed, it not only needs data from each of those systems, but also requires the ability to change or remove the data in those systems — another data governance puzzle. This is where most brands are focusing their energy: getting consolidated systems in place to allow the consumer easy, centralized control of their data. If you had all that done by Jan 1, 2020 , congrats! You’re one of the few. The rest of us are taking it step-by-step to make progress in the right direction.
Marketers, data suppliers/ad networks, and consumers are still defining the way these laws will work, pending more court cases and the precedents set by them. That said, brands are—and should be—preparing to provide insight to consumers on what data the brand stores about them. There are whole industries popping up to address this task, not just in the face of CCPA, but in response to GDPR in 2018. The gist of both laws is this: consumers have the ability to both control whether brands target or track them, and to revoke that permission easily. Marketers have sold cookies and data collection as convenience, i.e. remembering my favorites when I return to a site, or making ads that I see more relevant to what I actually want to buy. Now all of that must be transparent and explicit, with the option to opt-out of it at any time.
The good news for most brands is that big advertisers like Google and Facebook will likely take the first hits, like they did with GDPR. The rest of us will watch, learn and adapt accordingly.
The bad news is that, if even 1% of your consumers asked for all the data you have on them—what would it take to deliver on that? For some brands, the answer is: a lot.
Jessica Best is the VP, Data-Driven Marketing for Barkley. This article documents the impact of data privacy developments on brands and marketing strategies. This is not legal advice. Businesses should consult their legal advisors and data privacy specialists for guidance.
Jul 07, 2020
Email, Marketing, Media, Modern Consumer
Please submit your email to download content. Your info will not be shared with any outside sources.
Ready to scratch everything?