12 min read
Can Marketing Coexist with Privacy?
By: Josephine Yam, J.D., LLM., MA Phil (AI Ethics) 5/5/22 2:15 AM
Technological advances encouraging vast data collection seem to have stripped us of the right to privacy. In today’s digital economy, where personal information is often freely shared online, you might wonder, “Do individuals still care about their privacy?”
In June 2021, Cisco surveyed 2600 adults in 12 countries spanning America to Asia. Participants were asked about their attitudes and activities regarding companies’ use of their personal information; awareness and reaction to privacy legislation; and attitudes regarding artificial intelligence (AI) and automated decision making. The results showed that consumers want transparency and control concerning business data practices. 86% of the respondents care about data privacy and want more control, and 79% are willing to spend time and money to protect data.
In short, yes, people still care about their privacy.
The Internet has made it easier for businesses and consumers to connect and interact, fueling economic growth. However, the trade-off is increased access to personal information. This is one of the reasons why consumers are now more concerned about their data privacy and the overall access companies have to their personal information. As a result, data privacy regulations are becoming commonplace, forcing privacy compliance.
Businesses can no longer freely collect personal data without risking legal ramifications—it’s time to change. Organizations that can make digital marketing and consumer privacy coexist may be able to develop a significant, long-term competitive advantage.
What is customer data privacy?
Data privacy is the right to have some control over how your personal information is collected and used.
Personal information refers to data that can be used to identify, find, or contact an individual.
There are more nuances to personal information, especially regarding sensitivity, but some common examples include an individual's:
- Home or other physical address
- Email address
- Telephone number
- Social Security number
- Passport number
- Driver's license number
- Bank account number
- Credit or debit card number
- Personal characteristics, including photographic images, fingerprints, handwriting, or other unique biometric data
You likely collect massive amounts of personal information from consumers and employees alike, necessary to fill orders, process payroll, or perform other essential business functions. You may also use personal information to send targeted ads, emails, and other common digital marketing activities.
Why is it important to protect customer data privacy?
Imagine waking up one morning to discover that your company has been fined €30,000 because the individuals who signed up to your company’s website were contacted for marketing purposes without their consent.
That’s what happened to Info Communication Services (ICS). The Hellenic Data Protection Authority (HDPA) found that individuals who signed up to ICS’s website had their personal data processed for purposes that they had not consented to. ICS had violated the General Data Protection Regulation (GDPR).
In another famous GDPR violation case, the French data protection authority (CNIL) fined Google €50M for GDPR compliance failures. CNIL found that Google hadn’t clearly and comprehensively notified users that their data would be used for marketing purposes, as required by the transparency and information obligations under the GDPR. In addition, CNIL established that Google didn’t have a legal basis for processing user data for personalized advertising. This is because Google had failed to collect consent validly since its terms were ambiguous.
Consumers are now becoming more aware of the value of their personal information and how it is misused for financial gain, typically done without consumer knowledge or consent. As a result, laws and regulations covering the collection and use of consumer data are emerging. Consequently, your digital marketing team needs to know what they can and cannot do regarding data privacy.
There are also specific laws, like the GDPR, that may require you to protect consumer data. For example, GDPR requires companies collecting data on EU citizens, including small and medium enterprises (SMEs), to implement a reasonable data protection measure. Failing to do so can result in fines. Under the GDPR, the EU's data protection authorities can impose penalties of up to €20 million, or 4 percent of worldwide turnover for the preceding financial year, whichever is higher.
It's essential to respect consumers’ privacy because failure to do so can result in reputational harm to your brand and company, destroyed consumer trust, and violation of privacy laws that would lead to significant fines and legal claims.
How to protect customer data privacy
While it’s critical for marketers to collect customer data to help bring leads into your sales funnel, your team must balance this with maintaining consumer relations, reducing liability, and being cost-conscious.
As technology evolves, it provides digital marketers with new methods of reaching consumers. Because of this, the best way to use data and the laws protecting consumer privacy are constantly changing as well. You must ensure that your marketing team understands this and create an internal system or program that allows your employees to stay up to date.
When collecting data for marketing purposes, it must be clear why personal information is needed or what your business will use it for. Collect only what is necessary and be transparent about the collection with consumers. Here are some question guides to help you in your planning and careful consideration:
- Do you know what information you are collecting? Are you over-collecting?
- Do your collection methods comply with the law?
- Do you have a privacy notice that is clear and understandable?
How companies use personal data matters as much as the data itself. Before you use this data, you should ask yourself the following questions:
- Do you understand the privacy laws that regulate how you connect and market to potential customers?
- Are your processes for customers to unsubscribe effective and in compliance?
- Have you thought through your practices from the customer’s standpoint and tried to remove ones that could seem invasive?
General ways that digital marketers can protect consumer data
- Understand the personal information you handle and collect only necessary data.
It's clear that the more you know about your customers, the more likely you are to reach your target audience and increase sales. However, collecting too much information is increasingly becoming an issue. Any unnecessary personal information you've collected creates risk, especially in the event of a breach. Limiting collection to what is only necessary reduces what can be lost or stolen.
Appoint a person responsible for privacy within the marketing team.
- Understand the laws you are subject to.
Your organization likely collects customer data to optimize reach in marketing channels such as telephone calls, email, mobile ads, and traditional mail. Each channel is subject to privacy laws to protect consumers’ privacy. Privacy laws vary depending on the jurisdiction, industry, and collection method. Privacy laws also affect using, buying, and selling personal information. If you do business in Virginia, California, or Colorado, we discuss the CDPA, CPRA, and CPA in depth here.
- Obtain consent and be transparent with how customer data is used.
Transparency gives customers peace of mind. Customers will be willing to share their personal data knowing your company will use it fairly and ethically.
As cited in the Google case, the “informed and unambiguous” consent requirement strengthens the need for transparency in the collection of consent from individuals. An individual must know exactly how you plan to market to them, on what subject, and by whom, including any marketing affiliates/partners. Catch-all, high-level statements left open to interpretation are no longer sufficient.
An individual must opt in to direct marketing as opposed to the usual practice of forcing individuals to opt out. You need to investigate how consent is currently managed and identify consent mechanisms. Ensure you have adequate permission for all personal data with clear, distinguishable records of consent. An individual must accurately state that they know exactly what kind of marketing they are opting in to when they provide consent.
Transparency may go against traditional business practices, but it can add real value to products and services while reassuring consumers and strengthening trust.
- Always allow opting-out.
Organizations can send customers marketing emails about products and services, but there must be a clear means of opting out included in each marketing communication.
Whether marketing is done through telephone, email, or text message, always provide a way for consumers to opt out. Organizations should quickly assess if they have the means to process an opt out across all systems where personal data are stored. Here are guidelines to help the companies to avoid privacy violations:
- Double check that opting out is available on all direct marketing tools
- Check on and comply with legally required timelines
- When using a third-party vendor, ensure the subscribe system works and always test it
- Make it easy to unsubscribe and give consumers choices about lists
- Include the “unsubscribe” equivalent for other marketing areas like telemarketing, such as a do-not-call list
- Obtain consent for cookies.
Cookies can store a wealth of data to potentially identify an individual without consent. Consequently, they can be considered personal data in certain circumstances and are subject to privacy laws such as GDPR and ePrivacy Directive.
To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive, you must explicitly receive website users’ consent before using any cookies except strictly necessary cookies.
- Train your employees.
Training and awareness for an organization’s marketing teams are essential to ensure that privacy-compliant marketing practices are embedded into business operations. Your employees must know the importance of protecting consumer data and the latest threats so they do not incorrectly share consumer information. Regularly training and communicating with employees about best practices can protect consumer privacy.
- Restrict access to personal data.
Not everyone on your marketing team needs access to all the data your company handles. Limiting access to data means fewer points of vulnerability for you.
- Keep customer data secure.
Implement proper security measures to safeguard personal information. This involves determining who should access the data and sufficiently securing company databases, networks, and websites. You should also use encryption standards relevant to your business needs while storing or transmitting sensitive data. Firewalls are also important for keeping unauthorized users out and protecting information.
Privacy-first digital marketing
Your marketing team needs to communicate transparently with customers and let them know when and why their data is collected and how it is used. Additionally, you must properly secure that data. When customers trust the companies they are dealing with, they will be willing to share their personal information. In return, your business will benefit.
Privacy regulations will continue to grow and evolve as the technology for collecting and using data grows. Respecting, safeguarding, and promoting data privacy must become ingrained into digital marketing strategies, practices, and processes because it is definitely here to stay. If you’re unsure how to begin, look at our privacy compliance tips for SMEs, or check out our solutions if you want to get started right away. We can help ensure your digital marketing team follows data privacy regulations while still supporting effective marketing strategies.