5 things marketers should know about data privacy in 2020

On data privacy day, CMO talks customer data privacy and how it could ultimately make for better marketing

Data Privacy Day is today (January 28) and with legislation being implemented around the world and large platforms like Google phasing out cookies, marketers are scrambling to balance privacy requirements with customer expectations around not only data collection, but the personalised communications they now expect.  

CMO chatted with a number of organisations to see what marketers need to be keeping in mind in terms of privacy legislation this year, and how it can actually make for better marketing in the long run. 

IAB Australia CEO, Gai Le Roy, told CMO 2020 will be a year where marketers will need to carefully review the significant changes in three key areas: Privacy regulation, technology and consumer expectations.  

“These three areas are increasingly interdependent, so marketers should be reviewing their marketing activities and infrastructure looking through these three lenses,” she said. 

And with increased use of customer data in marketing, the pressure is on. According to Wunderman Thompson’s recent Future100 report, brands’ current use of data is generally perceived as underhanded and unethical. 

“With consumers nearing a breaking point amid increasingly frequent and severe data breaches - from the seminal Cambridge Analytica scandal to the massive Equifax credit breach to the September 2019 Ecuador data leak - brands are starting to course-correct, shedding light on their policies and practices...It doesn’t mean constantly trying to grab your consumers’ attention. It means developing a conversation and a trusting relationship,” the report stated.

Wunderman Thompson Intelligence, Emma Chiu, said data is under the microscope. "This is affecting all industries, with the trustworthiness of a brand now tied to the way it uses consumer data and how transparent its terms and conditions are. Rules and regulations are slowly being implemented to protect consumers, and brands are racing to ensure they are using personal data responsibly,” she said.

With data a powerful time, it's paramount data privacy and transparency are front and centre for marketers, LiveRamp Australia and New Zealand country manager, Natalya Pollard, said.

“The marketing industry needs to balance consumers’ desires for a personalised, frictionless experience, with the increasing call to treat their data with dignity and with the same respect afforded to it as a fundamental human right," she said. “It is important marketers understand the future of data is geared toward transparency and openness.”

1. The CCPA

The California Consumer Privacy Act (CCPA) is a data privacy law designed to offer consumers control over the use and sharing of their data.

Yes, it’s a US law, but it still applies to companies doing business in California, who are collecting personal information, have US$25 million or more in annual revenue, or which buy, sell, share or receive personal information of 50,000 or more consumers, households, or devices for commercial purposes.

Under the law, consumers have the right to request a copy of the personal information collected about them in the prior 12 months and request deletion of the personal information collected.

Integral Ad Science A/NZ managing director, James Diamond, told CMO data privacy will continue to be a growing focus in 2020 with GDPR maturing, the introduction of the CCPA, and both Singapore and Malaysia's Personal Data Protection Acts (PDPA) increasingly being activated in southeast Asia. 

“If a marketer is operating in just one market, it’s easier to place checks on data privacy practices. But if you’re a big corporation with operations in the US, EMEA, APAC, and so on, it becomes much harder to have a single view of the customer because of your ability to attribute information to customer records varies by country, so marketers need to seek very specific advice regarding this,” Diamond said.

For companies in Australia, Diamond recommended seeking counsel from the Office of the Australian Information Commissioner, or regulatory bodies such as IAB. He also noted overall increased scrutiny on data that is collected for the purposes of advertising. 

“If you have all this data about the individual but no way to activate that data in digital environments you might be better off not having it at all," he argued. "Marketers are starting to substitute that audience data with contextual intelligence. Rather than having to support all that data management and privacy regulations that go along with capturing and leaving personally identifiable information, many marketers will switch to advertising in environments that are contextually relevant and use that as a proxy for the audience.” 

Le Roy added companies that transact or have data on people in different geographic areas worldwide will have to keep across a myriad of different regulation regimes that have already gone live, as well as others that are in the pipeline, such as India’s proposed Personal Data Protection Bill.

Strategic marketer and marketing technologist at marketing services company, Silverbullet, Tim Beveridge, said legislation is implemented differently across different regions, but it all boils down to some pretty simple principles.

“A brand or business must seek explicit and specific consent to use an individual’s data and that permission should be gained in a way that represents a genuine and meaningful choice on behalf of the consumer; that permission is specific to the agreed use and the same data cannot be used for other things outside the agreed scope; and generally speaking, the consumer then has a right to be able to access any data a controller has on them, ask for it to be deleted, or ask for it to be corrected," he explained.

GDPR [General Data Protection Regulation act] is in force and applies to any company selling to any European consumers whether they are within Europe or not. Following this, US states have been creating their own legislation with some variation on these themes.

“Australia has also followed suit with new privacy legislation being proposed, upping fines to $10 million; or three times the value of any benefit obtained through the misuse of information; or 10 per cent of a company’s annual domestic turnover.”

Segment CEO and co-founder, Peter Reinhardt, said all eyes will be on the US in 2020 to see if the world’s largest economy and tech centre can agree on a federal privacy bill. 

“US legislators on both sides of the aisle in the House and the Senate are working on a myriad of different federal privacy laws that would cement data privacy rights for more than 300 million Americans," he commented. Marketers around the world should pay close attention here, if you do business in the US or store American consumer data, you’ll likely need to comply with this law when it happens.”

As WARC Knowledge managing editor, Lena Roland, added, although the CCPA applies to Californians, it's important to note the legislation is causing a ripple effect across other US states proposing similar privacy laws. Industry bodies such as the ANA, the Internet Advertising Bureau and major brands are lobbying for a federal privacy law which is preferable to a confusing patchwork of privacy laws across 50 different states.

2. Consumer expectations

Thanks to some well publicised data breaches, consumers are more aware of their data than ever before. This means consumers now expect brands to collect and use data in a responsible and thoughtful way.  

Ecosystm principal advisor, Alex Woerndle, said it’s all about limiting what you capture to what you actually need, to use it only for the purposes described in your privacy policy and to retain it only for the period required.  

“While data is valuable to marketers and organisations, it’s equally valuable to hackers, and consumers are becoming acutely aware of the value of their privacy and risks of sharing their information with marketers,” Woerndle said. “Growing awareness by consumers, continued focus of breaches in the media, and an ever-evolving threat landscape mean marketers need to understand their obligations, and minimise their risk.”

Sisense CMO and GM, Harry Glaser, said transparency must be first. “As Facebook teaches us, you can have the most advanced data and security technology in the world, but if your customers don't trust your brand, ultimately you have nothing. Trust is built on transparency. You need to be transparent with your customers on your privacy technologies, your processes, your certifications, and most of all, in the unfortunate event of a breach," he said.

"First of all, it's the right thing to do. Also, customers are more loyal and more sticky if they trust you. Customers will run away from untrusted brands even if there's no actual breach or privacy problem.” 

Xandr senior director of market development JAPAC, Samuel Tan, said as data privacy dominates the headlines, consumers’ perception of trust is essential to the success of any business, particularly in the advertising ecosystem. Therefore, consumers need to be put first in the design of any solution.

"As technology platform and facilitators of digital advertising transactions, we have a responsibility to contribute to a healthier ecosystem built on best practices and trusted, secure user experiences,” he said.

Up next: 3 more key trends marketers must pay heed to in the year of privacy

Page Break

3. The Australian Privacy Act/CDR

Le Roy told CMO the Australian Government has supported a review of the Privacy Act by the Office of the Australian Information Commissioner (OAIC) during 2020, to be completed in 2021. This will include the development of a new privacy law for companies that trade in personal information. 

“The updated legislation will increase the need for transparency around data sharing, as well as new rules that strengthen the need for consumer consent for collecting, using and disclosing personal information,” she said.

“The IAB supports initiatives that improve transparency on the collection, sharing and usage of personal data. Any change in privacy regulation needs to balance consumer experience and ensuring changes don’t place a significant burden on consumers or negatively impacts their user experience, as well as making sure that smaller businesses are able to operate in a way that is not too onerous in terms of resources.”

Talend A/NZ country manager, Steve Singer, said this year’s Consumer Data Right (CDR) legislation will make it easier for individuals to access and share their data from one organisation to another.

“The motivation for CDR comes from the Australian Government wanting individuals to enjoy higher rates of data portability. Rather than a service provider being able to tie down a customer by restricting access to their data, they will be compelled to make it available and in a usable form, thereby improving market competition,” he said. 

Diamond added legislation in Australia is adequate but most people sign away their rights to access the benefits of the platforms before actually reading the long terms and conditions document on how the company will use personal data. 

“The legislation is not the best way to regulate, as it tends to move quite slowly, a better way is for the market to self-regulate where possible, as it can evolve faster as compared to legislations put in by the Federal Government," he claimed.

“Unfortunately, the ad industry could have done a substantially better job of self-regulation. Still, It’s better if bodies like IAB take a leadership role to make advertising safer and better for consumers and it’ll then require lesser legislation. If you bring in legislation to get large organisations to comply, it impacts the smaller ones more as the large organisations have resources to work around these and end up benefiting from the reduced competition that eventuates. If the industry can't self regulate the government will need to step in.” 

4. Consumer communication

The onus of consumer expectations needs to be managed by better communication. While communication is a marketer’s business, the function has not typically communicated around collection and use of data. This needs to change. 

Glaser told CMO it’s important to communicate transparently and honestly with your customer base about your handling of data. He said marketers need to be telling customers about best practices, processes, certifications and breaches, as all of this builds trust and brand equity in the long run. He added using language to communicate with customers which simply conveys the agreement, is jargon free, and represents a company's brand values is vital and boiler plate legal jargon is not acceptable.

Ricoh Australia general manager of marketing, Tori Starkey, said customers demand personalised experiences that are seamless across all touchpoints, however they are increasingly concerned about providing the data required to provide it.  

“They are acutely aware of the value of their personal information and are demanding more control over how it is collected, stored and how it is used. This becomes increasingly difficult as more communications and interactions are automated," she said.

“Obtaining consent is often the first interaction a customer has with a brand, so it needs to be treated as more than a compliance issue. Marketing needs to understand building trust in the brand from this first touch is going to be imperative in gaining the trust required to deliver a CX in line with expectations."

Singer said data portability provides an opportunity for better customer experiences and CDR will make it easier for service provider marketers to offer a raft of new services to potential new customers. By being seen as innovative, they will be able to attract far more customers than they would lose. Again, communication will be key to articulating these data-led propositions.

Le Roy said consumers are increasingly aware of the value of their own data and as with any interaction with customers or potential customers, respect is important. 

“Marketers will start to shift from their current data collection and usage legal language which is often quite confusing and unclear, to a more consumer friendly understandable way of communicating," she said. "Companies will need to have increasingly sophisticated consent management regimes and platforms to manage the various regulation regimes and necessary consumer control of their own data.”

Roland said marketers must show they have the correct provisions in place and they are compliant with data privacy laws. 

“We're entering a new era of consent-driven and permission-led marketing. This means marketers must secure consumers' informed or explicit consent before they can leverage their data. A tick box exercise is no longer sufficient," she said.

"Marketers will need to be very clear about how consumer data is used, shared, stored, with whom and for what purposes – it's a new era of transparency that gives people more control - and this will build trust.”

5. Privacy makes for better marketing

Marketers could be forgiven for thinking all this spells doom and gloom for the marketing function. In reality, privacy compliance and the death of the cookie means marketers will have to get smarter about their marketing, which will lead to better marketing, personalised, contextual offerings and an overall happier consumer. 

Beveridge pointed out putting consumers first ties very well into marketing fundamentals, while Le Roy said being transparent around data collection and open about the reasons for any data sharing is just good business. 

“Respect of customers and a clear and transparent value exchange is vital to a positive brand perception. If people do not trust business practices or if they feel exploited, they are unlikely to engage with that organisation again,” she said.

Singer said while legal compliance is one dimension, another is trust. Companies will need to change culturally, and marketers will need to make transparency and trust central pillars of their data strategies, and then support this with the right martech systems. 

“CDR and the sheer value inherent in customer data means that 'the customer is king' mantra is back with a vengeance. Thanks in part to information mobility, legislation and the new channels offered by social media, consumers are taking charge of their relationships with business, rewarding companies that display an almost obsessive commitment to delivering an exceptional customer experience coupled with robust data privacy,” he explained.

Consumers are becoming much more aware as a result of the media attention from major breaches, driven by the legislative changes we’ve seen globally, Woerndle said.

“Customer data provides insights that enable significant business decisions that drive improved services, revenues, as well as cost savings. A loss of trust could wipe out your competitive advantage, and set your marketing intelligence, plans and business back by years," he continued. “Conversely, brands that pay due respect to their customers and their customers’ data can confidently drive their strategy forward.”

Third-party data is also in the spotlight for many. Reinhardt said marketers need to continue to move away from ‘data gossip’— using third-party data bought from data brokers usually without consumers’ explicit permission.

“Ditching unethical, third-party sources should not mean the end for the use of customer data altogether. Customer data should still be used to take the guesswork out of marketing, create thoughtful, personalised campaigns, and build amazing digital experiences, all of which customers crave," he said. 

“The distinction? The data used must be first-party, gathered and used with consent, respect and transparency. For marketers, the direction of travel is clear: cut your reliance on third-party data, and become more transparent about the use of customer data.

“In an age in which consumer trust is more valuable than ever, marketers must take data privacy seriously. If they don’t, they risk damaging their brand beyond repair.”

Roland agreed and expected to see a renewed focus on planning media based on contextual triggers in the post-cookie era. As Kantar research from late last year shows, site context and ad congruence can boost campaign impact significantly, he said.

"Brands should consider how they can align their approach to privacy with a broader brand purpose. Apple, for example, have stated that the company regards privacy as a human right – and are using privacy as a competitive differentiator.” 

Follow CMO on Twitter: @CMOAustralia, take part in the CMO conversation on LinkedIn: CMO ANZ, follow our regular updates via CMO Australia's Linkedin company page, or join us on Facebook: