4 Important Data Protection Policy Considerations You Need To Know
Data plays an undeniably important role in all aspects of business, from marketing to logistics to customer support. Without data, companies would be unable to make well-informed decisions that lead to increased sales and improved brand engagement. However, it's not as easy as simply collecting mass amounts of data and immediately extracting the relevant information. Companies and marketers should be aware of the growing list of topics, policy changes, and privacy concerns revolving around customer data and data protection. What are the four major data considerations that businesses need to know about, and how can they adjust their strategies so they can still meet their goals?
The General Data Protection Regulation (GDPR), created by the European Parliament and Council of the European Union, came into effect on May 25, 2018. It is a series of data protection laws based on seven key principles: (1) lawfulness, fairness, and transparency, (2) purpose limitation, (3) data minimization, (4) accuracy, (5) storage limitation, (6) integrity and confidentiality, and (7) accountability. In short, GDPR outlines the way data should be processed, used, and shared between users, companies, governments, and nations. Since its inception, companies like Google, Amazon, and British Airways have faced fines for breaching GDPR policies.
There have been several important developments since the GDPR came into effect. To start, the Court of Justice of the European Union (CJEU) invalidated Privacy Shield, a framework that allowed American companies to process European customer data. Next, the CJEU recently updated its cookie guidelines, emphasizing the importance of getting customers to explicitly consent to being tracked by websites, as opposed to implicit consent. Lastly, Google and Apple have been facing antitrust lawsuits as a result of GDPR. Since then, both companies have started moving away from the use of third-party tracking and data, impacting businesses and marketers on a global scale.
The California Consumer Privacy Act, or CCPA, is a state statute that came into effect on January 1, 2020. Similar to GDPR, its purpose is to give California citizens the right to know what information is being collected about them, who it’s being sold to, and how it’s being used. It also gives them the right to opt out of their data being sold entirely.
Following the CCPA is the upcoming California Privacy Rights Act (CPRA), which will be in effect in January 2023. Its five key principles are the protection of sensitive data, tripling of fines, data accuracy, official audits, and the formation of a governing body. It’s expected that more state and federal privacy laws are to follow soon.
Companies and marketers need to be careful when navigating GDPR and CCPA’s data protection laws in order to avoid being fined. Audits and documentation are a crucial part of ensuring compliance and responsible handling of data. To start, businesses should look at what data they’re capturing and whether they need to update their privacy policies. For example, they may want to update their website’s cookie tracking or require double opt-in for their email marketing list. They should also look at how they’re processing and leveraging data in their strategies and marketing efforts. Lastly, companies should consider automating their data handling processes if they haven’t already done so in order to eliminate the possibility of human error.
Recently, Apple has been rolling out more and more data protection and privacy-related iOS updates that affect the way marketers interact with iPhone users and vice versa. These updates decrease companies’ ability to collect data, personalize marketing campaigns, and track performance. The most recent privacy changes are iOS 15’s Mail Privacy Protection, iCloud+, and Hide My Email. Marketers should also be aware of iOS 14.5’s App Tracking Transparency (ATT) Framework and how it impacts the effectiveness of IDFA (Identification for Advertisers) and MMPs (Mobile Measurement Partners).
To start, iOS 15’s Mail Privacy Protection gives users the option to hide their IP addresses and prevent third parties from tracking email opens. iCloud+’s Private Relay feature is essentially a VPN service that assigns users a random IP address, making it harder to track their browser activity. Lastly, Hide My Email provides users a random email address when creating an account on a website or app. This “fake” email forwards email communications to the user’s real inbox, meaning companies won’t have customers’ actual email addresses.
iOS 14.5 introduced App Tracking Transparency (ATT), which asks iPhone users to consent to having their web and app activity tracked. Since its launch in April 2021, “the portion of tracked users fell from 73% at the start of 2021 to 32% by the end of June”. In turn, ATT decreased the effectiveness of IDFA (Identification for Advertisers), which is a piece of code that’s tied to each individual Apple device. When users opt out of being tracked, advertisers can no longer use IDFA to retarget consumers with relevant ads. ATT also affected MMPs (Mobile Measurement Partners), which provides marketers with data on app installs, views, and ad clicks.
Understandably, many marketers have expressed concern about the negative impact these new privacy features have on their ability to collect data and track performance. However, there are a few things companies should keep in mind. First, iOS 15’s privacy features only apply to Apple’s email applications; people who use email providers like Gmail or Outlook aren’t affected. Next, marketers should consider re-evaluating their email open-rate goals or shifting their focus to other KPIs, such as click-through and unsubscribe rates. They can also look at website traffic and analytics as well. Lastly, marketers should increase their organic and personalization efforts so they can collect other types of relevant data. For example, polls and surveys, social content, and other omnichannel marketing efforts can also provide useful insights on shopper behavior.
The use of artificial intelligence, machine learning, and bots in marketing has grown exponentially in the last several years. Chatbots, for example, are AI programs that utilize machine learning and NLP (natural language processing) to automate marketing tasks and connect with consumers. They can be found on websites, messaging platforms like Facebook Messenger and WhatsApp, and through SMS texting. Bots are also used to automate other types of tasks, such as capturing data, providing customer support, and posting on social media.
Companies across all industries are using chatbots to collect information and improve customers’ brand experience. For example, restaurant chatbots help patrons make reservations and view menus. Retail chatbots ask shoppers to answer a series of questions so they can provide product recommendations. Even news agencies, health organizations, and banking institutions use chatbots to communicate with people. It has been estimated that “consumer retail spend via chatbots worldwide will reach $142 billion” by 2024.
In addition to chatbots, other types of bots include crawlers, transactional bots, and informational bots. Crawlers fetch publicly accessible data and monitor websites and systems, transactional bots complete data movement-related tasks, and informational bots send useful information via push notifications, emails, and text messages.
Artificial intelligence and bots help companies save time and money, generate leads and revenue, and reduce friction in consumers’ path to purchase. However, there are some downsides that companies need to consider. First, chatbots don’t always provide the human touch and personalization that many customers are looking for. For example, if a customer has a unique inquiry that marketers never thought of, the chatbot’s inability to help will negatively impact the customer’s experience and perception of the brand. On the opposite end of the spectrum, bots that pretend to be human can skew companies’ data. For example, bots are capable of depleting their website’s online inventory or inflating their social media following.
Next, some types of bots are specifically and maliciously designed to cause data-related consequences. Hackers, scrapers, spammers, and impersonators are all examples of bots that are used to steal, use, or even publish sensitive data. Lastly, bots have gained a negative reputation, having played a part in recent sociopolitical events and the increasing spread of disinformation. Many consumers are wary of artificial intelligence and bots as a result.
If companies are to successfully navigate the AI-driven marketing world, they need to be able to recognize and eliminate fraudulent bots. For example, conducting a monthly audit of their email list, social media accounts, and website security. They should also install measures that prevent bots from filling out website forms, leaving spam comments, and emptying out product inventory. Lastly, they should consider investing in chatbot technology. If they use the right tools and take the time to understand consumers’ path to purchase and data protection and privacy concerns, chatbots can really grow their conversational marketing efforts.
Third-party cookies help companies track visitors across different websites, collect data about their browsing activities, and build profiles of their customers. They “allow an advertiser to see how many touchpoints they have with a consumer, which is important for revenue attribution” and other key performance indicators. For example, if someone views a product on a brand’s website and then visits another website, only to see an ad for the product they were just looking at, that is the result of third-party cookies at work.
Browsers like Firefox and Safari have stopped allowing third-party cookies since 2013. Google also announced its third-party cookie ban in February 2020, intending to phase them out of Google Chrome by the end of 2022. However, Google recently announced a delay in their initial projected timeline, stating they needed more time to come up with a solution that won’t negatively impact publishers, advertisers, and online businesses.
Today, users and governments around the world are asking for better security measures, greater privacy and transparency, and increased control of their own data. The ban of third-party cookies stems from recent shifts in data regulations like the aforementioned GDPR and CCPA. On the other hand, marketers have expressed concern about what this means for building customer profiles and targeting them on an individual level; 41% of them believe the biggest challenge moving forward will be capturing the right data. Without third-party cookies, companies can really only look at consumers as aggregated groups. In response, publishers are reducing their reliance on cookies and building new tools so they can continue to serve ads and collect information.
There are a few things that marketers should consider in response to the impending ban. First, Google is only phasing out third-party cookies, not first-party cookies. First-party cookies help companies collect first-party data and track user activity on their own websites, such as clicks, sessions, and referral links. Next, shifts in data protection laws have forced companies to adapt, leading to new innovations in advertising. Marketers should keep an eye out for new tools and solutions that will help them collect information in a responsible way. Lastly, marketers should move away from third-party cookies altogether and start building their strategies and campaigns around first-party data instead.
How First-Party Data Complies with Data Protection Laws
Whether businesses are figuring out how to navigate data protection laws, develop strategies for iOS updates, invest in chatbots, or stop relying on third-party cookies, there is one common thread they should keep in mind: first-party data. When companies collect, store, and use data with their consumers’ explicit consent, it solves many of the privacy and transparency concerns that people and governments are currently experiencing. Consumers feel more in control of their personal information, while businesses feel more confident about using the data they’ve gathered to guide their decisions. First-party data helps companies avoid potential fines, legal troubles, and trust issues. They also gain valuable information that gives them more context about their customers’ individualized needs and behaviors in return.
With 3 tier logic’s PLATFORM³, brands can create marketing campaigns like gift with purchase promotions, sweepstakes and contests, and loyalty programs in order to target consumers and collect first-party data. The Data Capture & Analytics module provides marketers with the information they need to guide future business decisions and better understand their customers. To learn more, book a demo with our team today.