With new legislation and big tech brands changing the game rules, what does a future with restricted data mean for marketers?
Unless you have been under a rock, or not reading your industry press, you will no doubt be aware of California’s attempt to protect its flock with stricter privacy laws under the CCPA. Causing mayhem since initial rollout on January 1st, it is still under some assessment. Not final until as late as mid-April yet enforced from July 1st.
Complexity reigns as more than fifteen state proposals (Washington State and New Jersey most recently) and a plethora of federal ones have been put forward in the last year if implemented could result in a further complicated patchwork of compliance controls. Recent federal proposals have even gone as far as to try to override or pre-empt state laws with what is seen as a ‘watered down’ legislation, something California Attorney General Xavier Becerra has vehemently opposed.
Adding to the pressure is consumers’ unwillingness to share their personal data. Forrester reported that 79% of US online adults are using at least one tool to protect their identity – from VPNs and fake email addresses to incognito browsers.
eMarketer reports 45% have also made an effort to keep their cookies minimal in an effort to block tracking. Which makes Google’s latest decision to stop supporting third-party cookies in Chrome unsurprising, as they follow other large tech companies (Apple, Mozilla) in changing the game in favor of consumers, regardless of legislation (and some would say much faster than lawmakers too).
As we face an uncertain future, what are the questions we should be asking ourselves? How will the Marketing industry need to adapt further?
Understanding the Type of Data We May Lose Is the First Step
Data brokers (who are also now required to register online annually under a new data broker law in California) are directly affected. Supporting transparency into the downstream use of their data, Californians have the right to opt-out (through a clear and upfront notification online) of the sale of their data, affecting acquisition and data enhancements efforts.
Any brands dealing with the data of minors will also require explicit opt-in from parents for children under 13 years with explicit opt-in for sale of data for those aged 13-16 years. Historical customer data may also be deleted at a consumer’s request (potentially impacting any first-party data used in models).
And we’ve already seen this start to play out among brands and various online platforms. Consumer empowerment has been given a push from platforms like digi.me who hand back control – albeit with some investment time on behalf of the consumer to connect all their accounts in the app.
Facebook’s ‘Clear History’ allows consumers to disable their ‘off-Facebook’ activity and work directly with websites flagged to stop sharing data with Facebook.
Will All Consumers Opt-Out?
My guess is no. Consumers are not created equally, and one person’s trash is another’s treasure. Even individual preferences can change across touchpoints. Hyper-customization can be seen as helpful (Amazon one-click ordering anyone?), and also creepy (stop listening to Alexa!)
Lessons can be taken from the EU too on how we can offer consumer’s data dignity and control and co-exist in a consensual ad-ecosystem together. CPM’s in programmatic ad buying fell drastically in the EU post-GDPR as opt-ins were required at each point in the ‘daisy chain of data’ ad-serving process.
However, the IAB’s “Transparency Consent Framework” (now on version 2 rollout) is attempting to help provide opt-ins from consumers and provides more granular control with a ‘right to object’ to data processing too. The ICO is monitoring closely and no doubt we may see a V3 as we learn more, but with Google now opted into this latest version it’s a huge step in self-regulation for the Digital Advertising industry and shows a mark of much-needed respect to consumers.
As we navigate tighter legislation with the CCPA and brands change the rule book, here are a few things to consider as you work through compliance and best practice:
- What data are you collecting and why? Data minimization techniques (legislated under the GDPR) means you only collect the data you will use at the time, proving to a customer you are in this for mutual gain. CCPA doesn’t mandate this, but it is going to further raise consumers’ awareness around data privacy, so get out in front of it.
- Can you adopt the highest bar and gain trust early on? The CCPA covers tax-paying CA residents only. Some brands are simply adopting the legislation nationwide to avoid a complex patchwork approach.
- How are you providing value-back? What is the customer getting for sharing their data? Are you offering customized services, relevant offers, or just targeting to sell them more stuff? Consumers share for value (which is not always monetary).
- How much do you trust your brand or client? What’s it like to be your customer? Get humble. Sign-up online, test out what happens to your data.
Don’t wait for further legislation or business change. Any good relationship grows over time. Brands who start valuing the consumer and respecting their privacy now will find that the well of consumer data doesn’t have to dry up.