THE HIGHLIGHTS
Privacy by default:
How brands are adapting to new consent requirements
With changes on several fronts limiting how brands identify and target individuals, marketers must equip themselves with the key knowledge needed to prepare for a world where privacy is presumed
recommended READING
FULL
SCREEN
FULL
SCREEN
Marketers should follow best practice when it comes to privacy, to ensure they meet new international regulations and adapt to rising customer expectations around consent. This was the consensus reached by marketers at an invite-only roundtable held during the Festival of Marketing, but how can this be achieved effectively?
At the event, sponsored by the most widely used platform to operationalise privacy, security and data governance, OneTrust, and held under the Chatham House rule, participants explored why brands must rethink how they interact with customers online in order to maximise opt-ins and also comply with privacy laws.
A digital marketing manager for a portfolio of DIY and professional decorating brands accepted that his marketing team needed to do more to build trust with consumers regarding consent. Yet he expressed that there still remains confusion within his organisation around privacy.
“We are getting on top of GDPR and now we are moving on to the cookie consent issue,” he said. “With GDPR there was an initial panic over what data we could hold onto and what we could use. There was a purge of data to try and be safe as a brand and building up our lists again has been a challenge.”
SPONSORED BY OneTrust
BACK TO top
BACK TO HUB
watch ‘Time to market marketing: How to increase your influence’ at the Festival of Marketing on demand
Find out more about how marketers can take a bigger role in leading their businesses. Watch Salesforce’s session, ‘Time to market marketing: How to increase your influence’, at the Festival of Marketing on demand now.
New legal requirements
One digital marketing manager from a global recruitment company agreed that it was hard to prepare with so much confusion about what marketers are allowed to do with data. She said that the marketing team struggles to work with the legal team in order to achieve compliance and meet marketing goals. In addition to this she shared that communicating privacy and consent laws internally is not easy.
“The biggest impact is when new regulations come along and you suddenly get the legal team saying, ‘you cannot do that’ or ‘we now need to review that campaign’,” she said. “It can stop some of our planned activities and can wipe out months of campaign development.”
She added that there is now a big question every time the brand wants to collect data. “Legal will ask ‘what are you going to do with it?’ Sometimes we don’t know how data is going to be used because, as marketers, we might not have a creative idea yet or spotted an opportunity.”
OneTrust offering analyst Zac Faruque explained there is an avalanche of new regulations marketers must keep on top of. This includes high-profile regulations like GDPR, regional cookie law variations and new data privacy laws such as Brazil’s LGPD and California’s CCPA.
“We are seeing technology companies specifically going beyond these regulations,” said Faruque. “The change around third-party cookies, for instance, will impact the ad tech space, whether you are a publisher or an advertiser. We are also seeing a big shift in consumer expectations around online privacy.”
The tension between marketing and legal can be frustrating but it is often necessary because it is essential brands are compliant in order to avoid big potential fines. The panel explored the need for more training for marketers, so they are aware of best practice and the law.
“Best practice for marketers means taking ownership of customer touchpoints and making sure everything is not a legal touchpoint.”
Faruque said knowledge is power and he urged marketers to consider certification training via the International Association of Privacy Professionals (IAPP). Its online courses focus on data privacy laws, policies and standards across international jurisdictions.
“To keep this simple, there are two guiding principles that marketers should follow,” he said. “The first is: ‘Would you do this with your mother’s data?’ The second is: ‘How would you justify your reasons for using the data on the nine o’clock news?’ If you can answer these questions you are probably fine from a data protection perspective.”
He added that when it comes to doing things right, best practices must also be followed around all activities linked to marketing and customer interaction. This includes privacy policies and terms and conditions.
“Best practice is not just about the legal aspect. That would be like putting a lawyer at the front door of your bricks-and-mortar store and asking people to sign a waiver before they could come in. We seem to find this acceptable in the digital ecosystem when people first interact with a brand.
“Best practice for marketers means taking ownership of customer touchpoints and making sure everything is not a legal touchpoint.”
Privacy in apps
One question for those around the virtual table was how do the current privacy regulations impact apps that collect data?
The answer is that apps must be treated as another form of electronic communication. They need a consent prompt when advertisers want to identify users. Apple, for example, assigns an IDFA (Identifier for Advertisers) to a user’s device, which helps brands deliver customised advertising. But in future brands may have to be less reliant on IDFAs, since Apple is phasing them out.
A global marketing communications leader for a leading international furniture retailer said: “We have been using IDFAs to optimise our media, but I would certainly be all for ending our reliance on them,” he said. “With our app we specifically ask people to log in using their profile. At that point consent is no longer an issue.”
The need to collect more first-party data instead of relying on third-party data was discussed in detail. The marketing director from the global recruitment company said she tries not to let any visitor to the website leave without providing some personal information.
“We start with that and then begin the process of building a one-to-one relationship,” she said. “The nature of what we do lends itself to people giving us information so we can help them.”
The DIY digital marketing manager said he was also moving away from third-party cookies. Meanwhile a marketing director for a global IT provider said she was still researching what the changes around third-party cookies will mean for her team and future marketing campaigns.
The final topic discussed was how involved should marketers be in the privacy process? The thinking around the table was that a strong involvement should be encouraged because marketers are so close to the customer.
The furniture brand marketer said his function was represented at the company by the engagement leader. “But I have discussions every day over who does what and who takes the lead around this area.”
Other marketers said that the lawyers tend to talk directly to the digital team rather than involve the overall marketing function in the conversations around privacy. This can mean a brand’s tone of voice is lost in customer communication because it has been written by lawyers.
Faruque suggested using creative ways to encourage consent. He cited the example of one coffee brand that used a coffee cup graphic. As people clicked through the various consent options, the coffee cup filled up. This provides the user with an easily understandable and engaging consent management experience.
So, what about preparing for the future? “Ultimately marketers need to understand the impact of all privacy regulations around the world and measure how effective they are being in terms of opt-ins, consent collections and other KPIs while remaining compliant,” said Faruque. ■
Zac Faruque, OneTrust
THE HIGHLIGHTS