Tag Archives: Consumer Privacy Protection

Consumer Privacy Protection Regulators are Ready. Are You? 

27 Jan

Time for ActionData regulation isn’t new, but many marketers are at risk because of incomplete and or inadequate processes to comply with consumer privacy regulations. This is despite much publicized notifications and warnings related to regulatory enforcement and the levying of fines for non-compliant activity.

Marketers have been tasked with collecting, utilizing and sharing consumer data more responsibly. This means providing consumers with the ability to understand whether data is being collected from them, what data is being captured and the purpose for which that data is being used. Further, marketers must provide consumers with the ability to request that their personal data be deleted and made unavailable for specific purposes.

The challenge has been that there is no omnibus global or federal law that covers all geographies, business sectors or data types. As a result, most marketers are focused on the two broadest-reaching, most comprehensive laws:

  1. General Data Protection Regulation (GDPR) – Adopted by the European Union which went into effect May 25, 2018.
  2. California Consumer Privacy Act (CCPA) – Went into effect January 1, 2020. Coverage expanded with the passage of the California Privacy Rights Act (CPRA), which went into effect January 1. 2023.

Regulation covers a myriad of personal information types including personal identifiers, commercial information, internet or other electronic network activity and other data such as geolocation, biometric, audio, visual, thermal, olfactory or similar information, professional or employment-related and educational information.

Failure to comply can be costly. CCPA infractions will cost marketers $2,500 per violation and $7,500 if the violation was deemed to be intentional. So, for marketers with consumer databases containing tens of millions or hundreds of millions of names, the risks are real. Consider the fines levied by the European Union for GDPR violations:

Top 5 GDPR Fines (Source: Enzuzo)

  1. Amazon – $780 million
  2. WhatsApp – $247 million
  3. Google (Ireland) – $99 million
  4. Google – $66 million
  5. Facebook $66 million

Note: Sephora was fined $1.2 million in November of 2022 for CCPA violations. This was the first CCPA settlement. Risks accelerate as the July 1, 2023 “Enforcement” data nears for the CPRA.

While many marketers have updated “Privacy” and “Data Collection” notices on owned websites, this is nothing more than table stakes in this privacy focused era. Marketers must create platforms, systems and processes that provide a full view of their data, where it’s stored, what it’s used for, where it was gathered from and whether the proper permission was secured. Understanding “Consumer Rights” under these laws is a good starting point for developing such protocols:

Consumer Rights Under the CCPA 

  • Know that personal data is being collected on them
  • Know what personal data is being collected
  • Know if their data is being shared or sold and to whom
  • Ability to opt-out of their data being sold
  • Personal access to their data
  • Option to request that businesses delete their personal data
  • Protection against discrimination for exercising their privacy rights
  • Extra protections from data collection if they are minors

It should be noted that the regulations apply to all marketers, whether they’re focused on Business to Consumer (B2C) or Business to Business (B2B). At present, the CCPA broadly defines “consumer” to include “individuals acting as representatives of their employers.” While there are B2B exemptions that cover certain verbal or written communications with a consumer, the amendment (AB 1355) is highly nuanced and worthy of marketers securing legal guidance.

Beyond the notification of consumers and the provisioning of viewability and opt-out mechanisms, businesses will be tasked with protecting personal data in a safe and secure manner addressing threats to the confidentiality, integrity and access to the personal information in their databases. In addition, marketers will want to review and likely update agreements between their organizations and third-party data processors. These updates should include language requiring such suppliers to maintain data inventories, use due diligence questionnaires, provide records of processing actions, require the syncing of consumer response processes, allow for onsite assessments and audits, and require the mapping of any data elements shared with any party… including data that was sold.

While marketers await regulatory standardization within select markets, near-term it behooves marketers to understand that privacy requirements vary by geography and by sector and that a best practice would be to structure compliance programs to satisfy the strictest legislation, which should cast the broadest net when it comes to complying with other guidelines.

This article was written for informational purposes and not meant as legal guidance.

Tags: , , ,

Fraud & Privacy Regulation Create Digital Media Challenges

21 Apr

ChallengesDigital media’s value proposition is the ability to more finitely target audience segments, moving beyond traditional demographics, leveraging deterministic user data to paint rich, behavioral-based customer profiles, delivering a marketer’s message to those customers inexpensively, at scale.

This dynamic resulted in the rise of U.S. digital media spend from $26 billion in 2010 to $139 billion in 2020 (source: IAB/ PwC).

Yet recent developments, including increased regulatory activity surrounding consumer data privacy protection (GDPR, CCPA) and the resulting moves away from the use of third-party cookies to track website visits and collect consumer data to help marketers target their messages, have exposed some challenges related to digital media and customer targeting that the industry must now contend with.

The primary issue going forward is the fact that the major browsers have stated that they “will not use alternate identifiers” to track consumer web browsing activity. Further, consumers remain distrustful of sharing personal information, which has significantly thwarted marketers’ opt-in efforts, limiting their personalization and targeting strategies.

Secondly, data brokers and data management platform (DMP) providers may offer little credible support in this area. In a recent Forbes article entitled, “How Accurate is Programmatic Ad Targeting” Dr. Augustine Fou suggested that few AdTech providers “have users that voluntarily provide” demographic information. This means that the targeting “characteristics or parameters that a data broker or DMP has on users are derived.”

Thirdly, digital media fraud continues to limit marketing optimization efforts. In their 2021 “Marketing Fraud Benchmarking Report” Renegade and WhiteOps profiled some of the outcomes experienced by marketers whose databases have been corrupted by fraud. These include:

  • Website traffic spikes, not connected to new content
  • Steep increases in traffic associated with marketing campaigns
  • Wide variances in time-on-site metrics, depending on traffic source
  • Lower than expected conversion rates
  • Diminishing quality of in-bound leads

The primary cause behind these occurrences is fraudulent bot activity. In addition to skewing digital media audience delivery and campaign performance indicators, this fraudulent activity has also corrupted consumer databases. Thus, marketers may experience difficulty in determining what percentage of their target profiles and contacts are real or fraudulent, leading to ineffective and expensive retargeting and profiling efforts.

The alternative being suggested by many is to fall back on contextual marketing. In short, placing a marketer’s advertisement in the most appropriate context (e.g. adjacent to the most relevant content). This means either working with publishers and websites directly accessing their first-party data to target advertising based upon user activity and content preferences to shape ad targeting decisions or, in the case of ad networks, serving up ads based upon page content, keywords and metadata.

Unfortunately, some browsers such as Google will not allow advertisers to access contextual content categories and or identifiers to inform their ad targeting efforts. Additionally, one important trade-off of contextual targeting is that data is not collected on the user for use in creating buyer profiles or in predicting future behavior and thus has little value in establishing targeting parameters or in remarketing.

With 54% of U.S. media spend being allocated to digital and 65% of that being programmatic (source: Zenith Media), marketers and their advisers have their work cut out for them as they navigate the new digital playing field.

Tags: , , , , ,

%d bloggers like this: