The Equifax Data Breach. The Instagram hack in August of 2017. The Google data scandal with android location tracking. And now the Facebook Cambridge Analytica Data Leak. All of these events have happened within the past year and a half, and all have to do with the handling and usage of individuals’ private data. Ultimately, in response to these events as well as others, new and tighter regulation on access to private data has been approved, making it increasingly difficult to gain prized first-party data. This is especially relevant to marketers and advertisers who use customer data to craft more targeted approaches in their marketing campaigns. With Americans using 2,657,700 gigabytes of online data every minute, the amount of personal information brokers are selling is exponentially greater. According to a Pew study, it’s very important to 74% of Americans to control who accesses their data, but right now, the reality is we’re all for sale. While many think more recent stringent developments may cripple the marketing industry in the future, increased regulation might not be such a bad thing after all. They’ll force companies to put more emphasis on personalized customer relationships over the long run.
To better explain this potential dynamic, you have to understand the details of the new regulations, and specifically the General Data Protection Regulation, or GDPR. Basically, GDPR, which went into effect on May 25th in the European Union (EU), tightens an already strict policy on what companies can do with personal data. It was reintroduced because it was originally created before smartphones began compiling massive amounts of personal data (thanks to Google, Facebook, Instagram, and recent data hacks). The regulatory policy allows more consumer control over data, requires company justification and absolute consent before using data, and considers any data that can identify an individual to be personal data.
And even though GDPR is EU legislation, it still affects almost all businesses outside of Europe. Many firms collect & use EU residents’ data. Furthermore, many international companies draw on companies in the EU for services and processing data, all of which will now be regulated by GDPR.
All in all, it spells trouble for those who want access to first-party data, and requires firms to simplify their language in describing data usage. For example, whenever a customer signs up for a service, they are given a block of text on their data privacy agreement, followed by a small box the user can check agreeing to the privacy policy. According to a 2008 study, it would take an average person about 244 hours a year to read all the private policies on sites they use, or approximately 40 minutes per day. Keep in mind this was in 2008, when people used the internet for ⅓ of the total time they use it today. So rather than reading the excessively long text on privacy agreement, most users find it much easier to simply check the box of agreement and start using the service provided. We’ve all done it.
Now with GDPR and other regulatory legislature going into effect, privacy policy as a whole will be simplified, meaning more consumers will feel inclined to read said policy, and improper uses of data will be quickly exposed and addressed, making first-party data more difficult to obtain. The policy also affects third-party data collection, the means by which most marketers collect data. Oftentimes, marketers don’t collect data themselves, but through certain data vendors. However, since GDPR regulations are universal, vendors are also regulated, and as a result, so too are advertisers and marketers.
The consequence for breaking the GDPR is steep -- 20 million euros (23 million USD) or 4% of annual turnover—whichever figure is larger. It’s safe to say breaking this new policy would be a devastating blow for any company.
To make matters worse for marketers specifically, the general public already holds great distrust for the industry when dealing with privacy and cybersecurity. In fact, based on an industry scorecard found in Lara O’reilly’s recent WSJ article on digital marketing and data privacy policy, Social Media, Digital, Marketing and Advertising companies were trusted by less than 5% of consumers about cybersecurity and privacy. Banks and hospitals were the most trusted by all consumers, but even these industries were trusted by less than 50% of consumers. Overall, most people already have a negative outlook on the advertising industry in the sphere of privacy and data security, something that will only become more scrutinized with new regulation on the horizon.
To adapt to new data collecting regulations, those involved with advertising and strategic marketing will have to employ new and more personalized marketing techniques, something that will make the industry as a whole more profitable in the long run and may even positively reshape the public outlook on marketers’ collective practices.
One major technique that abides by new regulations and encourages data exchange is the idea of “equitable value tradeoff”, as described by Mike Katz, the CEO of mParticle. Basically it revolves around the idea of giving consumers something in exchange for their data as an incentive, such as access to special deals or exclusive clubs. Data usage still must be clearly identified and outlined thanks to regulation, but consumers are more inclined to give access to their data for a reward. Many companies have already found success through this practice, most notably Starbucks and Nike. Through their reward program, Starbucks exchanges certain rewards in exchange for consumers using their app (the more data a user inputs, the better the rewards they receive). Similarly, Nike developed an app called SNKRS to gain data, which is simultaneously used to gauge user interest and target marketing tactics. Consumers have a positive view on this collection of data because in return for their information, they find products that more closely align with their tastes and interests. Nike’s approach follows a general theme necessary for marketing agencies to thrive in the age of increased regulation: firms must enhance personal customer relations in order to gain access to data. And by any standard, having a better relationship with the people you are interacting with is marketing in its purest form.
Additionally, many firms found that a straightforward approach in asking consumers about data usage (and revealing what data was specifically used for) yielded people sharing more information. According to SAP CMO Mika Yamato, “if we figure out how the customer wants to connect with us, we have a greater opportunity to connect with them and inspire them”. And as many in the marketing industry understand, consumer inspiration is always a primary goal.
Being more straightforward and personal with consumers as a whole also evades much of the problems associated with consumers submitting false data. Sometimes when special deals and discounts are offered in return for data, consumers supply false data in order to take advantage. However, people are much more likely to give accurate information on themselves to a real person that they have a personal relation with instead of an online form, which further supports the idea of prioritizing customer relations over brand promotion. Phil Sutcliffe, head of offer and innovation at Kantar TMS UK, agrees with this notion by saying, "People talk about trust in brands in a similar way to which they talk about trust in people-it's quite emotive-so it's important for brands to embody those human qualities and to be quite real and vulnerable and transparent in terms of how they are communicating.”
The main caveat with this new approach is that marketers have to be careful that they aren’t too aggressive in trying to obtain consumer data, a practice that will surely deter customer interest. Privacy has to be viewed as a core value, and not just an additive marketing ploy. Apple’s newly implemented privacy icon represents a great example. The privacy icon pops up when one of apple’s apps asks for personal data, in effort to prevent piracy attempts and show the corporation’s dedication to protecting the users’ personal data..
All in all, if companies continue to implement policies like Starbucks, Nike, Netflix, Amazon, Apple, and others, then GDPR regulations and other changes to private policy should not be feared amongst marketers, but instead welcomed as an impetus for improvement and a better way to build real relationships where they are invited into a very private conversation.