Data, value and consent – living in the embryonic age of privacy management
In an era where data-driven decisions are becoming the norm, how can marketers balance brand interests with the needs and consent of their customers? Fiona Killackey investigates.
This article originally appeared in The Madtech Brief, Marketing‘s second print issue for 2019.
Take a minute to reflect on the last 24 hours of your life. Chances are, like most Australians, you logged on to a variety of websites, checked numerous email accounts and scrolled social media, clicking on the tiles that piqued your interest and perhaps even signing up to a new program or platform to purchase something. As consumers, we are confronted with hundreds of opportunities each day to offer up our data – whether it be an email address, a social media login, bank details, credit card numbers, birth dates, a postal address… even the name of our first pet or primary school!
As marketers, we are creating content and campaigns that require our target audiences to do the same: subscribe for 10% off, refer a friend for free shipping, provide your postcode for a chance to win or fill in this quick survey to increase loyalty rewards. According to a 2017 IBM marketing trends report we create 2.5 quintillion bytes of data every day.
And, while we understand how to generate data, how much do we really know about what happens to our data after it’s created? How much do we know about what’s really happening to the data we request from our consumers?
“Consumers are aware that their data is being used,” says Robinson Roe, CEO of OneTrust, the privacy operating system that can be embedded across a brand to achieve trust, transparency and privacy management. “When they search holidays in Bali and the next thing that happens is that adverts for resorts in Bali appear in their Facebook feed, they know something is happening. They just don’t know how or what… I haven’t met the person yet who has read through every privacy statement, of every website or service they use. And even if they have, it probably won’t increase their level of understanding.”
What’s equally scary, says Roe, is that, “many brands also don’t know what they are collecting or who they are sharing it with. In Australia a brand does not have to gain consent to place cookies on a visitor’s browser. Of the ASX 50, only seven have a cookie banner and most only offer the option to accept all or none.” Using the OneTrust cookie scan, Roe’s team reviewed multiple ASX company websites. “One ASX 50 company provides a list of the 10 cookies they have on its website. Our cookie scan showed it had 173 cookies on its website and most were third-party advertising/targeting cookies. It was not only collecting more data than it thought, it was sharing it with third parties.”
Is knowledge power?
Adam Ferrier, consumer psychologist, brand strategist and founder of creative agency Thinkerbell, agrees that there’s a lot of work brands need to do to understand what data they have and, importantly, how to utilise it. “Everyone is on the data drug at the moment. It seems people are amassing the data more constructively than ever before. However, [knowledge of] how to use the data is still wildly inconsistent. It feels like everyone is trying to give the impression that they have all of their data under control. In reality, few organisations have.” Ferrier’s advice for marketers? “Only ask for the data you know how to use, and then use it.”
It’s this second stage that has many marketers stumped. During a CMO panel at the March 2019 Ad:Tech Sydney conference, leading marketing minds admitted that they don’t always know how to make decisions based on data or even exactly what data they have to utilise. Giving a separate keynote at the same conference, Kshira Saagar, head of analytics and data science at retailer The Iconic, suggested that many leading brands are creating unnecessary challenges with how they source and utilise data by keeping data access restricted within the company.
“Instead of one data team for a company, brands should have a whole company that understands how to source, analyse and make decisions based on data,” Saagar said, also admitting that any member of staff working at The Iconic can access data with simply their email and password.
This idea of broadening data understanding is mirrored by Roe.
“In the 90s when the internet got going, websites were owned by marketing and IT departments provided the technology. Sales were missing. Today when we put up cookie banners that are owned by the privacy, risk or legal officer, IT updates the website and marketing appears to be missing. We are at the embryonic stage of privacy management and it will move out of the privacy/risk/legal officer role much more broadly across the organisation. An early change could be in our use of language. The most common word used to describe advertising cookies to customers is ‘targeting’: ‘Please consent to our brand targeting you.’ Did someone in marketing sign off on this? I hope not!”
“What about ‘personalisation’?” Roe ponders or, as Tom Goodwin, EVP, head of innovation, Zenith USA says, ‘relevancy’.
“‘We are collecting information about your browsing habits so that we only share with you information that we hope is relevant.’ By the way, we don’t add in a way for customers to provide feedback on how relevant it was, that is, allow the customer to share more personal data,” Roe says.
“‘Targeting’ is not a word that is required by any privacy regulation. It just happens to be what we call these cookies. We don’t have to use it with customers, but we do.”
Another step Roe believes that will go some way to closing the gap between brands’ needs and customer trust when it comes to data is what is called ‘dynamic consent’ or ‘experiential consent’.
“Today when a person signs up to a website or service, we hit them with a list of 10-plus things to gain their consent. Or we allow them to consent to everything or nothing. ‘By accepting this you consent to all cookies.’ Instead as we capture data about a person’s activity we can offer dynamic consent. An example is a bank noticing that a person is using the mortgage loan tool and offers to use their last two year’s cashflow history to determine a repayment level. The way this is structured is the bank asks for the customer’s consent first and then does the analysis. The customer feels in control. [It doesn’t] swamp them with pages of privacy statements and lists of consents. We work with our customers to be transparent, show how we respect their personal data and along the way build trust.”
Anyone working in marketing understands the three key stages a customer travels through between brand awareness and brand advocacy: know, like, trust. It’s this last stage that is perhaps the hardest to balance in this new era of data-driven marketing. With global data breaches making regular headlines, it’s little wonder many consumers are hesitant to offer up their data and that marketers are beginning to question how data can be sourced, stored and utilised to drive – rather than kill – customer connection.
“We are at the very early stages of understanding the privacy journey,” says Roe. “You have to build trust. To build trust you have to show people that you respect their personal data. This is what the privacy regulation is trying to force brands to do. Therefore, the stage of ‘compliance’ might be better called ‘privacy respected’… When a customer trusts you to provide value to them in exchange for more data, they will give it. When the equation is to only provide value to the brand, that is to sell you more stuff, it won’t happen.”
On how to achieve this new era of privacy respected, Roe echoes the sentiments of Nielsen: “sunlight is the best disinfectant!”
* * * * *
To purchase a subscription to Marketing magazine, visit the online shop »
* * * * *
- The great G up – next-generation mobile connectivity spells another round of growing pains »
- Slaves to Google and Amazon – what happens when data reliance gets out of hand? »
- The business of social data – are we using it respectfully? »