In the brave new digital world, where data fuels growth for all kinds of businesses, data privacy has become the elephant in the room. Nobody can ignore the importance of data privacy, and some companies like Apple and WhatsApp, have taken steps to make it a key feature of their products with end-to-end encryption. But many still only pay lip service to addressing the larger issues involved.
The seismic shift to enterprise cloud-based solutions owes a large amount of its momentum to the agility and flexibility of the “as-a-service” model. With easy access to CRM data on Salesforce, marketing data on HubSpot, and web analytics on platforms like Piwik — there isn’t much to hate about the many options out there.
The problem ironically for many companies is having too many ready-to-use applications at their disposal. Data, some of it duplicate, is scattered across multiple systems and departments and is difficult to track.
The result is data privacy often takes a back seat to efficiency, speed, and revenue potential. This is especially true in digital advertising and marketing, two areas where leveraging data has become a top priority and privacy concerns are often lost in the shuffle.
Case in point: a mere 2 percent of 500+ IT professionals who took part in a survey commissioned by Blancco Technology Group indicated marketers care most about data privacy. Management and IT departments fared better (though not overwhelmingly), but that may change in the near future. Here are three things driving the future of data privacy that marketers need to be aware of.
1. Data-Privacy Regulation & Compliance
A wave of new and explicit regulations will force companies to take data privacy more seriously.
Companies are faced with the threat of fines and moreover, a growing awareness and concern that if they don’t properly address personal privacy, they’ll lose the most valuable asset ever – consumer trust.
The spectacular fall and imminent bankruptcy of British digital-advertising phenomenon Phorm, whose practices caused general outcry, is just one example of what can happen with a lack of regulation and restraint.
Last December saw a major overhaul in data-privacy legislation in the European Union. The new General Data-Protection Regulation (GDPR) includes provisions for:
- Erasing all personal data at a user’s request, otherwise known as the “right to be forgotten.”
- Notifying authorities of security breaches within 72 hours.
- Requiring a “genuine and free” consent from users for data collection and hard proof of this consent for future compliance audits.
- Fines of €20 million or 4 percent of global revenue, whichever is higher.
The new rules make exceptions for small- and medium-sized businesses, including a waiver on appointing a data-protection officer and reduced responsibility for notifications. They do, however, apply not only to all member states, but also to foreign companies operating within the European Union. This means their range and impact will be truly widespread.
2. Data Leakage: Regulation Out Of Self-Interest
Controlling data is not only important to government bodies and individual users; companies have a vested self-interest in data privacy, and this may turn out to be an impetus for change.
The complex digital-advertising ecosystem runs on massive amounts of data, much of it collected with the help of tracking pixels (or tags) embedded in web pages and applications users interact with.
As brands seek to leverage that data to optimize their advertising and marketing campaigns, there’s concern some of it may “leak out.” This can occur when third parties, surreptitiously fire tags on ad networks or publisher websites, allowing them to rake in user information to their data management platform (DMP) and later take advantage of that data for other purposes.
In response to this serious problem, some publishers and ad networks, most notably Google, have forbidden DMPs from firing tags on publisher sites that use its Display Network, the exception to this being if the DMP is connected to the demand-side platform (DSP) making the transaction.
The other solution for publishers is to avoid selling inventory on open ad exchanges where they have limited control over to whom it is sold. Instead, they should work through private marketplaces or sell directly to brands they trust.
What does this mean for data privacy?
With companies everywhere becoming more dependent on data in order to gain even the slightest edge, they’re more likely than ever to take protective measures, putting them in a better position to guarantee privacy for users.
3. The Data Consolidation Imperative
There’s another reason why the data-privacy situation will likely improve.
As the Blancco survey shows, data generated across different departments of a company very often becomes “siloed.” Sometimes it’s even duplicated. Advertisers don’t like this because it means that often a portion of their targeted ad campaigns are unintentionally shown to the same audience. Data duplication is also why some companies have a hard time complying with “right-to-be-forgotten” legislation.
However, marketers (those to whom data privacy didn’t seem important) are recognizing what a barrier these silos present to their efforts to effectively target customers in a personalized way.
As a result, there’s a greater imperative for merging data, integrating systems including CRM, marketing automation, ecommerce, and greater transparency company-wide. While the main goal of this move may be to improve ROI, its side effect will make data-privacy compliance easier.
Technical Considerations & Implications
Moving toward more effective data control implies certain adjustments in processes as well as changes in the technology itself.
With the need for tracking data across various stages, from gathering to storage to actual usage, it becomes essential for companies to set up their systems with this data lifecycle in mind. This includes identifying what data may be shared with third parties and when, as well as what measures need to be taken in order to account for its usage and eventual deletion.
One solution that companies are considering is building a private or hybrid cloud system to host their applications. In the past, this approach seemed to have too many disadvantages; however, new innovations like Docker for hosting apps and pushing updates have made it more feasible.
As mentioned above, the desire for more efficient exploitation is leading companies to merge data sets and make them more accessible using data management systems. This should help in the process of creating lifecycle roadmaps. It will, however, require careful planning in the area of permissions (i.e., who has access to what) and alerts to identify possible data breaches so they can be reported and fixed quickly.
All things considered, the issue of online data privacy is not likely to fade any time soon. As a result, companies (and specifically digital advertisers and marketers) need to take a hard look at their policies and practices and make provisions for future changes, keeping in mind their new solutions should be developed with security as a top priority.