Marketers take note, in the last 20 years, no changes to data and privacy rules have been more significant than the EU’s General Data Protection Regulation (GDPR), set to go into effect in May 2018. What’s important about GDPR is that it asserts that the personal data of EU citizens is private property owned by the individual citizen. Here’s a short summary from Shift Communications’ website (or see the longer text from the EU website).
- Right to be forgotten: EU citizens may request to be forgotten by any entity; for example, an EU citizen could request that Google delete any data it has about them.
- Right to access: EU citizens may request any and all data that a company has stored about them, free of charge.
- Privacy by design: Rather than be an add-on, companies are expected to design their systems for privacy from the ground up. This also includes collecting the minimum required data needed to conduct business operations.
- Data portability: EU citizens will have the right to request data about themselves in a common, machine-readable format and be able to give that data to a different company if they so choose.
- Strengthened consent: Companies doing business with EU citizens will be required to vastly simplify consent requests – no more pages of unintelligible user licenses or tricks designed to mislead consumers into clicking/giving up their personal data.
Perhaps more significant to marketers is the ePrivacy Regulations, which build on the definitions of privacy and data that were introduced within the GDPR, and act to clarify and enhance them. In particular, the areas of unsolicited marketing, cookies and confidentiality are covered in a more specific context.
Together, these regulations will make it more difficult for online marketers and media in the EU to collect personal information about users without their consent, or as Bob Hoffman more honestly says, “It will make it hard for them to track us all over the web and collect, exploit, and sell the information they are harvesting without our explicit consent or knowledge.”
Brands that collect and use data on a smaller scale are less likely to be impacted. In some cases where data is out of compliance, re-opting in their existing marketing lists and updating landing page registration forms may be required. But for the most part, brands will have little problem using their own data and their own domains. In a legal analysis from a firm hired by Digital Context Next, they offer, “Companies that create trusted, premium digital experiences, enjoy direct relationships with consumers and do not rely on tracking consumers at such a large scale may find new leverage and opportunities in the marketplace.”
It’s Google and Facebook who will be hit the hardest. And like any food chain (or perhaps a better thing to say would be ‘gravy train’) the impact cascades out to media agencies and some brands, who are mounting major lobbying efforts to prevent many of the changes from coming into effect. In an open letter to members of the EU parliament, a consortium of advertising, marketing and media companies concluded with this fallacy, “ePrivacy Regulation threatens the data-driven advertising business model of European press publishers and other online media and services.”
Isn’t all advertising data-driven?
If anything, the objections from these companies attest to the fact that much of the online advertising industry has prospered by adapting and evolving increasingly sophisticated and ethically questionable tracking and surveillance practices.
There seems to be trend happening in the world right now around the idea of reckoning. Two weeks ago here on Branding Strategy Insider, I offered the idea that “there is an ‘upside down’ for everything.” It’s getting more difficult to hide activities, practices and behaviors that are problematic. The online advertising industry has reached a point where a reckoning is needed.
Nobody doubts the potential for rich data to positively impact all aspects of society. But if governments were collecting and using the level of information held by Google and Facebook (they likely already have access), we’d be in an uproar with cries of tyranny and legitimate concerns about secret police. It seems that European policy makers have remembered their history by acknowledging the growing risk and doing something about it.
Becoming GDPR compliant is probably a good idea for every brand, even if you don’t interact with EU citizens. But more importantly, a renewed importance for brands to be transparent with customers about what’s being collected, and how it’s being used will be important to continue to win trust. And not the empty talk of transparency from Facebook, Google, IAB, 4As, and others.
It’s likely the manner in which online advertising operates today is going to have some significant and fundamental change. The transition will be bumpy for some, so it’s important to think ahead. An extreme exercise for brand marketers to consider might be to ask their teams an important question: “If we couldn’t use online as a direct response medium for marketing, what would we do, and how would we get the customer information we need?”
Bob Hoffman really says it right when he concludes, “The online advertising industry does not need to spy on us in order to thrive. Every other advertising medium has done quite well, thank you, without trampling on democratic principles of privacy and security. Tracking, surveillance marketing, and the current model of ad tech are affronts to the values of free societies. The ePrivacy Regulation is a sound and reasonable reaction to our industry’s inability to exercise a mature degree of restraint or self-control.”
The Blake Project Can Help: Disruptive Brand Strategy Workshop
Branding Strategy Insider is a service of The Blake Project: A strategic brand consultancy specializing in Brand Research, Brand Strategy, Brand Licensing and Brand Education
