For those who thought privacy might recede as an issue with the new pact hammered out between the US and the EU, recent news from Europe signaled something of a setback.
Privacy regulators among EU member states say they want stricter rules than those contained in the EU–US Privacy Shield, the agreement intended to allow data transfers between US and EU companies. That raises the specter of future legal challenges at the country level.
Given the uncertainty with swift global changes in privacy requirements, how should brands respond? Let me suggest that the work begins at “home.”
To anticipate change, brands must start by getting control over their own customer data. And that’s not as easy as it might seem, given the complexity of the modern martech stack, the need to share data over a growing number of technologies and the ever-present threat of data leakage.
Risks and rewards
Let’s start with complexity. While the EU battle has captured the headlines, over 90 countries currently have enacted privacy rules intended to protect the personal information of online users. That’s a staggering number given that each jurisdiction has its own spin on privacy protection.
Forrester analyst and privacy expert Fatemeh Khatibloo put it this way in a recent webinar co-hosted by Forrester and Ensighten (my employer), titled, “The Privacy Apocalypse: Can Data-driven Marketing Survive?”:
The reality is there’s going to be winners and losers… Privacy is… a risk when it comes to things like compliance and avoiding PR nightmares, but it’s also a great opportunity to deepen the relationship with your customers.
Indeed, privacy and personalization are two sides of a single coin. Both need to be integrated into your marketing strategy and foundational marketing capabilities.
And it must start with understanding how to manage and prevent leakage of vital consumer data generated by technologies that marketers now routinely use to enable marketing initiatives, deliver relevant content and offers and analyze results.
Data sharing & leakage: The hidden issue
Brands customarily share data with their partners and technology vendors to enable marketing initiatives. Think about all the technologies routinely in use — from analytics and personalization to digital advertising — with vendors typically keeping copies of data.
Data sharing and leakage can expose the brand and the consumer to greater privacy risk. The question is how to leverage and share data in marketing initiatives without violating consumer trust, cross-border regulation, your own company’s privacy policies or common sense.
Consider an example. To assess issues involved with monitoring and enforcing privacy rules, we scanned 5,000 pages of a major brand’s website. The brand, a major technology provider, uses a single domain for multiple business units and has a single privacy compliance department to manage all tags.
By looking solely at first-party tags, we identified 98 unique technologies added to the brand’s web domain — all of which require a privacy compliance officer and team to review and maintain varying consent options for users.
In addition, other technologies leverage fourth- and fifth-party tags, which are deployed by already-existing tags on the website in a process called piggy-backing. Because these tags are added to websites by a vendor, not the brand, you may not know if they comply with privacy policy.
In the case of this tech company, fourth- and fifth-party tags added 16 more technologies falling outside the sphere of the privacy enforcement team and its privacy tool.
You see the challenge. I admit not all websites have this level of complexity. But the underlying issues relating to data generated and shared across martech vendors, data leakage and enforcing consumer privacy protections are almost universal.
The first and last mile
An enterprise tag management system serves as both the first and last mile of digital interactions. It’s therefore the place of greatest leverage in managing privacy constraints. (Disclosure: I work for a company that develops tag management solutions for large enterprises.)
Enterprise tag management gives marketing a way to collect data across all channels and devices and share that data across the martech stack. It should also enable the enterprise to “own” privacy with three capabilities:
• Audit. The first step is to assess your current situation. How are you sharing data with partners globally?
You need to audit your current situation to understand where you’re at risk. That requires a complete inventory of tags, the ones deployed by the brand and the fourth- and fifth-party tags, which may be attempting to siphon off data into other technologies.
• Monitor. You need a way to stay on top of change with activity monitoring. You may launch new initiatives each week, sign up new vendors or bring in partners. Privacy regulation or policy may change.
Monitoring delivers alert sequences for privacy compliance based on policy and what you’re targeting, allowing quick remedies where needed.
• Enforce. The third and most critical piece is enforcement. A privacy solution needs to be customized contextually to different geographies, users and interactions.
When a tag is found on a customer’s website, it should be automatically reviewed for privacy compliance. You can additionally whitelist or blacklist tags and technologies across all digital touch points, automatically firing or blocking the tag and the data it collects based on the privacy policy.
It’s all about giving consumers control over their personal data, encouraging their trust, and improving the user experience. That’s the challenge and opportunity — and the way that marketing teams can truly translate privacy risk into a competitive advantage.
Comments