Marketing Roadmaps

GDPR

Data privacy. A competitive advantage?

by

I have always been interested in the intersection of public policy, business outcomes and consumer interest. While I didn’t set out to weave this interest into my career, I largely have worked at the leading (and sometimes bleeding) edge of the Internet, digital and social media, so it sort of worked out that way. Internet safety, personal privacy, email regulation, HIPAA, FTC endorsement guidelines, FDA advertising regulations, net neutrality.

And now data privacy. From GDPR and the California Privacy Law to the European e-privacy directive, I have been deeply interested in both the challenges and opportunities of data privacy. I wrote some posts on the topic last spring as the GDPR deadline approached in May 2018. Short version: as consumers care more and more about data privacy, innovation incorporating best practices for privacy could become a significant competitive advantage.

As the conversation swirled around the new rules and their impact, I then collaborated with my colleagues in the Marketing & Communications Research Center of The Conference Board, where I am a Senior Fellow, to field a research project to explore executive attitudes toward privacy, innovation and regulation as a indicator of how businesses might respond as stricter laws such as California and the e-privacy directive (which impacts use of cookies) take effect. We don’t have a crystal ball, and can’t truly assess the impact of future events, but we can gain a better understanding of how people think and how those opinions might impact their decision-making.

The research paper, authored by me, Innovate or Hunker Down: What Executives Think about Data Privacy, Security, and Regulation, was published last week and is available for free download from The Conference Board .

Topline

  • Organizations value data privacy and security, in no small part because consumers increasingly value them.
  • Compliance is part of company marketing messaging; however, few companies are deploying innovation around regulatory needs as a competitive advantage.
  • Attitudes shared in this survey offer evidence that corporate responses may shift to place higher value on innovation, but the driving force will most likely be consumer expectations, rather than a proactive response in anticipation of consumer demands.

We have some examples in the paper, but if you have case studies or anecdotes, either of companies that have successfully innovated in the face of regulation or that have eliminated products or services in the face of compliance challenges, please drop me a note at sgetgood@getgood.com.

On Personalization and Targeting

by

There is no question that the digital media industry has been disrupted by the Global Data Privacy Regulation (GDPR). It’s been at the top of advertising news for weeks, and while the volume of articles may decline, the impact of the law has just begun.

I used to say that consumers like ad targeting, because it ensures that we see ads that match our preferences, but I now have a more nuanced view. It’s not targeting that meets with our approval. No one likes being stalked by the slipper ad simply because we clicked it once on Facebook. Ad targeting relies too much on assumptions about past behaviors based on lookalikes and other data matching. It’s close, but very often, not. quite. right.

What we really want is personalization. To be addressed by our (correct) name when appropriate. To be presented with products that match our age, stage, and personal preferences. To be offered content (and ads) relevant to our interests.

First party data drives personalization, which is far more powerful than targeting.

Personalization is going to a store where the clerk greets you by name, asks if there is something special you want, and then offers solutions based on your answers. Targeting is the clerk stalking you through the store, thrusting products in your face based on an assessment of your “profile.”

I’ve written quite a bit about the opportunity we have to reforge better, consent-based relationships with customers in which we offer real, sustaining value for the privilege of using their personal data. Here are some ideas on what we might do.

Don’t ask users for too much or unnecessary information. Only ask for what you need to deliver value back to them. We’ve gotten so used to collecting everything under the sun, “just in case” and for targeting later marketing efforts, regardless of whether it makes sense or we have a specific use for the data. For example, buying a concert ticket. Certainly we need credit card information and the billing address to verify it. But we don’t need annual income or gender or marital status to deliver a concert ticket. We ask those questions out of habit, so the data set is complete.

GDPR requires that we inform users how we will use the data, but I recommend we do a better job than a blanket “for business purposes.” Have a reason that adds value for the consumer, especially for asks that go beyond those needed for the transaction. For example, your event is planning special activities for families with children, but to staff them appropriately, you’d like to know ages of the children attending. It’s reasonable to ask for this information during registration.

Encourage loyalty and repeat visits to your content by using the data your customers do share with you to personalize the experience. This could be as simple as customizing their “ front page” into your site with content that matches their preferences to explicitly making recommendations for products and services. Pinterest and Flipboard are examples of content platforms whose business model is built on the simple concept of consumers driving personalization by sharing their preferences to create their own contextual experience. Both have had their challenges in recent years, with the hyper-focus on third-party data, programmatic and targeting, but both will now be increasingly relevant, as brands and publishers alike start thinking about contextual distribution as an effective alternative.

Engage your community. Include the customers in the content with active experiences, not just passive viewing. Be useful and entertaining. Interactive content. Reviews. Community forums. Online focus groups and surveys. Free tools and widgets that make their lives easier. Cool stuff. Real-life events too. Remember — the reason social media works is that it is social. The media is just the vehicle for the human connection we crave. With each other and with the brands we love. The more personal the consumer’s experience is with your brand, the more you build mutual trust and utility with your content (and yes, your marketing,) the more likely your customer is to share the personal data that will improve the experience. For example, a consumer might not want to share age or income with a news or lifestyle site, but have no problem sharing it with a financial site in exchange for using a college planning tool.

Speaking of social media, use it to foster connections, distribute content and promote your brand, but do not put all your eggs in a basket owned by another. Build your audience and your customer relationships on your owned properties.

There’s going to be a lot of noise and confusion around GDPR and its impact for some time to come. I’ve already heard the expected arguments that regulation stifles innovation. While there is some merit to the argument, regulation also offers an opportunity to be innovative. To find ways to solve business problems while respecting the social good — in this case personal privacy — that the law was created to protect.

Compliance with privacy laws has costs. Simply having best practices about privacy absent regulation, which some companies like Apple already do, has costs. But the opportunity for deep, sustained customer relationships is far greater. That’s where marketers should be placing their attention.

Glass half full.

Not sure how to get started? I’d love to help you engage your customers, build loyalty and drive results for your brand with an innovative digital strategy and content ecosystem. Even better, the first hour is free. Email sgetgood@getgood.com to book your free consultation. I’ll give you some thought starters during our conversation, and we can go from there.

GDPR 101: Focus on your Customer

by

GDPR, the EU’s Global Data Privacy Regulation, took effect at midnight Brussels time today.

In its Winners & Losers article, which I encourage you to read in full, Digiday comments  “Bluntly speaking, any business that doesn’t have a direct relationship with users is in for a difficult time,” and goes on to note subscription-focused publishers as one of the GDPR “winners.”

My 2 cents: Moving forward, every publisher, every brand needs to think like a subscription-focused business.

The game is no longer JUST about acquisition or impressions at scale. Audience targeting is about to undergo a major sea change as available inventory shrinks and costs to produce it increase.

Customer loyalty and customer permission are the long-term keys to success in a post-GDPR world. To get and keep them, we need to deliver a stellar experience for customers. This means:

  • building a well-loved, well-known brand;
  • creating excellent, well-organized content ecosystems that incorporate all the touchpoints consumers have with our brands;
  • delivering a quality personalized environment for customers/readers/viewers;
  • leveraging customers’ passion for the brand or content by engaging them in the content. Influencer marketing for sure, but also community forums, face-to-face events, private chats.

Remember: consumers like it when content and experiences are tailored to them. Even ads. But they need to be truly tailored to their preferences. No one likes to be stalked by shoe ads just because they looked at the shoes once and their income level matches the advertiser target.

A final note: GDPR is often compared to Y2K in terms of the scope of effort required to comply, and on some levels, this is true. However, Y2K did have an end point. Either your systems fell apart on January 1, 2000 or shortly thereafter, or they didn’t. GDPR on the other hand is far from over. This is just the beginning of a new media environment.

Fasten your seatbelts.

Email box filling up with updated privacy notices? Thank the GDPR.

by

Wondering why your email box is filled to the brim with companies asking you to opt-in to their new privacy policy or renew your subscription to their newsletter? It’s all due to Europe’s General Data Privacy Regulation (GDPR) which goes into effect next Friday May 25th.

Recently, I’ve been writing a great deal about GDPR and the impact it will have on the digital marketing ecosystem. Worldwide, not just in Europe. Beyond the required compliance, I see it as an opportunity for brands to build stronger relationships with their customers (and make more money!) by creating offerings and policies that respect privacy and offer the consumer real value in exchange for use of personal data.

But none of this will happen overnight. For the most part, advertisers, publishers and ad tech companies are in a mad scramble to comply with the law by the deadline of May 25th, or at least show good faith efforts. Points for trying and all.

Here a short primer on how the GDPR deadline impacts consumers.

Overflowing email boxes

The most visible immediate impact for the consumer is all those emails with opt-ins and links to privacy policies. GDPR requires companies to obtain consent for use of the personal data of EU citizens, but for practical purposes, most companies are executing their plans worldwide. Consent is required down to the specific uses, and brands must provide mechanisms for consumers to manage or withdraw their consent. This is an oversimplification but it will do for today’s purpose.

Most privacy policies were written much too broadly to be acceptable under GDPR. Even if they specified the uses the company would make of the data, they didn’t offer a mechanism to withdraw consent. And many more issues beyond that simple one, from sites that didn’t really offer “true consent” in that “free” functionality was contingent upon the submission of private data, to collection of data that wasn’t really necessary for the business purpose at hand, but helped the collector understand more about its customers for future targeting. For example, if you are buying a ticket for an event open to the general public, does the organizer need to know your gender or income to process the transaction? No. That information is used for marketing and audience targeting. Under GDPR, the event organizer has to provide much more information about, and justification for, the personal data they are collecting and potentially sharing onward with other partners, and give you a mechanism for managing that consent.

You will probably get an email from every site and every email newsletter you ever registered with, even ones that you long ago forgot. And if they DO share or sell your data, they are looking for an opt-in to the new policy, so that can claim they have your consent. In the long run, I don’t expect that’s going to be sufficient consent for the regulators, but it is why you are being asked to “renew” your subscription. Even though it may damage their subscription numbers in the short term, it is a whole lot easier to scrub the list and move forward with consumers who’ve consented than to keep people on for whom they have no audit trail, of any kind. That’s also why multi-nationals and companies conducting international e-commerce are generally applying the same policies across the board. It makes no sense to have double overhead by having one system for the EU and another for the rest of the world. Especially since other nations may follow suit with similar privacy laws and matching IP addresses to physical locations is far from foolproof.

What exactly are you giving permission for?

From a casual reading of my own emails, companies are keeping these communications pretty simple. They outline the uses they make of your data, and provide guidance on how you can manage consent. The thing you need to watch out for is whether they share or sell your data to other parties, and how you can manage consent once they have shared your data on. Companies are required to have a mechanism to manage this, and quite frankly, my take is that many haven’t gotten very far along with this part of the complex GDPR compliance process because it requires cooperation among multiple partners in the technology chain. And that has been slow in coming, even though the deadline has been known for a long time.

Generally speaking though, in my opinion, the more specific the policy is, the better off you are, even if it seems like a PITA to read all these policies. The thing I would be most wary of is when the site/firm uses “legitimate business interests” as a general reason for sharing your personal data with a third party. That’s a handwave that won’t pass muster. Especially if they haven’t produced a consent mechanism.

You should also expect more detailed sign-up forms going forward, both when you are signing up for access to content and subscribing to newsletters.

Some advertising terms that will help you better understand this privacy debate.

First-party data — That’s the data that you share directly with the website you are visiting. It can be personal data that you share or anonymous data that the site collects as a result of your use of the site. Privacy regulations are most concerned with personal data that can be used to identify or target you, and how companies will protect it and your rights to your own data. The opportunity for brands inherent in GDPR is to build a stronger relationship with you so you have incentive to share personal data with them — to make products better, to get more relevant advertisers, and so on.

Second-party data — This is not used that frequently. It refers to when a site shares/sells first-party data about you with a second-party, who then uses that data to contact or market to you. For example, a conference shares its registration list with its sponsors, who then contact you directly with offers. The conference (the first party) is obligated to get your permission to share your data with the second party, but the data is typically used as is, not combined with other information to create super-sets of data.

Third-party data — This is where all the action is with regard to GDPR compliance. The basic issue is that the digital advertising ecosystem relies on a variety of technologies to target and deliver ads to consumers, using data aggregated from multiple sources to create new “super-sets,” which identify consumers even more discretely than the original data sources. As a vastly oversimplified example, we combine the data from a media website with data from a luxury goods company to target ads to site visitors based on their past purchases of luxury goods. The basic concept is sound; it helps advertisers deliver ads to the people most likely to be interested in the products, BUT it also introduces a privacy issue. If I am the consumer, I did not give my information to the luxury goods company to facilitate delivery of ads on a media website. I intended to buy a product. There was probably a blanket consent within the transaction to the advertising use, but it most likely doesn’t pass the GDPR sniff test.

Right now, a lot of very smart people in the ad tech world are working to figure out how to manage consent for third party data. It’s tough, because it isn’t simply about the initial consent; the consumer has the right to withdraw that consent at any time, and then all the partners in the chain have to remove the data. In my opinion, it is worth solving but it will increase advertising rates for this premium targeting. As it should. There will be a whole lot of infrastructure to manage the consent as well as a burden on the first-party who collects the data initially to market the downstream use to its customers.

Consumers won’t “see” the impact of GDPR on advertising delivery. Behind the curtain, though there is a lot going on. Ad tech innovation to manage consent but also, I believe a return to more reliance on first-party data and contextual targeting, showing ads based on the surrounding content, not presumed consumer behaviors.

I’ll be participating in a Conference Board webcast next Wednesday May 23rd at 11am ET to talk about GDPR and its impact on the digital economy. It’s free, so if you’re inclined to know more, please join us.

Digital media predictions for a post-GDPR world

by

Last week, a business acquaintance made a ballsy prediction on LinkedIn for which he took a fair amount of flak. Posting a comment, I noted that his essential point was not that much of a stretch. Of course, there were nuances to the argument, but a long statement with a bunch of caveats wouldn’t be nearly as interesting or thought-provoking. Predictions have to push at the edges or people won’t pay attention. So, I figured it was time to step onto the ledge and make some predictions about the future of digital advertising. I’d love to hear what you think, agree or disagree.

1. In a post-GDPR world, targeted advertising is going to become more expensive. Not immediately. There is still a lot of confusion (some real, some manufactured) about what is required.  In the end, though, the increased costs of delivering compliant targeted audiences combined with a decrease in available inventory as consumers retract or refuse permission, will increase ad rates to premium, not programmatic, rates. I’ve been arguing this for a while and the pundits are finally admitting it. 

2. Context will be queen again. In order to reach the right audience, we will turn to content-centric, community-centric marketing tactics. In part because they ARE more effective in converting customers, but mostly because the cost differential between them and targeted/programmatic advertising won’t be so great. It will be just that much easier to take the leap of faith to try these tactics, which are still working out their success metrics (more about that in a bit.)

This is the opportunity for niche publishers and brands to create content for their micro-audiences that both provides the necessary context for ads and sponsored content and creates a relationship and value exchange in which the consumer is more likely to give permission for the specific use of personal data. As an example, Pepper & Wits, a new content site for women 45+ who are navigating menopause is owned by P&G; we certainly should expect sponsored content and other brand outreach but the primary purpose is to offer value to the consumer and targeted context, not targeted ads.

3. “If you aren’t paying, you’re the product” is a cliché whose days are numbered. Consumers will start to care about privacy. It has been a LONG time coming, but I truly believe that consumers are finally understanding the true cost of free digital services/platforms, and are going to want real value in exchange for the right to use their personal data. “Legitimate business interest” is not going to be sufficient to use a person’s data without permission. Publishers and brands who are offering great content and building relationships with consumers will have a far better chance of obtaining (and retaining) permission.

4. Things are about to get more competitive. Facebook and Google are vulnerable in this new advertising economy. They aren’t in danger by any means, but their models are based on scale, not relationships. They have no friends, just users. This opens up a sliver of opportunity for niche content publishers to create better experiences for consumers and pick off a little wedge of the pie. The duopoly will still get (more than) its fair share, but they will be handicapped in delivering their biggest strength, targeted audiences at scale, so the little guys can dart in and nab their share in areas where Facebook and Google cannot play effectively, content and community. Niche publishers, bloggers, even brands who can make the long haul investment. And Amazon. Amazon already does a better job of community than either Facebook or Google, is nipping at their heels and has a distinct e-commerce advantage. I also predict Reddit will make a strong play for the “community ad dollar.”

5. All of this will drive innovation. Certainly, in ad tech to manage consent, but that’s just the tip of the iceberg. Folks are already working on challenges like better measurement and attribution models that assign value properly and proportionally to all the players in the value chain, not just the last click. This is crucial for branded content, video, social media and influencer marketing.

Community is also getting some attention. Two start-ups doing interesting things to connect brands with consumers: Social Data Collective and Suzy. Suzy (AskSuzy.com) is the evolution of social media and influencer business Crowdtap. It helps advertisers make and manage meaningful connections with customers by offering them access to its super panel of consumers. Social Data Collective has a slightly different approach; it asks consumers to share personal data with the brands they love in exchange for products/services.

But I think even more interesting things are on the horizon. For example, aggregators of consumer information that validate consumer audiences and can compare them across properties, including blogs and YouTube and all the other places that community will form, not just sites big enough to register on comScore. Audience data all the way down the long tail to validate that the context IS delivering the right audience. This “data hole” has been the bête noire of the influencer marketing business, but there wasn’t a strong enough incentive to solve it, when advertisers could just buy targeted audiences cheaply. To sell content and community as the right context, you need the metrics to prove that you’ve got the goods. It’s coming. I am certain. And it won’t need PII (personally identifiable information) to do it.

We also need tools to give consumers control over their privacy across platforms and processors. Right now, if you think someone has compromised your private data or is using it without permission, good luck tracking it down. Blockchain is the best bet for creating this privacy audit trail. Someone is certainly working on this already. In fact, if you know who, I’d love to chat with them!!!

So there you have it. My predictions for the digital media industry. If you need me, I’ll just be out here teetering on the ledge.

P.S. If you want to check out the prediction of my business acquaintance, you can find it on LinkedIn.