Jen is thrilled. Her favorite retailer just premiered a new app that will make her online shopping easier and faster. She breezes through creating her account and absentmindedly clicks ‘I agree’ to the company’s terms of service. This is a common phenomenon that few consumers or marketers consider. However, the face of consumer privacy is quickly changing as governments roll out mandatory data protections.
Marketing leaders are not only responsible for the content their team sends, but also how they collect and store audience data. With government regulators taking aim at giants like Facebook and Google, marketers need to brace themselves for huge changes to privacy and data regulations.
Let’s take a look at two major data policies that have implications for your marketing team.
What is GDPR?
GDPR is the General Data Protection Regulation. Released in 2018, this act updated the European Union’s previous data privacy regulations from 1995. GDPR standardizes data protection in all 28 EU countries with strict guidelines on how companies can use and store PII, or personally identifiable information.
At first glance, it seems like these regulations have little to do with a marketing agency in, say, Wyoming. But if your site or products are accessible to users in the EU, you’re subject to the GDPR’s rules. GDPR governs the collection, storing, and use of EU citizens’ data, even if the data isn’t stored by companies in the EU.
This regulation has become the worldwide standard for data privacy. There’s always the option to disallow traffic to your site from the EU. However, the rest of the world is following the GDPR’s lead and following suit with their own regulations. You might be able to opt out of the GDPR, but it’s a best practice to comply with it now, so you’re in compliance when local laws inevitably come to your area.
As a leader, you have to know general GDPR regulations to keep your team compliant. Failure to follow GDPR guidelines can result in maximum fines up to 20 million euros.
The GDPR rollout has had far-reaching implications for how data is used worldwide. Of course, it was only a matter of time before America followed the EU and created its own version of GDPR.
What is The California Consumer Privacy Act of 2018?
California hurriedly passed its own digital privacy law in 2018. The California Consumer Privacy Act (CCPA), which will be effective starting in 2020, allows consumers to take control of their data. They have the legal right to know what information companies store about them, why the data is collected, and how the data is shared.
Under CCPA, Californians have the right to:
Delete their data: Yes, consumers can demand you delete their data. They can also tell you that you can’t share or sell their data. This has far-reaching implications as companies like Facebook and Google will be required to totally delete a consumer’s data.
Opt out without losing access: You can’t treat customers who have opted out differently than those who opt in. This includes giving opt in customers more access to freebies or discounts than customers who have opted out.
Expanded protections for minors: Protections for minors were also expanded, clarifying that anyone under age 16 can’t have their information shared without their parent’s explicit opt-in.
Sue for data breaches: This is the kicker. If your company violates CCPA, consumers have the right to sue for up to $7,500 per breach. That doesn’t sound so bad at first, but consider the size of your data lists. If you have one breach per customer on a list of 100,000 people, you’re in big trouble.
Again, maybe you’re tempted to block traffic from California to bypass this law. This is the most populous state in the U.S. and it’s likely to cause a domino effect of privacy laws in other US states. If you aren’t in California, it’s only a matter of time before you must comply. The best thing to do is for your company to comply with the law well before it’s in effect.
What does that mean for advertisers within the US?
While you may be able to skirt the rules of GDPR or CCPA based on geography, you won’t be able to for much longer. It’s very likely that the US will have some form of GDPR in the next five years. As a marketing leader, it’s your job to adapt now, because privacy regulations aren’t going away.
CCPA and GDPR have marketers shaking in their boots. But are they really the big boogeymen that we’re making them to be?
Of course not! These regulations are intended to safeguard consumer data. And, since we’re all consumers, this benefits everyone.
The best thing you can do is to understand your customers’ data. How is your department or agency collecting this information? Is it stored securely and in alignment with privacy laws? Don’t trust that your team is managing the process; keep one finger on the pulse of your data practices at all times. But what if your data practices aren’t up to snuff? The good news is that you have time to adjust before these regulations go into effect.
In addition to overhauling your processes, look into something known as the “Spotify exemption.” This allows your company to offer different rates based on the information your users provide. This lets you offer free product in exchange for advertising to consumers.
CCPA was hastily introduced to avoid a ballot initiative in California. Even then, marketers have the ability to get involved with California lawmakers. Yes, you have the ability to influence the final legislation.
The bottom line
GDPR and CCPA aren’t going to destroy display advertising. They’re simply giving a long-overdue facelift to the Wild West of internet data practices. As a leader, it’s your responsibility to market your brand while keeping your company compliant. Stay abreast of data regulations for smooth sailing.