How to Respect Data Privacy in Digital Marketing

Digital marketing revolves around data. Learn the best practices in handling user data and what digital marketing would look like without it.

If we had to say for sure who started “the Great Data Privacy Panic,” it actually comes down to this guy: Edward Snowden.

Edward Snowden made a big publicity splash in 2013 when he attracted considerable attention to US government surveillance. The Millennial generation, which had been reasonably content up until then, exploded in frenzy. They idolized Snowden and hung on his every word.

It turns out later that not much of what Snowden had to say was “news”: government surveillance was such an old concern that one of the first editing programs, Emacs (MIT AI lab, circa the 1970s), had a mode called “spook” which inserted random anarcho-babble into the text to throw off NSA monitors reading private email.

But government surveillance was news to the Millennials. “Who else is snooping?” they asked. Why, big business, of course! “Gasp, so everyone is snooping my data!” they cried. This was the generation which had just responded to the dawning awareness of the existence of corporations with #occupywallstreet.

So copies of George Orwell’s Nineteen Eighty-Four began to fly off the shelves.

And that’s how alternative web browsers like DuckDuckGo rose to popularity. With the motto of “privacy, simplified,” DuckDuckGo sends your query anonymously through standard search engines and then serves the results stripped of data-mining functions. Meanwhile, web browsers added incognito mode, which eventually became a feature even in Google Chrome. As for social networks, they have an alternative with MeWe, a privacy-respecting social network.

This leaves the only logical last step, blocking the mind-reading rays:

So we’re being sarcastic. It’s healthy for us to get it out of our system before we talk about ethical marketing.

The Current Panic About Data Privacy Is a Bit Overblown

Let’s keep in mind the end purpose for why we bother with customer, visitor, and lead data to begin with: to serve people more targeted ads. We will objectively examine how to effectively market in a less intrusive manner anyway, but first, we have to ask this.

Is it really so terrible to serve targeted advertising? If you know you’re going to see an ad anyway, would you rather it be for something with no relevance to you, or something you might actually be interested in some time? We’re marketers, we see marketing in action, our data is out there being masticated and digested by algorithms just like everyone else’s, and we’re fine with that.

Furthermore, data collection for marketing purposes is nothing new. Before the Internet was even popular, anybody who did any of the following things had their data collected for marketing purposes:

Subscribed to a magazine
Entered a contest
Joined a BMG music CD club
Sent away product labels, cereal box tops, or bottle caps for some incentive
Collected blue chip stamps
Applied for a store rewards or loyalty card
Clipped and used coupons
Mailed in a rebate form

If you did any of these things throughout the 20^th century, your mailbox would mysteriously start filling up with more commercial junk mail, and perhaps your phone would start ringing with sales calls. We get paranoid now about Facebook using our email address. In the 1970s, we broadcast our physical home addresses to the world and thought nothing of it. Do your worst, Madison Avenue!

Our point here is that there’s mass hysteria about data usage in digital marketing, the way there’s a mass panic over every media innovation in history. We can accommodate it because “the customer is always right.” But let’s also be ready for the customer to change their mind as soon as this panic blows over. We will show you how to help that process along.

A grain of salt, prescribed.

Recent Laws and Attitudes About Data Privacy

Major web platforms have to operate internationally, so they have to abide by the laws of every country where they do business. The European Union’s General Data Protection Regulation was a major regulation that forces websites to be more transparent with their data handling practices. Passed in 2018, this meant everything went on as before, but everyone got an increase in “changes to our privacy policy” notifications.

Other recent actions include:

California Online Privacy Protection Act (2003, amended 2013): Requires websites to include a privacy policy.
California Consumer Privacy Act (2018): Much broader legislation giving consumers full rights over their data and information about how it is used.
Canada’s Personal Information Protection and Electronic Documents Act (2000, amended 2015): Governs how companies collect, use, and disclose consumer information.
The iRights Framework: A British coalition publishing guidelines for young people’s data privacy, adopted by the UN.
Politician Andrew Yang is stumping for a beefed-up California data privacy campaign.
The Office of the Australian Information Commission has a new report out on targeting ads and collecting or combining data without consent.

In potentially related news, a new US antitrust action has been filed targeting Google. The words “data privacy” haven’t been mentioned yet, but they might come up. Google currently stands before the counts that (1) it makes Google Search the default search on its own Android operating system, and (2) that Google’s contracts with Apple, Samsung, and company, to make Google the default search browser on their devices too.

Since Google’s search service is free, the payoff is of course to its marketing functions. Microsoft had a similar scuffle about bundling Internet Explorer a couple of decades back. They lost. If that’s a precedent, Google will lose and may have to change some practices.

Here’s where we are so far: not a single law has been passed against using customers’ data in marketing. The only regulations that have been passed are those requiring transparency (which most of us were doing anyway), and a few points where we have to make sure the data collection is consensual (a more than reasonable allowance). Let’s be sure we comply, and then we can go on as before.

Best Practices In Handling User Data

Before we talk about anything else, your business should comply with existing digital rights laws. None of them are really difficult to practice. Since the Internet is international, we have to treat this as a global consensus of general regulations. By reassuring the user that they are in control, you head off the concerns about data privacy usage.

Your website should post a privacy policy.

Privacy policies, like end-user license agreements, tend to be legal boilerplate that almost nobody reads. You should show a policy regardless of what data you deliberately collect, because even your website software collects some data about visitors, such as IP addresses, user location, and web browser. If your website hosts ads or uses digital marketing in pretty much any form, that’s even more data collected. This happens regardless of whether you look at that data or not.

You should be transparent about your data usage.

“Full disclosure” is your standard. You should specify what data you collect, how you use this data, whether you share this data with a third party, and the steps users can take to revoke their permission to use their data. This last part is especially effective in consumer relations. By allowing users to “opt out” of your data use policy, you give them the reigns of control. People want that control, even if they never exercise it.

You should use disclaimers and opt-ins for deliberate data collection.

You’ve seen two common forms of opt-in notifications already. Websites that put a cookie consent notice at the bottom of a web page, which everybody clicks once to dismiss.

The other is the email newsletter / subscription grabber, that pop-up box that now appears in front of so many websites. Most users dismiss these, too, but some sign up when they’re interested.

In collecting user sign-ups for your email marketing, your policy should clearly state that you might use that data for marketing purposes. Such as Facebook targeting.

Finally, you should be responsible when handling user data.

Data collection becomes much uglier when there’s a security leak! Facebook accidentally shared inactive user data after that data was supposed to be discarded. Previously, the Cambridge Analytica scandal saw 87 million Facebook users’ data compromised. Airbnb is facing a hefty fine for a data protection breach. British Airways has become another company fined over user data compromised in a cyber attack.

So there is one dark side to collecting user data, which is the liability risk of being responsible for that data. Naturally, your website policies should practice security to the top of modern standards, no matter what user data you collect. In a medium-to-large company, you should have interior policies for customer data safety and perhaps appointed data safety staff. Enact common-sense rules like “don’t save a spreadsheet of customer emails to your personal laptop and leave it somewhere.” Once collected, that data should stay inside.

A breach of customer data can not only lead to a punitive fine, but it is a P.R. disaster for your company. Of course, a data breach is bad for any company in any situation, so we probably don’t need to preach to the choir.

Do Users Really Opt-Out of Data Usage?

Surprise! No, they do not!

The Google Analytics Opt-Out Add-On at the Play Store has only one million downloads – out of the billions of Google users.

The blog at Yell.com reports that 99.8% of users allow all those cookies anyway, out of stats compiled from 20 million users.

A report at Marketing Facts relays a study in which only 0.7% of users choose to block cookies.

DuckDuckGo handles 60 million queries per year. Since they don’t track users, they don’t know how many of those are repeat visits. Compare to Google’s volume of 5.6 billion searches per day.

A blog post at Venture Beat calls this “a privacy paradox.” They cite an Experian study revealing 70% of global consumers are “willing to share more personal data with the organizations they interact with online” especially if it leads to more convenience. They also point to a Center for Data Innovation study which shows that 58% of Americans are “willing to share their most sensitive personal data (i.e. biometric, medical and/or location data)” in exchange for using apps and services.

Paradox, indeed! When we survey people, there are lots of dramatic pearl-clutching about data privacy. When we put users in control of their data, in action, they’re just not concerned enough to click that opt-out button. Perhaps people have a fatalistic attitude about consumer data collection, mistrusting all opt-out methods with cynical disregard.

But come on, Experian found 70% of people worldwide just do not care. DuckDuckGo is right there, it uses Google in compiling results, you get Google-quality searches without the data collection. Mostly nobody cares.

If anything, we should be emboldened by these results to use more data than ever. But again, let’s see how we can give users more of what they say they want, in case they start practicing more of what they preach.

What Would Dataless Digital Marketing Look Like?

As we pointed out above, data collection only goes for one purpose: targeted marketing. Even without collecting all that data, targeted marketing is still possible in a looser form. TV commercials have been doing this for decades; kids’ cereals and toys during Saturday morning cartoons, products targeted at the unemployed demographic during The Price is Right.

Contextual Advertising

TV commercials work by contextual advertising. This is also how many embedded display ads on websites work. Using programmatic advertising, companies can buy up keywords for ad impressions on websites. Data from the website a user is browsing is almost as good as the data you can collect about that user. It’s not hard to guess where you would advertise a medical service used by senior citizens, an accident law firm, or a postgraduate college.

Direct Marketing

If your users are not shy about trusting you with their data, while you pinkie-swear not to use it for third-party purposes, you still have email marketing and the customer retention / remarketing channel it provides.

Email marketing is far from dead and can deliver massive ROI. When people opt-in to receive emails from you, they’re giving you express permission to communicate with them. Don’t squander this opportunity; make sure you develop an email marketing strategy that keeps your prospects and customers engaged.

Content Marketing

Given enough content, content marketing may be all the exposure some companies need. With content marketing, the interested leads find you, by Googling for the things they’re interested in. All other things being equal, content marketing is actually cheaper per impression than PPC ads. All you need is to fire up a blog, sprinkle some outreach across social media, and have the manpower to grind out those blog posts.

Bonus: all the content you create can be distributed via email.

Influencer Marketing

Influencer marketing is an alternative hybrid of content marketing, in which the influencer handles a pre-built audience within a marketing niche and collaborates with third-party companies to pitch for them. Influencers, especially the more famous ones, do not come cheap, but the results speak for themselves.

Influencers take on all the grunt labor from content marketing—building up audience trust, becoming an authority or thought leader, occupying a specialty niche—and then take on marketing campaigns for companies aligned with their native audiences. In some cases, such as video influencers on Twitch, YouTube, or TikTok, it’s exactly like buying commercial airtime during a broadcast.

Final Thoughts

We see that marketing will survive, as it has for thousands of years, with or without data collection. We’ve learned how to practice good data collection etiquette and hygiene, reassuring users that they are still in control of their data. We have examined how concerns about data privacy don’t translate into actions, and how users don’t opt out of data collection even when we make it easy for them.

Data usage in marketing is bound to remain a hot media topic for awhile. It may grow even hotter and drive voter reform on one continent or another to impose strict regulations against it. But so far, the biggest strike against data collection is that companies have to inform users of what they’re doing and give them an opt-out.

The public outcry about data usage can also fade back. History is on the side of this scenario. Media panics come and go, especially when they’re attached to digital technology. We get used to things and move on. After all, how long have you been reading here without checking our privacy policy?

About the Author

Alex Membrillo, CEO

Some say Alex Membrillo was born to be CEO of Cardinal Digital Marketing. Others say the Flock chose him. Together with his team of high-flyers, Alex has led Cardinal to exponential growth thanks to an innovative approach to digital marketing. Team awards proudly include A Best Place to Work designation and the Inc. 5000 list of fastest-growing privately-held US companies.

A Digital Marketer of the Year by the Technology Association of Georgia (TAG), Alex also contributes to the Forbes Agency Council, with placements in national publications including Entrepreneur, Search Engine Journal, Physicians Practice, and The Wall Street Journal. He’s served as an expert speaker for the American Marketing Association, HCIC, SMASH Senior Care Marketing & Sales Summit, and SHSMD (among others).