New, stricter data privacy regulations like the EU’s General Data Protection Regulation (GDPR) and the impending California Consumer Privacy Act (CCPA) have compelled companies to reexamine their data policies, and in many cases, to make significant changes to how they collect and use data. These laws certainly benefit and protect consumers, and, if implemented well, we believe they help businesses too. Companies are learning that there are ways to use data to their competitive advantage, without compromising people’s privacy or security. Finding this “sweet spot” hinges on responsibly sourced data collection.
Responsibly sourced data means that data not only was obtained in a way that reflects regulatory requirements, but also respects industry best practices, core consumer privacy principles, and data minimization concepts. It is accurate and actionable, so organizations can create personalized customer experiences, products and apps, as well as more relevant advertising that delivers value for customers while advancing a business objective.
Brands and publishers’ data responsibilities extend beyond internal practices. These steps will help your organization collect and use data responsibly, so you can create symbiotic data-sharing relationships across the ecosystem.
1. Develop a thorough but adaptable data strategy
A data strategy is an overarching approach to collecting, processing, storing and productizing data that affects and reflects every aspect of your business. The strategy should be carried out through an established set of policies and best practices that are communicated and broadly understood across your organization. This means that anyone can read them, ask clarifying questions and incorporate them into their day-to-day work. As you build and document your approach, seek input across your organization, including Legal, Marketing, Engineering and Product.
Establishing a data strategy is an iterative process and not a “one-and-done”-type exercise. Global data privacy laws, and interpretations of them, are constantly evolving. Plan to update your framework continually based on compliance considerations and emerging best practices.
In doing this, you should collaborate and lean on industry associations and working groups. For Factual, these groups include the Interactive Advertising Bureau (IAB), the Network Advertising Initiative (NAI), Digital Advertising Alliance (DAA) and Mobile Marketing Association (MMA), so those may be good places to start.
2. Do your due diligence (and then some) with data suppliers
First-party data is a valuable asset, but market leaders need third-party data, too. The marketer should understand their provider’s approach to data collection, consent gathering and privacy policies. In a recent survey by Demandbase and Demand Metric, four out of five respondents reported they were concerned that their tech vendors could put them at risk of violating the GDPR. That is backwards: the right partners will help you stay at the forefront of data compliance.
Responsibly sourcing data is about more than contractually obligating providers to abide by the law. Consider your partners’ values. Ask questions about suppliers and vendors’ data collection policies and compliance resources, review their consent collection mechanics and privacy policies, and address data collection in your contracts.
Successful collaboration depends on trust, but you can’t afford to act on blind faith. Our shorthand for this philosophy is “trust but verify.” Of course we believe our suppliers uphold their contractual obligations, but for our benefit--and our customers--we are building a global audit program that will monitor consent collection and privacy practices. This is enabling us to systematically check in.
3. Understand the ways providers package their data
Responsibly sourced data also applies to what your providers actually do with their data, and how they productize it. This includes practicing privacy by design, by considering data privacy and security throughout the product lifecycle. It also means that they should have standard packaged data products explicitly designed for specific use cases and not open ended data feeds where they are in less control of how the data is actually used. An example here in location is avoiding raw data feeds and individual customer journey feeds, which can leave customer data easily identifiable, putting privacy at risk. Audience segments, on the other hand, are aggregated data packaged by design to be benign and with limited risk of personal data exposure. This allows marketers to leverage data effectively without being exposed to more information than needed.
Try to apply a principle of minimization, in which the type of data collected is commensurate with use. Say you want to serve an ad to my mobile device. All you need is my mobile advertising identifier, so what are you doing with my full name, email and phone number?
When everybody wins
Responsibly sourcing data is an ongoing, collaborative effort. By working together as an industry, we will pinpoint new ways to create personalized, engaging experiences, while using the most private, secure and compliant approaches possible.
Stricter data privacy laws might present challenges for some organizations. But in truth, the more visibility and transparency marketers demand from their data providers, the better for everyone. Consumers will get experiences that resonate and improve their lives rather than disrupt them, all while knowing their rights have been respected. And marketers will get better results because the data they are using is accurate and effective, and they have earned something even more critical than data: consumer trust.