More personal data are being collected now than ever before and this increases every year. Not only are more data being collected, but more kinds of data as well. What we buy, the websites we visit, what we search for, what we say on social platforms and even our location via mobile devices can be collected and used for marketing purposes. Because the amount of data is so expansive, it is possible for bad actors to misuse them given the lack of controls on to whom and how such data can be sold. But, as you’ll see below, marketers can take these risks and turn them into opportunities for building trust and leadership.
Perhaps the most notorious example is the Cambridge Analytica scandal where the data of up to 87 million Facebook profiles were scraped without their (or Facebook’s) consent for the purpose of refining the targeting of political ads. With this much consumer data in the ecosystem, governments around the world responded by drafting laws to protect personal privacy.
Implications of stricter data privacy laws for the advertising industry
The data privacy legal landscape for marketers and brands is evolving at a frenetic pace. In 2018 both the U.S. and the European Union enforced landmark data privacy legislation. Europe’s General Data Protection Regulation (GDPR) was intended to create a level of consistency across its Member States as well as a mechanism to enforce much stricter regulations related to how personal data are collected, stored and used.
GDPR is a complicated set of rules with nearly a hundred articles and continues to evolve as judges interpret it through the lens of new cases. There have been a slew of cases resulting in billions of dollars of fines, and some complain that the goal posts may be moving. In the U.S., the California Consumer Privacy Act (CCPA), which was strengthened in 2020 by the California Privacy Rights Act (CPRA), creates similar constraints. Due to the technical challenges of creating multiple rules for multiple geographies, many companies simply use the most restrictive rules globally. A number of other U.S. states are considering similar rules, and just last week, in The Wall Street Journal, President Biden called for legislation to further enhance privacy “by putting into place limits on how companies use, collect and share personal data.”
All of the largest advertising platforms have seen substantial fines arise from violations of the GDPR and CCPA/CPRA. In just the first week of 2023, the EU courts determined that using Meta’s terms of service to obtain legal permission from individuals to use their data to assist in the targeting of personalized ads to them on Facebook, Instagram and WhatsApp, was a violation of GDPR. This ruling was based on the fact that a consumer could not use these platforms at all unless they gave their permission, and that the consent language was found in a lengthy document that’s rarely read in its entirety. This ruling implies that any social media company may now need to create a way for individuals to use their services without also agreeing to allow their personal data to be used.
Protect data privacy and transparency – and win consumer trust
While the new and expanding data privacy rules clearly present risks to the advertising ecosystem, they also pose an opportunity for leadership. It is therefore important not to lose sight of the fact that these protections are essential for the proper management and use of such information. Companies that collect, manage and/or use personal data must do so in a way that is consistent with laws, yes, but they also have an ethical responsibility to proactively protect the data privacy of those individuals sharing their information.
Much of this industry is built upon the willingness of consumers to share portions of their personal data for access to services or other forms of compensation, and every violation of their trust by one company harms the entire ecosystem. We must protect data privacy because it is the right thing to do, and we must protect data privacy because the advertising industry depends on it.
In all of this, transparency is essential. Even if marketers or brands are doing all of the right things, if what they’re doing can’t be easily understood or explained, they’re still not building trust. Edelman’s 2019 Trust Barometer found that 69% or consumers agreed with the statement, “A good reputation may get me to try a product, but unless I come to trust the company behind the product, I will soon stop buying it.” And 81% said that they must be able to “trust the brand to do what is right.”
The bottom line: Not only is transparency the right thing to do, it’s also good for business.
Recently, some firms have launched to provide independent third-party certification of data privacy and transparency in order to create a greater sense of trust in the ecosystem that companies are doing what they say they are doing. For example, my company, Dynata, has been certified by Neutronian for data privacy and transparency and now ranks No. 1 in its quality framework index among our peers. Independent third-party verification for data privacy and transparency is just as important now as it has been for decades in ad delivery, audience validation and brand lift studies for the same reasons.
It is critical for companies that collect, manage, and use large amounts of consumer data to not only follow their legal requirements, but also to transparently meet and exceed those requirements. It is incumbent on Dynata and other large data companies to take a leadership role and set an example for what our industry is and should be.
No one wants their personal data collected or used without their express consent. We have a responsibility as marketers to ensure that we make the industry effective, but also respectful, ethical, and trustworthy for the benefit of everyone.