Privacy. This is a word that’s likely to elicit different reactions from consumers versus those of us who work in marketing.

For marketers who live in Europe, the last eight years or so have been spent trying to wrap our heads around different pieces of privacy-focused legislation and how to best be compliant.

Our cousins in America have watched this process with feelings ranging from relief, to bemusement, to mild envy.

For all the change we’ve seen so far, 2020 is going to be the year where we see the biggest shifts yet.

It’s likely to have a profound impact on anyone who works in marketing, but particularly for those of us who work in paid media – regardless of which side of the Atlantic you live on.

So what’s going on?

Let’s take a quick look at what’s covered by GDPR and the upcoming e-Privacy Regulation, which affect Europe, but also take a look at the California Consumer Privacy Act and how this is likely to affect our industry.

Advertisement Continue Reading Below

Europe

The General Data Protection Regulation (GDPR) came into force in May 2018. In a nutshell, it covers how we collect, store and use personal data.

If you’re a company based within the European Economic Area (covers slightly more countries than are in the European Union), or you’re based outside and the EEA and ever process the personal data of someone who lives in the EEA, then it applies to you.

It covers personally identifiable information – anything that relates to an identifiable individual and could be used to trace or distinguish them – such as:

Name.

Social security number.

Date and place of birth.

Biometric data.

Education history.

Anything financial, medical or employment-based.

In the EU, it also includes your IP address.

As scary as GDPR been, there’s something even scarier on the horizon – the E-Privacy Regulation (ePR).

ePR is significantly more impactful when it comes to digital.

Advertisement Continue Reading Below

The last time regulation specific to the Internet was put in place, was 2003 and the online world has changed so much in the last 17 years.

ePR will apply to your business if you use online tracking tech, engage in electronic direct marketing, or provide online communication services.

It also expands the definition of PII to include anything that can identify an entity online – including cookies and metadata.

CCPA

The good news for those State-side is that the California Consumer Privacy Act (CCPA) is much closer in scope to GDPR than it is ePR (lotta Rs in that sentence) when it comes to what it counts as personal data.

It applies to your business if you’re based in California and meet at least one of the following:

Has annual gross revenues in excess of $25 million.

Buys or sells the personal information of 50,000 or more consumers or households.

Or earns more than half of its annual revenue from selling consumers’ personal information.

If you’re one of the companies covered, here are some of the things you’ll have to do to comply (I cheated and copy-pasted this for legal ease!):

Implement processes to obtain parental or guardian consent for minors under 13 years and the affirmative consent of minors between 13 and 16 years to data sharing for purposes

“Do Not Sell My Personal Information” link on the home page of the website of the business, that will direct users to a web page enabling them, or someone they authorize, to opt out of the sale of the resident’s personal information

Designate methods for submitting data access requests, including, at a minimum, a toll-free telephone number

Update privacy policies with newly required information, including a description of California residents’ rights

Avoid requesting opt-in consent for 12 months after a California resident opts out

So, it’s similar to GDPR, but also more specific when it comes to handling the sale of data.

Check and see if it will apply to you and what work you’d need to do in order to become compliant.

What Does This Mean?

Ultimately, the key thing that both of these pieces of legislation covers are ways that we track users which aren’t personally identifiable.

Advertisement Continue Reading Below

GDPR in Europe generally applied to information that could be used to pinpoint someone based on their real-life identity – so anything that would help a company keep track of me, Arianne Donoghue.

What it didn’t cover, and is now going to be covered, is anything that tracks me as an entity online.

To many data and tracking services, I won’t be known by my real identity – but they’ll have a user ID that identifies this 35-44-year-old woman who lives in the north of England, loves cats, and spends far too long browsing Wholesome Memes on Reddit.

They’ll know almost everything about me – except who I actually am, but they don’t need to.

If you have a Google account it’s always worth taking a look at the Ads Preferences and information Google has stored on you. It highlights how well services are able to profile us without knowing who we are.

This is what’s at risk. Any sort of electronic detail that can be used to track someone and identify them, is covered.

Advertisement Continue Reading Below

This most certainly, includes cookies – and probably most cookie-less alternatives, such as browser fingerprinting.

Couple this with growing usage of ad blockers, Do Not Track, and browsers becoming increasingly privacy-focused, and all of a sudden we’ve got an ever-shrinking pool of people that we can track, monetize, and build our online ecosystems around.

Data is the fuel that powers the Internet and soon there may not be as much of it to buy, sell, or go around in general.

While I could, and perhaps will write a whole other article about whether this was the right route for us to go down, ultimately we’ve built our industry and chosen to base our success on the trackability of paid media.

Put X in, get Y out. Drive an ROI. Know exactly what you’re getting.

We don’t hold other channels (even some online ones) to the same standard.

I don’t know about you, but in my experience, a lot of brands are happy to spend more on TV or other offline advertising than they are on paid – despite the inherent trackability of those channels.

Advertisement Continue Reading Below

If, despite this amazing selling point, digital hasn’t quite managed to make it to the position of King of the Marketing Jungle, will it ever?

Our campaigns are more personalized than they’ve ever been and I’d argue that they’ve become impersonal.

We’ve reduced everyone and everything to a data point and we’ve forgotten about the real human people behind the screens, and the job we’re meant to be doing.

We have a data hammer and everything has become a nail.

We are possibly going to lose that data hammer. Tracking and attribution as we know them, may cease to exist and I believe our industry is largely unready.

I did a Twitter poll a few months ago where I asked people if they expected upcoming regulatory changes to have an impact on digital campaigns– a third of people did, but had no plans for how to mitigate it.

However, 30% of people had no idea what I was on about.

Marketing’s job is to inform, educate, or entertain.

Advertisement Continue Reading Below

Certainly, if I think of my own experience, finding my way into a career in digital without any sort of marketing training, this isn’t how I learned to think.

I’ve been guilty of chasing the data, rather than thinking about how I solve the challenges or fill the needs of the users who might be looking at my ads.

In the future, we may only know our start and ends point, the inputs and outputs – much like our colleagues in traditional marketing.

Any data we do have will help us understand our customers better:

Who they are.

What they need.

Where we can find them.

Etc.

But we may never be able to target them how we have been. We need to shift our approach and also be more honest about some of the realities of our industry.

The recent case study from Adidas admitting that they were misled by their data and over-invested in the wrong channels is proof of this.

Advertisement Continue Reading Below

Rather than just focusing on what’s efficient, we also need to focus on effectiveness.

Increasingly, we’re seeing brands choose to use context as a way of targeting users in paid campaigns, but not context in the old GDN-contextual-campaigns sense of the word.

It’s contextual with all the benefits of programmatic. You can read a bunch about people who are trialing this here, here, and here.

But this interests me not because I’m interested in how we replace the data we might lose. It interests me because it represents a totally different approach to what many of us may have ever tried.

Humans are tribal, social creatures – we’re not supposed to live solitary lives in vacuums, without contact with one another, yet all too often we take this individualistic approach to our campaigns, ignoring the power of groups, recommendation, and connection.

Takeaway

This all sounds a bit doom and gloom doesn’t it?

But I want to flip this on its head and think about what we stand to gain, rather than lose.

Advertisement Continue Reading Below

We’re hopefully going to enter a period of increased transparency and honesty which is something our industry sorely needs if we’re going to build trust again as an industry – with our clients, their consumers, and with each other.

Remember that being connected is part of what makes us human – and thinking and caring about how we can genuinely solve customer’s problems in a creative way is one of the things that makes us stand out from machines.

Read more, learn more, including stuff you may not have considered because it’s not “digital.”

Users don’t make that clear distinction. Neither should we.

Future-proof your knowledge and your career by switching things up and think human-first.

More Resources:

Image Credits

Featured Image: Dayne Topkin / Unsplash

Screenshot taken by author, August 2019

Screenshot taken by author, January 2020