In 2018, consumers have largely accepted that marketers use an online log of their behaviors and spending habits to target digital audiences with relevant ads. A Pew Research Center study found last year that most Americans determine their online privacy rights case by case, with 47 percent saying they’re comfortable with retailers tracking their purchases to deliver better deals.

Now major brands, including Spotify, Netflix and Cost Plus World Market, are testing the waters by using their troves of user data to drive not only the targeting but the creation of their ads. Many of these campaigns seem like experiments designed to determine just how much of their own data people are willing to tolerate.

“At what point do you creep someone out?” asked Ian Mackenzie, executive creative director at data-first shop FCB/Six. He said all of FCB/Six’s clients are curious about how they can employ their user data but are hesitant to actually do it.

“It’s uncharted territory,” added FCB/Six president Andrea Cook, who said companies are fearful that, if they cross a line, they could “get called on the carpet.”

But where, exactly, is that line?

Many were amused when Spotify first used data mining in a series of oddly specific ads last year. One billboard read, “Dear person who played ‘Sorry’ 42 times on Valentine’s Day: What did you do?” The campaign was so popular that Spotify tweaked it and brought it back this holiday season, in “2018 Goals,” broadening its scope to a more general audience. One banner read: “Skip dinner invites from the people who added these songs to their playlists: Slippery, All of Me, DNA.”

That may explain why when Netflix piggybacked on Spotify’s first campaign with a single pre-Christmas tweet that read, “To the 53 people who’ve watched A Christmas Prince every day for the past 18 days: Who hurt you?,” it drew some inevitable haters, who questioned why it called out just one small group of users.

Why are you calling people out like that Netflix — Amanda Bell (@AmandaJuneBell) December 11, 2017

“When you use personal information and you don’t add value, it’s intrusive,” said Thomas Shadoff, director of media at Toronto agency Bensimon Byrne. The value in Spotify’s ads being it showed it listens to all users.

His agency used retargeting to create Svedka Vodka’s creepy Halloween “Banner Ad Curse” campaign that literally haunted internet users with banner ads after they clicked on a seemingly harmless post for cocktail recipes. But the agency shied away from using data to inspire the creative, despite having the option to do so.

“With access to so much data, we were careful not to go too far,” explained Patrick Schroen, Bensimon Byrne’s creative technology lead. “We explored creative with more personal info that didn’t make the cut, keeping the creative more playful and fun.”

Typically, Rebecca Lieb, digital marketing and media analyst, explained that ads annoy consumers when they’re improperly targeted or were retargeted too many times, not for creepy creative.

“Brands and their agencies are between a rock and a hard place,” Lieb said. “What would you rather do: creep someone out, or not have them see [the ads] at all?”

Cost Plus World Market needed to be particularly cautious when tapping into personal data. The home goods retailer asked customers, like “Lisa and Ray Worley in the low-rise apartment near that no-frills diner on N 73St.,” to allow their own data to be used in a series of playful banners, created by barrettSF.

That agency’s founder and executive creative director, Jamie Barrett, said “the legalities of revealing real addresses, etcetera” made it necessary for the agency to ask for permission.

“I can tell what bank you walked into [and] what you’re wearing just by your phone number,” said FCB/Six’s Cook. “Would that creep you out if a brand knew the sweater you’re wearing? What’s the next level of creepy?”