Personalization and Data Privacy Compliance Aren’t at Odds
Personalization and Data Privacy Compliance Aren’t at Odds
Remember the uncertainty Google threw the marketing world into when they announced the end of third-party cookies? The decision left us scrambling to find new ways to personalize marketing in a time increasingly concerned with privacy online. Google has since walked back those plans, but with all kinds of new privacy laws on the books or in the works, businesses still face compliance issues as they search for new ways to offer personalized experiences.
Collecting and using customer data is necessary to delivering a personalized customer experience. Customers want this type of experience, and they put a lot of trust in businesses to handle their data properly. Even in the absence of legal ramifications, businesses may still suffer reputational damage if the public learns of irresponsible or unethical use or sale of personal data. Personalization, however, does not have to suffer at the hands of data privacy compliance.
Privacy Laws in the EU and US
In 2018, the European Union passed sweeping privacy regulations that apply to any business operating in EU countries. While the United States does not have a law like this at the federal level, several states have passed their own privacy laws. California was the first to pass such a law. The 2020 California Consumer Privacy Act (CCPA) has since become the model for bills proposed and passed by other state legislatures.
These laws aren’t just for show, either. In 2019, the EU fined Google €50 million ($52.6 million) for "lack of transparency, inadequate information and lack of valid consent regarding ads personalization,” as reported by the BBC. EU regulators said that by automatically opting users into receiving personalized ads, Google failed to give users the opportunity to give consent. Companies from banks to clothing retailers to telecoms have been issued hefty fines under the regulation.
California, meanwhile, recently reached a settlement with DoorDash after the state accused the company of violating the California Consumer Privacy Act (CCPA) by selling customer data without consent, according to this press release from the California Attorney General.
Compliance With EU Privacy Laws
The EU’s General Data Protection Regulation (GDPR) places limits on what kinds of data companies can store, how long they can store the data, and for what purposes they may use that data. The law holds companies accountable for their cybersecurity practices, which means that if private data is leaked after a hack, the company can be fined if a court determines that the company did not enact sufficient security measures.
Compliance With US Privacy Laws
The United States lacks data privacy legislation at the federal level, so a number of states have taken it upon themselves to enact their own. California passed the CCPA in 2018, the same year the GDPR was passed.
Colorado and Virginia followed California’s lead in 2021, with both laws stipulating that consumers have a right to access and delete their personal data and opt out of data collection. Virginia’s law also requires businesses to conduct data protection assessments.
According to Bloomberg Law, as of 2024, 20 states have enacted comprehensive privacy laws and six more have enacted more narrow privacy laws.
Ensuring Compliance
Given the legal and reputational repercussions of mishandling customer data, businesses have to take privacy seriously. Here are a few things you can do to stay on the right side of the law and gain the trust of the public.
Understand the laws that apply to you. Make sure you understand which regulations apply to your business and what exactly they require of you. Seek legal advice from professionals and understand the precedents for prosecution that have been set.
Protect data “by design and by default,” not as an afterthought. That wording—“by design and by default”—comes from the EU’s GDPR website. What this means is that protecting customer privacy can’t be something added on top of an existing system or done to meet some minimum standard. Privacy must be considered as a part of your overall business strategy.
Solicit data voluntarily. Transparency is a part of most data privacy laws: consumers have to be informed that their personal data is being collected. You can take transparency a step further and ask customers to voluntarily share private data through surveys.
Follow cybersecurity news. Businesses that collect personal data have a responsibility to keep abreast of new security weaknesses, phishing scams, ransomware, and other types of attacks. Hackers never rest, so you can’t, either.
Keep all software updated. Software running older versions are more at risk of data breaches. See this article [link to ProsperWerx cybersecurity article] for more cybersecurity best practices.
Use aggregated rather than personalized data. Replace identifying information like full names with pseudonyms or codes and use aggregated data like website analytics and demographic data to create marketing campaigns.
Conduct regular security and compliance audits. One of the most striking aspects of the GDPR is that companies can be held accountable for data stolen in a hacking, malware, or ransomware attack if the company’s cybersecurity is found lacking. Consult with someone who knows the law and knows how to ensure your systems are compliant.
Good Privacy Practices Build Trust
Increased privacy doesn’t mean the end of personalization. A 2023 Pew survey found that 81% of Americans are concerned about the way companies use and collect data. The survey suggests those attitudes are driven at least in part by fear and uncertainty, as 67% say they don’t understand what companies do with the data they collect. By protecting personal data and being more transparent about how you use and collect it, you build trust. And when customers trust you, they are more likely to share the data you need to provide them with the personalized experiences they prefer.
Are You Ready to Do Better Marketing?
WerxMarketing is all about performance marketing. That means giving you the tools you need to connect with customers, enable your sales efforts, and turn leads into loyal customers. Ready to learn more about how we do that? Book a free consult and bring your questions. See if you like working with us on our dime, and get some good advice in the process.