Data protection: a new trust agreement
Strategy Consulting 5 February 2017The client is king in marketing, and the client’s needs are at the forefront of the design process for new services. Certain questions gnaw away at marketers from Monday to Friday, such as “Are we providing the best possible user experience?”, “What does the app we’re developing truly offer?”, or “Does our product respond to a real market needs?” First answers to these responses can be provided by data: if a user visits my site, I know what product interests him or her; if he or she has read articles on a partner’s platform, I know what tone to use when I address him or her.
Data protection: the search for the holy consent
Most of the time, this information regarding consumer digital behaviour is collected through cookies. The use of cookies has been strictly regulated in France by a national watchdog, the CNIL, since the ‘Telecoms Package’ was adopted across Europe in 2009. The development of a new stage in obtaining consent is currently underway. It could impact targeting mechanisms in advertising, through an opt-in when a web browser is downloaded. Consequently, the advertising market fears that few users will accept that their data be collected, and that only some will change their settings after browsing for a few days.
Today, cookies are used in targeting for most advertising campaigns. However, personal data is still used to inform loyalty programs, CRM campaigns, or sometimes even media campaigns via onboarding mechanisms. Here, too, French and European authorities have created laws to oversee the exploitation of this data – and with even greater strictness than for anonymous data. The very definition of the concept has also evolved, as IP addresses are now considered personal data and must thus be declared to the CNIL, following a November 2016 decision from the French court of appeals. European regulation published last year, which will come into force in May 2018, aims to unify privacy protection policies in the EU and to strengthen means of control. It even introduces a concept of ‘Privacy by Design,’ which means that privacy protection will have to be taken into consideration from a project’s design stage.
The idea of consent – or clear and free agreement given by a user to a service to collect, store, and exploit his or her data – is always at the heart of these new regulations. In a concrete way, in the case of cookies, this means using a module which conditions cookie deposit to the obtaining of consent. 55’s cookie Consent plug-in was one of the first (and few) to respond to this imperative. It was rolled out on websites including Renault and Ferrero France’s complete websites. In the case of personal data, this simply means adding certain information to a service’s legal notices or terms of use: the list of data collected, length of storage time, the security measures put in place to secure these data, and an explanation of how they will be used.
Despite the precise technical and legal definitions of conditions of consent, it must not only come about by a desire to follow the law. Obtaining consent must be a marketing priority, to guarantee that a relationship of trust is established with consumers. A sustainable and healthy relationship, founded on honesty, requires open discussion on these subjects.
Data protection is, above all, an issue of trust
Protecting consumer data and obtaining consumers’ consent to collect data is a real issue for brands. Security failings in information systems can be the beginning of media scandals, particularly when the information published impacts the reputation of service users. For example, the extra-marital dating site Ashley Madison was threatened in this way when the identities of 32 million of its users were leaked in 2016.
Though these failings remain rare, numerous online services have been criticised for their abusive privacy policies. In general, these are social media platforms whose monetisation relies on user data. The most recent example is the information sharing between Facebook and WhatsApp. In August 2016, almost two years after the
messaging app was purchased, the service’s terms and conditions were changed to allow data to be shared between the two platforms for advertising purposes. It should, however, be noted that despite media coverage, this event does not seem to have impacted the social network’s performance, as it benefits from unequalled penetration and adoption rates. Because users recognise the value of the service offered by Facebook and thus seek it out, they accept that their data is used to generate advertising revenue. A study completed by Columbia University showed that most users will freely communicate their data to companies if users consider that they receive high quality services in return.
To avoid the notorious “privacy backlash” and earn consumer trust, brands have every reason to adopt an educational approach. Companies could show their commitment in a clear and succinct manner by following the example of the Forum d’Avignon’s “Preliminary Declaration of the Digital Human Rights”. Users would thus be able to understand how their data is used, and to judge whether or not suitable security measures have been put in place. The ideal, of course, would be to provide users with an intuitive interface through which they can see how data is being used, and control what they wish to share.
In short, personal data protection is not just a legal issue for companies. Above all, it allows them to establish a relationship of trust with their consumers. It is a real lever for brand growth, if one believes a study published by Forbes, which confirms that the more a consumer trusts a brand, the more likely this consumer will be to buy the brand’s products or spread the word about the brand. This study puts Samsung and Nike in first place on the list of brands that American millennials trusted the most in 2016. This should be enough to make marketers place data protection as one of their top concerns.
Translated from the original French by Niamh Cloughley.
