June 20, 2018
NEW YORK – Now that the European Union’s General Data Protection Regulation is in effect, marketers face more hurdles in collecting and using consumers’ information.
GDPR recognizes E.U. residents’ rights to privacy, giving consumers more tools to oversee how their data is used by marketers. In a session at Forrester’s CX NYC forum on June 19, an analyst from the research firm noted that customer experience professionals have the expertise to create human-focused appeals for opt-ins.
“Privacy by design is nothing if not human-centric design on a data level,” said Fatemeh Khatibloo, principal analyst at Forrester.
GDPR, which went into effect on May 25, requires companies to be much more transparent about what data they collect and what they do with it as well as requiring that consumers reiterate affirmative consent to being sent emails and targeted with other data measures. Even if the public's general sentiment finds these uses of data non-intrusive, brands stand to lose a lot simply through customer inaction in providing affirmative consent (see story).
The regulations stipulate more areas where brands must get consumer consent for use of their data, such as selling it to a third party or using data for another purpose than it was originally collected.
Companies do have some leeway for legally using data without consent. For instance, marketers can use anonymous data to analyze trends, allowing them to decide where to put a store.
Brands can also collect data if it is needed to conduct normal business.
Under GDPR brands cannot use consumer data for unauthorized purposes. Image credit: Bloomingdale's
As an example of what not to do, Ms. Khatibloo presented a scenario in which a retailer gets a consumer’s permission to track their cookies as she browsed the store’s ecommerce site. After the shopper gives the store her email, the retailer uses third party data to find out her home address and mails her a catalog, an impermissible use of information under GDPR.
Brands now have to hire data protection officers, who in effect serve as whistleblowers. GDPR also forces brands to alert regulators within 72 hours of a breach.
Since marketers now have to get consumer consent for everything from cookies to third party data sharing, brands can actually use this as an opportunity to get consumers to proactively share more about themselves. For instance, with the right human-centric design, requests for data can be placed at the optimal points in the customer journey to raise the likelihood of participation.
Growth in data availability has opened up doors for marketing and is driving economic growth, but the tradeoff has been the individual’s loss of control over their own information, according to an executive from Identity Praxis.
As the number of connected devices and smart technology the typical consumer owns grows, so does their ability to be tracked, leading to big business for big data. During the “You Heard It Here First: Personal Data is the New Luxury Good” keynote at Luxury FirstLook 2018: Exclusivity Redefined on Jan. 17, the executive predicted that in the future, privacy will be afforded only by the affluent class, turning it into a luxury (see story).
Repercussions surrounding Facebook’s invasive use of data have extended far beyond those directly involved, causing luxury marketers to now be more concerned about their use of customer information.
According to a survey from Kelton Research and SheerID, two to one consumers want brands to request consent before using their personal data. Only 8 percent are comfortable with marketers looking into social channels for individualized information such as likes and activity for promotional purposes, including discounts (see story).
When asked if a GDPR-style regulation was likely to make its way to the U.S., Ms. Khatibloo was doubtful of a stateside version of the law. However, she noted that California is working on a "GDPR light" regulation that would limit the use of consumer data.
"In Europe, privacy is considered fundamental human right," Ms. Khatibloo said. "People are considered data subjects there.
"Here we have no such thing in our constitution and you’re considered consumers," she said. "Very different way of thinking about human life."