Dig deeper: ChatGPT under threat from European regulators

This is the largest GDPR fine ever handed down, surpassing the previous record of $887 million against Amazon in 2021. The ruling gives Meta five months to put in place measures to halt future transfers of personal data to the United States and six months to stop “the unlawful processing, including storage, in the US of personal data of EU/EEA users transferred in violation of the GDPR.”

Why we care. If the ruling is put in place Facebook would have to delete a huge amount of data and restructure its IT systems at a very fundamental level. It also would have enormous implications for any company transferring data between the two areas.

The best hope for staying the ruling is a new data transfer treaty between the U.S. and E.U.

Until 2020, these transfers were protected by the Privacy Shield treaty between the two governments. That year the E.U.’s highest court invalidated the treaty by ruling it did not sufficiently protect E.U. citizens’ data from American spy agencies. 

Negotiations have been underway since the high court’s ruling. Last year, President Biden and Ursula von der Leyen, the president of the European Union, announced the outlines of a deal, but the details are still being hammered out. No doubt Monday’s decision will increase the pressure on the U.S. to get it done. However, the complexity of the issues makes it difficult to move quickly.

Are you getting the most from your stack? Take the 2023 MarTech Replacement Survey

By the numbers. May 25 will be the fifth anniversary of GDPR, and Privacy Affairs has been tracking the fines – all 1,701 of them, for a grand total of over $4 billion:

• Meta accounts for over 50% of all GDPR fines – the company has amassed $2.5 billion in penalties.
• Meta has been fined seven times – including four just in 2022.
• By comparison, Amazon and Google have combined for more than $800 million in GDPR fines.

Only Facebook. The decision applies only to Facebook and not other Meta-owned platforms such as Instagram and WhatsApp.

The company said it plans to appeal.

“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.,” Nick Clegg, Meta’s president of global affairs, and Jennifer Newstead, its chief legal officer, said in a statement.

The post EU fines Facebook $1.3 billion for privacy violations appeared first on MarTech.

It’s a chance for digital publishers to show how they are capturing audiences who cut the cord and now choose digital channels. They also want to convince advertisers that their platform innovations and programming are the best way to connects with viewers, especially younger ones.

U.S. digital video ad spend grew at almost twice the rate of overall digital media in 2022, 21% versus 11% overall, according to the IAB.

“Against this amazing backdrop of opportunity we should make no mistake — we are living in challenging and unpredictable times,” said IAB CEO David Cohen, in his opening remarks. “There is a lot at stake and a lot up for grabs.”

Why we care. Presentations at NewFronts make a convincing case that video has earned the attention from brands that television gets with their upfronts — presentations that broadcasters make to advertisers in the spring about upcoming programming. Audiences are moving to streaming services for traditional TV content like movies and sports. Younger viewers who never watched TV regularly are also spending time viewing short-from video content and playing games on their TVs and phones. Marketers have to follow this space in order to meet many of their customers where they are.

The NewFronts. “Despite today’s marketplace being 24/7 and 365-day experience, NewFronts provides a singular moment in time for buyers and sellers to meet and discuss planning for the remainder of the year and next,” Cohen told MarTech. “This is a business built on relationships and we know how important it is to bring the industry together at key times of the year.”

He added, “The video landscape has drastically changed, and ad-supported streaming is reaching a place of maturity. IAB NewFronts has solidified itself as a must-attend event for brands and agencies that are looking to understand where to place their video and streaming budgets. It has evolved into more than just a showcase of content, but a place where real dollars are transacted and real discussions are had about innovation in streaming.”

Samsung Ads. Samsung’s free ad-supported (FAST) service, Samsung TV, is a good example of how digital video is stepping up to deliver premium content in a fragmented landscape.

In their May 2 presentation, Samsung TV announced it’s adding Conan O’Brien TV as a channel to its FAST lineup, as well as expanded local news and weather content. For gamers, Samsung also announced partnerships with video game streamers Antstream Arcade and Blacknut for free ad-supported games.

Three-quarters of U.S. households have at least one Samsung device, including many smart TVs. Smart TV owners can access Samsung TV free to watch programming, play games and navigate to other subscription streaming apps. This gives Samsung Ads device-level data on TV viewers that other video publishers don’t have.

Dig deeper: How Home Depot and Kroger use RMNs to improver shoppers’ ad experience

“We have the number one TV viewing data set globally, which means our TVs provide more consumer viewing data than any other manufacturer by almost double,” said Sang Kim, EVP and GM of North America service business at Samsung Electronics. “This means that we have the number one addressable footprint in the U.S.”

Samsung Ads announced a new partnership with KERV Interactive to make ads on the platform shoppable and interactive. Earlier this year, Samsung Ads launched the ability for advertisers to run QR codes with ads.

They also announced the rollout of digital out-of-home (DOOH) ads later this year, which includes connections to in-store retail partners. This provides an alternative or supplement to brands who are advertising to customers through retailer-owned retail media networks (RMNs).

Amazon Live, Prime Video and Freevee. Amazon’s FAST streaming service Freevee announced it will debut new original programming in 2024, including “Mock the Week,” a panel show produced by comedian Trevor Noah.

Prime Video, which debuted Thursday Night Football last season, announced a new capability for national advertisers to send different commercials to different viewers through Amazon’s Fire TV devices. It also announced that the NFL’s first Black Friday game, aired on November 24, will be free to view for anyone in the U.S.

Also, Amazon Live will have expanded live shoppable entertainment allowing viewers to shop while they watch. New shoppable episodes of “Black Girl Stuff,” — produced by REVOLT, Sean “Diddy” Combs’s media company — will be shown beginning later this month.

The company wants to make “sense of the signals [and] insights at our disposal to create an optimal customer experience that drives business outcomes,” said Colleen Aubrey, senior vice president, ad products and tech for Amazon Ads

YouTube. YouTube is bringing smart advertising to short videos. They announced that its YouTube Select brand safety platform will become available to advertisers of YouTube Shorts content. According to the company, 1.5 billion logged-in monthly users view Shorts monthly.

Measurement and addressability. All the presenters mentioned their reach and datasets. But what about larger concerns across the digital advertising industry related to addressability? Last year, Cohen referred to this challenge as a “slow-motion train wreck.”

“We have always said that the future of addressability will be a portfolio of solutions — it won’t be a simple replacement of the third-party cookies or identifier with something else,” Cohen told MarTech today. “Clean rooms, contextual, seller-defined audiences, cohorts, and many other innovations have been introduced into the marketplace.”

He added, “We continue to push all players in the ecosystem to test, learn, and deploy as the future will undoubtedly not fit into the containers of the past. Now is the time to get in the game.”

The post IAB NewFronts showcases video platforms armed for ‘challenging and unpredictable times’ appeared first on MarTech.

Did you know that two years ago, $19.2 billion was spent on third-party data? But with changes around data privacy, collecting third-party data is coming to an end. The elimination of third-party cookies presents challenges for creating hyper-targeted, measurable campaigns.

But there’s a solution: first-party data. By collecting data directly from customers, you can provide authentic experiences that encourage deeper connections and loyalty to your brand. And the move from third-party cookies to first-party data presents opportunities to learn more about your audience’s interests, preferences, characteristics, and behaviors.

OneTrust’s The Complete Guide to First-Party Data outlines everything you need to know about first-party data. You’ll learn why it benefits your efforts, how and where to collect it, best practices around data collection and usage, and recommended technologies for streamlining your processes. Plus, it includes real-world examples of how brands are leveraging first-party data today.

Visit Digital Marketing Depot to get your copy.

The post Say goodbye to third-party data and hello to better customer experiences appeared first on MarTech.

OpenAI has until April 30 to inform Italian users of “the methods and logic” behind the processing of data and provide a way for them to exercise their existing personal data rights. Longer-term deadlines were also given for age-gating to the app and launching an awareness campaign so Italians know what their rights are.

Why we care. Italy is the first EU nation to take any regulatory action on ChatGPT. In the past most EU restrictions around privacy have come from France and Germany. Spain has also requested the EU’s privacy data protection board to look into ChatGPT’s practices.

As generative AI technology continues to evolve, regulators are taking a hard look at its use of user data across the web, especially when large language models are trained on that data without the consent that GDPR law requires.

Conditions for ChatGPT’s return. OpenAI has until April 30 to inform users in Italy about how data is used in its algorithms to run its AI models. 

OpenAI will also have to provide tools that allow those whose data is used — including users and non-users — to request a correction of data inaccuracies or to have the data removed if a correction isn’t possible.

Age verification. OpenAI has until the end of September to install a robust age verification system that keeps out users under age 13. And they must submit a plan for this system by the end of May.

Additionally, users aged 13 to 18 who don’t have parental permission will also need to be restricted from using the app.

Campaign. As another condition for lifting the ban, OpenAI will need to launch a local awareness campaign on radio, TV and digital to educate Italians about ChatGPT’s processing methods and data usage. The company has until May 15 to launch the campaign.

The post Italy lays out requirements for ChatGPT’s return appeared first on MarTech.

Q: How did you get to where you are today?
A: My career path has been an irregular one, to say the very least. I have a degree in English, which certainly works towards marketing, but since I work in marketing technology, it kind of makes less sense to most people. After I did my degree, I worked a lot in early internet communications, like the keyword stuffing type of online articles and things to bring people in to websites.

I moved more into generalized content and then, through the recommendation of my husband, into more of an analytics role. This made use of some additional training for understanding programming languages, not necessarily being able to be a programmer but to understand the context around them. And from that moving into more specific digital marketing, which is very data-driven experience. 

Dig deeper: Marketing technologists are well-rewarded

I’ve been working in really highly privacy-focused marketing, for Medicare and Medicaid organizations before getting into the role that I am in now, which is specific to marketing technology, but also still very much focused on the privacy operations kind of element of marketing. 

I wouldn’t necessarily call myself truly a marketer because I don’t do any of the brand content, SEO, e-mail, marketing automation or anything like that. It’s more of the foundational elements 

Q: What’s the biggest challenge for martech?

A: The biggest issue that I’ve seen in marketing technology truly [at previous places I’ve worked] is a lack of understanding and awareness of the value at the leadership level. In my experience a lot of leadership will be very operations focused. It’s kind of like the short term wins focus mentality. The thought they have about marketing is that marketers make things pretty. It’s a long-term perception that marketing and advertising are the same thing, which they are not. 

Bringing in the data and the analytics is a really important layer that a lot of leadership are only just starting to understand. Not having that understanding means that they don’t give the buy in, they don’t invest in the technologies. They don’t think about the foundational marketing tool strategies or governance strategies and things like that. 

Dig deeper: 20 ways to make your marketing team more productive

As a result, it winds up being very reactive when it comes to marketing technology. That’s not the case with the work that I’m currently doing because [Enterprise has] much more of a proactive take on the importance of marketing technology. They’re starting to really look at it as an important foundational element and putting in the budget. 

Q: I know you want to expand your team, are you having trouble finding people with the skills you need?

A: Yes. The reason why there are very few people who can do marketing technology in the way that it needs to be done is because we tend to be very much unicorns. There’s a certain subset of us who grew up with the internet and who saw the changes and worked in them. 

I personally have worked in just about every part of digital marketing technology and digital marketing from content to wireframing websites, to implementation, access management, implementation of advertising and implementation of an analytics platform. Because I’ve had this much experience, I’m able to look at the privacy operations part of it from a very different lens. 

That’s the way things went for every member of my team. We’ve got some members of the team to focus on tagging and analytics operations, some that focus on site speed, some that focus specifically on how best to optimize content on the site.  Each of us went kind of in our very, very unique paths and there’s not a lot of people who have that experience or knowledge or even interest in doing many different things to get that one particular focus.

There is the potential for that to happen with training, but I think it will take some time. It will also take a unique subset of individuals who are interested in both marketing and technology and are willing to do that super deep dive into one very specific area. It’s hard to be a generalist in marketing technology. You definitely have to be a specialist to really do the work that we do well.

Download the survey here (no registration required).

The post MarTech Salary and Career: Saidah Abdulhaqq on the making of a unicorn appeared first on MarTech.

That’s where data management platforms (DMPs) come in. DMPs allow marketers to understand customers and their purchasing behaviors better. This leads to more effective marketing campaigns that drive higher engagement and sales. With DMPs, marketers can glean insights into which campaigns drive the best results among target audiences.

This article looks at data management platforms in depth — what they are, why they are important, what they are used for and their future in a privacy-focused landscape. 

Table of contents

• What is a data management platform?
• DMPs vs. CDPs
• Data protection laws
• The future of data management platforms
• Additional resources

Estimated reading time: 5 minutes

What is a data management platform?

A data management platform is exactly what the name suggests. It is a digital platform that allows businesses to collect, store and organize data that is then used and analyzed to drive marketing and other business decisions. DMPs collect data related to:

• Customer demographics.
• Purchasing history.
• Website clicks.
• The online registration forms they fill out.
• And other sources.

This information is then segmented to provide businesses with actionable insights and a clear understanding of customers and their purchasing habits. 

While DMPs can use first- and second-party data, they heavily rely on third-party data from online sources. The differences between data sources are essential. 

• First-party data is information collected directly from your audience, like website clicks, social media follows, likes and comments, email addresses, etc. It’s considered extremely valuable because it’s collected first-hand, assuring greater accuracy and availability. 
• Second-party data is first-party data that someone else has collected and sold to you.
• Third-party data is gathered by entities that don’t have a direct relationship with the consumers whose data is being collected. 

Once data is collected, DMPs organize it into segments so marketers can build specific campaign audiences. These audiences can be people who fit into certain demographics or purchasing behaviors. Audience segments are built using any number of data points, like family size, household income and age ranges. 

Most DMPs have reporting features for analyzing audience data to discern patterns and understand customer behavior. Because large portions of the data DMPs collect are anonymous (via cookies and IP addresses, for example), marketers get the 10,000-foot view and create generalized audience profiles.    

DMPs vs. CDPs

DMPs aren’t the only avenue by which brands and businesses can harness the power of data. Customer data platforms (CDPs) are similar to DMPs in that they collect information, organize it and provide actionable insights. 

But there is one significant difference: CDPs generally only use first-party data and collect and store specific information about customers using personal identifiable information (PII). CDPs connect the data points gathered back to the individual user, providing even better knowledge about customers and their behaviors. 

For example, with DMPs, marketers might know that a user in a specific age group in a specific geographic area searched for women’s skincare products and is interested in workout gear and running shoes. 

A CDP could tell you that user’s name, specific age, address and other identifying information. Also, because CDPs don’t rely on third-party data (i.e., third-party cookies) to collect information (remember, first-party data is gathered with permission), privacy and consent issues are less of a concern than those currently associated with DMPs which gather and use third-party data. 

Data protection laws

Marketers should note that legislation, like the EU’s General Data Protection Regulation (GDPR) and, stateside, the California Consumer Privacy Act (CCPA), protects consumers as it relates to their personal data and defines guidelines for any businesses that use — or share — that data.

Consumers are more aware of online privacy issues now and expect transparency about how their data is used. Marketers must tread carefully and be prepared for how this continuing evolution will impact their strategies and tools, including DMPs.

The future of data management platforms 

Central to the privacy discussion — and the compliance issues introduced by GDPR/CCPA — is Google’s plan to phase out third-party cookies in the second half of 2024. Created by advertising companies, these cookies track website visitors across the web to gain information about where consumers go and, crucially, what they buy. 

Because DMPs have historically relied heavily on third-party data to fill their pipelines, a future without third-party cookies would mean platforms must gather customer information from different sources, such as point-of-sale and social media. 

In an online environment without third-party cookies, many believe that DMPs are becoming redundant — with marketers increasingly turning to CDPs. That said, it’s probably premature to say that the platforms will become extinct anytime soon. DMPs will likely evolve as the conversation on data privacy and third-party cookies plays out. 

One solution seems simple, pivot more wholly to first-party data. Some DMPs, like Lotame’s so-called next-gen Spherical platform, already primarily utilize first-party data, the benefits of which are already well documented.

Brands and marketers should continue to focus on building customer experiences and providing reasons for customers to engage. Ultimately, all this will help increase the volume and quality of data collected.

Dig deeper

Want to learn more?

• Discover 6 data collection tactics for marketing in the cookieless future.
• Learn the future of data management platforms in the era of CDPs on MarTech Editorial Director Kim Davis’ report.  
• Learn what the third-party cookie phaseout means for marketing campaigns in this MarTech story.
• Find out how to use AI and machine learning to boost marketing data management.

The post Why we care about data management platforms appeared first on MarTech.

Between growing consumer concerns, technological changes and mounting data protection legislation, companies that do not address the need for data privacy will inevitably take a hit, especially in terms of user confidence, credibility and reputation.

This article covers three privacy-centric solutions for marketers looking to comply with privacy regulations.

Data privacy compliance in marketing

Courts are increasingly holding companies accountable for flouting data privacy regulations. We can expect to see more of these cases in the coming year. 

The news of large retailers getting sued or fined for privacy breaches is having an impact on consumers. Their increased awareness of the data collected for tracking and marketing has raised the expectations around privacy protection. We must adopt privacy-centric marketing solutions to cater to changing consumer demands.

While third-party cookies reigned supreme in the early and mid-2000s, they are blocked in Safari and Firefox today. Edge limits some third-party cookies, and Google is working to phase them out in Chrome by 2024. 

Luckily, marketers have a variety of privacy-centric solutions to help them stay ahead of changing regulations and consumer sentiment.

Dig deeper: Why we care about compliance in marketing

Privacy-centric solutions for marketers 

There is no one-size-fits-all solution to privacy matters. Organizations must weigh their options to identify appropriate solutions catering to their specific needs. As marketers, we can — and should — use multiple solutions to become more privacy-centric. 

With the sheer number of solutions, knowing what is right for your business and how to prioritize can be hard. Server-side tagging and conversion APIs, consent management platforms and Google’s Consent Mode are good places to start.

1. Consent management platforms 

While other privacy-centric solutions are nice-to-haves, consent management platforms (CMPs) are virtually mandatory. CMPs are crucial in blocking cookie usage unless users consent to storing and tracking their data. 

CMPs help you gain insight into the personal data lifecycle to track and respond to consent preferences. A correctly installed CMP can minimize the impact on marketing teams and build more content-driven and profitable relationships with today’s privacy-focused customers. 

As legal requirements differ by jurisdiction and user experiences vary between device categories and browsers, CMPs must be customizable. Website visitors should easily understand the cookie banner when asking for consent to track cookies. 

Moreover, the cookie banner should match the look and feel of the brand’s website and be easy to use. If your company needs a CMP, keep a few questions in mind: Which CMP balances out user expectations, data collection needs, legal requirements and is easy to use?

Dig deeper: Going beyond cookie consent: 3 strategies to achieve data compliance

2. Server-side tagging and conversion APIs 

Server-side tagging and conversion APIs are among the most mature and best-tested solutions to increase privacy resilience for marketers. Rather than sending network requests to and getting responses (including cookies) from third-party vendors, you only need to add a proprietary, cloud-based solution in between that grants you:

• Full access and control over the data collected.
• The ability to transform it before passing it on to vendor platforms. 

For example, server-side tagging in Google Tag Manager (GTM) allows for data collection in a server container in Google Cloud. With Conversions API, we can share key events — both on and offline — with Meta. Setting up server-side tagging in GTM can help you easily deploy Facebook’s Conversions API on top. 

Server-side tagging and conversion APIs address multiple challenges simultaneously: 

• No third-party cookies are used that can be restricted by browsers or browser extensions. 
• Data can be transformed, including anonymized and masked, before being passed on to vendors (data endpoints).
• The client load is reduced by removing code such as JavaScript libraries from having to load in the browser. 

3. Consent mode

Consent mode is among the additional privacy solutions Google offers to bridge the gap between legislation, user experience and tracking. It is a GTM feature that integrates with many CMPs — including OneTrust and Didomi — to orchestrate GTM tags based on users’ opt-in or opt-out preferences. 

If a user opts out of cookies, consent mode sends cookieless pings to Google servers to model traffic of opted-out users in Google platforms, including Analytics and Ads. These cookieless pings are considered compliant with existing privacy legislation by Google. 

They do not contain personal information, but it’s always important to consult your corporate counsel to ensure compliance.

Dig deeper: Why data compliance is more than consent management

Moving forward with privacy-centric solutions

Everyone providing online services ought to know their clientele and corresponding expectations well, including their existing user base and total addressable audience. Work with your legal and UX/UI teams to identify appropriate solutions for the changing ecosystem. Those solutions need to be frictionless, user-friendly and legally and technologically compliant.

Depending on your investment in media, work with vendors and media partners to identify solutions that mitigate the impact of tracking limitations. Most importantly, ensure that your consent/cookie management is compliant in all jurisdictions you operate in.

The world of privacy-centric solutions is vast. Investing in multiple platforms that work in tandem with one another can help ensure compliance with regulations and consumer mindsets while measuring the success of your marketing campaigns and generating ROI. 

The post 3 privacy-centric solutions for marketing compliance appeared first on MarTech.

Going in the wrong direction. Some 45% of marketers are spending at least half their budgets on campaigns and other activations based on third-party cookies, according to the study. The report surveyed 2,667 full-time marketing and customer experience leaders in the U.S., Europe, Australia, New Zealand, Japan and India.

Surprisingly, 64% plan to increase their spending on cookie-based activations this year.

Dig deeper: 3 ways marketers can prepare for a cookieless future

Writing on the wall. The real head-scratcher is how many marketers are aware of the opportunities lost when overlooking cookieless environments. Eight-three percent say at least 30% of their market is in environments where third-party cookies don’t work, the study found.

Nearly half of companies say over 50% of their potential market is found in cookieless environments like social media platforms and on Apple devices.

As a consequence, over three-quarters expect the end of third-party cookies will hurt their businesses, Adobe found. Thirty-seven percent expect a moderately negative impact, 23% expect significant harm. And 16% of marketers said the end of cookies will be “devastating” to their businesses.

Why we care. To be fair, marketers aren’t going all-in on cookieless strategies because tech giants like Google are waffling on their phase-out.

Brands should take a nuanced approach in order to meet their customers where they are and whether those environments use third-party cookies. But they should also keep in mind the spirit of the cookie phaseout, which is built around consumer privacy and trust. Deep relationships with customers are forged through intentional data sharing, where each side knows what the other knows.

The post 75% of marketers still rely heavily on third-party cookies appeared first on MarTech.

As part of their Building for Privacy Series, the organization also released a primer for clean rooms that outlines the industry with definitions and concepts, and includes a roadmap of future clean room proposals and initiatives.

Why we care. Over the last two years, data clean rooms have emerged in digital advertising as a way for publishers, advertisers and their tech partners to share data for matching ads with individuals in a privacy-compliant manner The establishment of clean room partnerships by independent adtech companies, as well as the roll out of clean-rooms-as-a-service by AWS, has created a diverse field of offerings difficult to navigate without clear definitions and standards.

Dig deeper: Why we care about data clean rooms

Guidance and efficient interoperability. “There is already a multitude of clean room vendors available, each with their own unique data-sharing mechanisms that their clients must work with,” said Shailley Singh, Executive Vice President, Product & Chief Operating Officer, IAB Tech Lab, in a release. “IAB Tech Lab is collaborating with the industry to create technical standards guidance and more efficient interoperability, which will make it easier for advertisers to leverage emerging and exciting DCR technology.”

“As this segment of the ecosystem matures, vendors can adopt IAB Tech Lab’s growing library of clean room standards to enable interoperable data collaboration use cases,” said Bosko Milekic, Chief Product Officer and co-founder for clean room technology company Optable, in a statement. “The goal is to enable secure, purpose-limited and privacy-protected data collaboration no matter who uses which technology provider and to do so while minimizing data movement.”

DCR Guidance and Recommended Practices. This document outlines baseline expectations for DCRs. It establishes the standards for privacy and security of data used in the clean room technology, so that data owners can be certain that data is safe and secure.

The new specifications offer guidance across various DCR use cases in digital advertising.

Open Private Join and Activation (OPJA). OPJA specifications help define interoperable clean room interactions, and were developed within IAB Tech Lab’s Rearc Addressable Working Group. The goal is to provide a framework for different parties to enhance audience activation in advertising without transferring personally identifiable information (PII) from one partner to the other.

This library of purpose-build specifications aims at providing the rules of the road between different vendors. Establishing and defining these interactions and use cases will make it easier for data owners to collaborate, making data clean rooms truly interoperable as the DCR marketplace matures.

The post IAB Tech Lab launches first clean room standards appeared first on MarTech.

The 21st century changed much of that. Data got faster, cheaper and more voluminous. Search engines, social networks, tracking widgets and more have made it easy for even the most novice of two-bit marketing organizations to get the most direct form of customer insight — in the form of something akin to outright surveillance.

It’s not exactly a secret. One of the biggest developments to happen in the world of marketing is that the average consumer has become increasingly aware of the kind and volume of data that’s being collected, analyzed and used to market to them.

Martech bulls have clung to this realization as a justification for going further in their bids to move from buyer personas to buyer dossiers. They cite research purporting customers demand that marketers focus on personalization and seamless omnichannel experience. Marketers have entered an arms race of who can suck up and best use the most personal data.

But just as CX-focused consumers have noticed these trends, so too have the privacy-focused ones and their government representatives.

As never before, marketers need to be alert to consumer sensitivity about data and privacy issues — and need to recognize that trust is supremely important when consumers decide which brands they want to engage with.

Dig deeper: Build trust, gain sales

In this article:

• The EU’s GDPR.
• GDPR analogs.
• Common privacy law provisions.
• Other duties.
• Other laws.

The EU’s GDPR

The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. This is in no small part the culmination of European sentiment toward data handling practices in the U.S. and general antipathy towards Big Tech. The law was notable for governing behavior that did not actually take place in the EU.

One of the fundamental premises of GDPR is that if a company controls or processes data belonging to an EU subject, that company is violating GDPR and is liable for penalties. Regardless of where in the world that company is located and where in the world its data collection, controlling or processing took place.

And those penalties can be steep. GDPR drastically elevated the maximum fines for which companies would be liable under prior European privacy laws. A GDPR violator may face a fine as high as €20 million (~$21.7 million) or 4% of total annual revenue globally.

GDPR was the broadest, most severe and most sweeping data protection law worldwide — at the time.

GDPR analogs

Although it’s been less than five years since GDPR was enacted, the world has become increasingly privacy-conscious. More laws and regulations, each with their own regional (and nationalist) quirks, have sprung up, including in Canada, Brazil, Indonesia and elsewhere. In the wake of Brexit, the UK ditched EU governance but kept its own version of GDPR (UK GDPR).

One of the most recent and, arguably, the most significant of major privacy laws is China’s Personal Information Protection Law (PIPL). PIPL is China’s analog of GDPR for that country’s own citizens, but stricter in some areas. For instance, the handling of “sensitive information” (i.e.,  categories of personal information receiving enhanced protection, including but not limited to data involving health, race, politics, religion and more) requires the data subject’s express consent — a high bar not even necessarily required in the EU under GDPR.

But what makes PIPL stand out even more from GDPR is the potential severity of the penalties. Under PIPL, grave violations may put a perpetrator in debt to the Chinese government to the tune of the greater of ¥50 million (equal to about $7.37 million) or 5% of their total global annual revenue, plus any and all “unlawful income.”

Additionally, employees and directors of the violating company may face personal liability up to ¥1 million (~$147,000), be suspended from the same kind of employment in China and/or have their social credit scores in China negatively impacted.

Meanwhile, the United States has gotten into the privacy act (so to speak). There are a few niche laws and regulations affecting privacy at the federal level in the U.S. For instance, the Children’s Online Privacy Protection Act (COPPA) impacts how companies can collect data involving or potentially involving minors, while a variety of other laws may incidentally overlap with data privacy concerns. But a U.S. version of GDPR at the federal level has yet to come into being.

Stateside, there has been more action. It all started with the California Consumer Privacy Act (CCPA), which came into effect about a month after GDPR did. The law was openly a GDPR-lite adaptation, applying not just within California but worldwide to certain businesses handling the data of California residents.

Since then, other states — Virginia, Colorado, Connecticut and Utah — have promulgated their own versions, all going into effect this year. (Virginia’s Consumer Data Protection Act (CDPA) has already gone into effect this year, as of January 1.) 

Each state’s consumer privacy law is a bit different, not so much that you can’t glean the gist once you know the requirements of one of them, but more than enough if you’re a marketing, IT or compliance organization that has to stay abreast of these things.

California, too, has passed yet another privacy law, the California Privacy Rights Act (CPRA). Going into effect in July of this year, CPRA updates and amends CCPA. The amendments add and more clearly define new consumer data rights. They also establish a new state agency dedicated to handling the administrative enforcement powers of CCPA and CPRA.

And it’s all just the tip of the iceberg stateside. Other states are at various stages of developing their own respective privacy laws.

“State-level momentum for comprehensive privacy bills is at an all-time high,” reads a statement from the International Association of Privacy Professionals (IAPP). “Although many of the proposed bills will fail to become law, comparing the key provisions helps to understand how privacy is developing in the United States.”

Indeed, Virginia’s CDPA recognizes “sensitive information” and provides special protections for such information — but California’s CCPA in its original form does not. Now, California’s CPRA rectifies that, taking a cue from Virginia and providing enhanced rights for California residents related to sensitive categories of personal data.

Common privacy law provisions

Obviously, not all privacy laws and regulations are alike. Even laws and regulations that share similar provisions may differ in the bounds and mechanics of those provisions. 

That said, here is a general overview of some of the rights and duties that may be found in some of these laws.

Consumer/data subject rights. An individual variously may be able to demand:

• Confirmation: …that a data handler confirm or deny whether or not it possesses/handles/processes their data.
• Access: …to their data such as a data controller may hold.
• Portability: …that a data handler disclose the data subject’s information in a common file format.
• Correction/rectification: …that a data handler correct their personal information if outdated or otherwise wrong.
• Deletion: …that a data handler delete their personal data.
• Opt-out: …that a data handler refrain from or stop processing their personal information in some way, such as selling the data subject’s data, constructing a personal profile of a data subject based on their information or making decisions about that data subject through automation (i.e., without human input).

Additionally, some data privacy laws grant a data subject or consumer a right of private action (i.e., the right to sue a data handler or other entity for violations of the given law). Notably, some data privacy laws, like Virginia’s CDPA, do not grant this right.

Other duties

Under various privacy laws, data handlers owe duties not only to individual consumers or data subjects but also to the government itself. These may include duties to:

• Give consumers/users/data subjects notice about the data handler’s data practices and related information.
• Conduct a privacy and/or security risk assessment.
• Refrain from processing certain kinds of data in certain ways.
• Disclose breaches, data exposures and similar events.
• Develop and abide by policies for collecting and/or handling minors’ personal data in an even more protected manner than other personal data.

Other laws

While data privacy laws across the world are perhaps the most nascent and complex to impact marketing practices, there’s more to marketing compliance than data privacy and data stewardship. Much older laws continue to place limits on what is considered acceptable marketing.

While this list is in no way exhaustive, it is common for various jurisdictions to have laws proscribing the following:

False advertising

In general, advertising must be truthful. Marketers constantly look for ways to stretch this (under English common law, the UK and the  U.S. have long allowed for “mere puffery” — for instance, that a product is “the best”). But if you’re claiming that your product is, say, compatible with iOS devices, it better be compatible with iOS devices.

Misleading, deceptive or unfair claims

General consumer protection laws are a heightened version of false advertising laws, banning what are called “unfair” and “deceptive trade practices.” This can include misleading claims, even if “technically true.” These laws are far broader than even that, affecting business practices in general. For instance, paying for online reviews may be prohibited by such laws.

Industry-specific laws and regulations

Other laws and agencies, as well, generally prohibit misleading claims. For instance, in the  U.S., the FDA regulates advertising claims related to health and medicine, while the SEC regulates statements, disclosures and advertising about investments. 

Companies in highly regulated industries like healthcare and finance are restricted not only in what they can say but the context of what they say and how they can say it. 

Pharmaceutical advertising, even if as innocuous as a piece of conference swag with the brand name and logo of a drug featured on it, may need clearance from the FDA. An investment firm may face SEC action if it makes embellished claims or if it makes subject claims in violation of disclosure regulations.

Trademark infringement

Trademark laws are often less about banning anyone in the world from ever using a word or phrase or logo (or sound or color or even smell) and more about:

• Avoiding customer confusion.
• Preventing businesses from trading on the goodwill of another business. 

To that end, even advertising that is deceptively similar to an in-effect trademark, even if not quite the same, can be infringing. 

Sometimes (though not always), PPC and backend SEO practices that use a competitor’s trademark can be deemed an infringement. (For instance, bidding on your competitor’s company name).

Influencer marketing disclosures

If you’re working with a social media influencer, generally that influencer should clearly and conspicuously disclose that they were compensated for posting about your company, product or service. Failures to do so may create liability for both the company and the individual influencer, as per FTC regulations.

Disclaimer: This article is provided for informational, educational and/or entertainment purposes only. Neither this nor other articles here constitute legal advice or the creation, implication or confirmation of an attorney-client relationship. For actual legal advice, personally consult with an attorney authorized to practice in your jurisdiction.

The post Why we care about compliance in marketing appeared first on MarTech.