Privacy has become an increasingly hot potato for today’s businesses. Chastened by a series of high-profile data breaches, customers are rightly asking organisations why they want their personal data, what they are going to do with it and whether or not they can keep it secure. For their part, brands have never been so reliant on customer data. This friction has left businesses working hard to demonstrate that there is a fair value exchange taking place.
Kevin Cochrane, CMO of Jahia, explains: “The trade-off is that marketers can use their data to provide a more personalised, tailored and, therefore, relevant offering. It’s a quid pro quo agreement. Consumers now expect to get contextually-relevant promotions and content on their preferred device when they want it. Basic personalisation - such as name, remembering who they are during return visits and where they are logging in from - is the new standard of experience. Marketers need to be able to use what they know, backed by data and analytics, to design and deliver a personalised digital customer experience that is applicable, timely and compelling.”
But there are signs that consumers are growing increasingly reluctant to share their data.
Recent research, conducted by DataIQ in association with DST, reveals a significant proportion of those questioned reported that they would like greater control over their data. Over a quarter (28%) said they should always be asked for permission to use their data, while a fifth (21%) said that data consent should only be valid for six months and a fifth (21%) said that their data should be deleted right away. Meanwhile, on the other side of the fence, a mere 15% of businesses currently track permission company-wide.
With the study revealing the extent to which marketers are beholden to customer data - with 78% of companies reporting it is vitally important to process data for their business – the growing reluctance to share consumer data represents a major problem.
Chris Smith, VP at Privitar, notes: “Currently most people will, albeit grudgingly, hand over personal data to companies in exchange for the, often free, services they provide, like news, mapping or products with a “freemium” model like Spotify. However, perception is shifting. Every week there is another high-profile security breach where customer data is compromised. From TalkTalk to Ashley Madison, these seemingly constant breaches are raising awareness of technology-related privacy. This is resulting in a diminishing level of consumer trust. If the trend continues, it won’t be long before many will simply not be willing to share their personal data – a damning scenario for marketers.”
So it is unsurprising that the issue of privacy and trust is particularly sensitive when it comes to one of the fastest growing marketing disciplines - location-based marketing. Given the entire discipline is based on tracking consumer behavior, it is easy to understand why customers can feel uncomfortable being ‘watched’. Nordstrom is just one company that has experienced a backlash from its customers when they learned that their smartphones were being used to track their in-store behavior, resulting in them canning the project entirely.
Yet evidence also demonstrates that many customers are willing to buy into the ‘value exchange’ of location-based marketing provided they are educated about it.
The 2013 Mobile Tracking: Are Consumers Ready? report by Punchtab, for instance, surveyed 1,153 consumers on how they feel about handing over location information in exchange for personalised messages. Half did not want to be tracked, with privacy the number one reason cited by respondents. However, a quarter (23%) said they didn’t care if they were tracked, while another quarter (27%) were open to it, provided they received special offers or improved service.
Fast forward two years, and a study of 1,000 UK-based consumers by Brainstorm and the Mobile Marketing Association last year, found that the number of customers open to location-based marketing had leapt up.
Three-quarters (74%) of respondents now reported they were happy to share their location data, provided they wouldn’t be bombarded with ads (37%), or received special offers (30%) or improved service (29%).
When probed about what their main concerns were with sharing their location details, 34% said security; 34% said privacy; while 21% were worried that information could be shared with third parties without explicit permission. And the major caveat to these findings is that despite most respondents being open to location-based marketing based on certain provisos, most of those questioned said they believed that companies were not taking sufficient steps to ensure that location-based services are used responsibly - and 72% said further regulation was required.
And with the imminent arrival of the EU’s GDPR, European consumers are about to get their wish. The GDPR is an important update to laws covering the capture, control, and consent to use of personal information, and while it is built on the principles already established by the 1998 Data Protection Directive, GDPR also introduces new rights for consumers and new obligations for businesses.
The GDPR defines three kinds of data:
- Personal data: any information which can be personally identifiable to any individual, such as their name, an identification number, MAC address, or location data.
- Anonymous data, such as aggregate visitor numbers (e.g. 100,000 visits in 2014) which have had all identifying details removed, or never had identifiable data to begin with.
- Pseudoanonymous data, such as big data sets which have had some information retained but some personal data removed.
Digital law specialist Heather Burns explains: “The point is that GDPR has defined location data as personal data – not anonymous, and not pseudoanonymous. In other words, all developers, marketers, advertisers, social networks, and so forth utilising location data will now have stricter requirements placed onto them for what they do with location data, how they retain it, who they share it with, and how long the location data is retained.
“Users will also have greater control over their location data. They should be given better options to disable it, better options to request its deletion, and better options to request a full report of that data, and how it has been used, from the organisation which has been collecting it. In addition, GDPR requires privacy by design and by default, not an option after setup.
“There are two years to get to grips with all the compliance obligations for GDPR – location data being just a tiny fraction of them – but the general point is that the “wild west” of location data needs to come to an end. Early things to think about will be: disabling location data as the default, and only enabling it by consent; providing a permanent option to disable and delete location data; and providing clearer options, not bundled within general terms and conditions, to not have location data shared with third parties and advertisers.”
Sensitive data
“Knowing the location of a consumer is highly sensitive information,” acknowledges Smith. “The damage if the data was leaked or hacked is indeterminable. It could have really serious financial and personal consequences for the user but also destroy their trust and loyalty.”
Cochrane adds: “One of the main issues is that consumers are often unaware that they are being tracked from a data standpoint via location-based marketing. Additionally, third-party apps may be accessing their information and, all too often, the company does not know what is happening with that data. If consumers are to remain at the heart of the business, then brands need to be transparent with consumers about what information they have about them, how they plan to use the data and also give the consumer the choice of opting out of any data collection. With the rise of location-based technologies, consumers have become aware of the data that is being collected about and from them, which is now reaching a tipping point between convenient and creepy. Marketers must respect consumers and treat them as human beings rather than as data points to be monetised.”
So how can organisations ensure that they are building trust with their customers, and alleviating privacy concerns?
Be clear about how the data will be used
In ‘The State of the Data Nation’ study by Informatica, being transparent about how personal information is used was nominated the top thing that enterprises can do to earn consumer trust, with half of respondents reporting it. In order for them to be transparent, organisations should explain why they want to collect user data, what they do with the data, whether they will sell or share the data and whether they will delete the data when they are asked to.
In the ‘Trust Economy’ report by GBG, 64% of respondents said they look for reassurances that their data will be used appropriately and responsibly, and 67% want to know specifically how it will be used before engaging further.
Demonstrate how their data will be kept secure
The State of the Data Nation’ study revealed having a clear privacy policy in place (43%) was the second most important things that enterprises can do to earn consumer trust. Therefore, organisations must be proactive about defining their security priorities, and then sharing these with customers.
Smith adds: “If users are to have any confidence that their private information will remain private, companies need to think very seriously about how they protect and anonymise user’s data. To make consumer data more secure, we need to seriously reduce the proceeds of stealing the data in the first place. What this means in practice is fully anonymising data.
“Adopting Privacy-by-Design principles ensure that privacy is respected by default throughout the data lifecycle promoting, amongst other things, the principle of disassociability: the ability to process personal information without explicit association to an individual. This enforces rigorous protection of individual privacy and provides an opportunity for companies to take the lead on best-practice privacy engineering. Informed consumers will see companies that do this as trusted players and reward them with their custom.”
Brands should be transparent about how the information is being stored, and also highlight their data breach policy in place to inform regulators and customers within 72 hours of a breach discovery
Opt-in
Customers can be spooked by the idea that their location is being continuously tracked as they move around, so it is vital that they are allowed to opt-in or opt-out, giving them the choice of whether their device is revealed when they arrive at a particular location. Therefore, location-based marketing must be opt-in as default for the customer, requiring their consent to use their device’s current location before location-based marketing messages can be triggered.
Explain the benefits of sharing data
Traditionally, businesses had the upper hand in the company-customer relationship - they had products or services to sell and, if you wanted these, you had to pay, whether that involved cash or sacrificing data. However, nowadays consumers are increasingly savvy and know that the balance of power has shifted. Therefore, they are more discerning about with whom – and when – they share their genuine identity information. This means that the onus is on organisations to explain why sharing data is in the best interests of the customer and how it can help them. For instance, the likes of Foursquare could explain that they are asking users to share their likes and interests so that they can better deliver location-based recommendations based on these preferences.
Smith notes: “Forsaking personal data for greater marketing relevance is a value-exchange that the public generally agree to. More relevant advertising is something most of us support and many people also want to be actively exposed to new products which are convenient and fulfil a need. With good targeting, advertising can become a valuable service rather than an unwelcome irritation.”
Give customers greater control over their data
“Reassuring customers in the long-term is dependent on taking proactive steps to be more transparent about data use,” says Greg Hanson, vice president business operations EMEA at Informatica. “Companies need to boost confidence by taking the time to listen to what their customers want and responding quickly and appropriately. For many customers, data transparency comes hand in hand with control. Social media companies in particular are seeing greater demand from consumers for control over the storage and archiving of their information, as well as when and how permanently it is deleted.”
In its report ‘Digital creepiness: How not to spook your customers’, Forrester Research recommends developing highly granular preference controls to give customers as much control over their data as possible. It notes that ‘preference panels’ are playing an increasingly important part of the mobile app and website experience, as customers demand a more customisable experience from brands. Forrester suggests this will only increase, as the option gives a more transparent and trusting element to a business, as customers can choose at a granular level how much personalisation they are comfortable with.
