Information is power, and personal data is money in the 21st century. There is an influx of new customers that are more than willing to give their personal data away at no cost to get rid of privacy banners and popups. This represents a marketing industry worth around $300 billion on personalized advertising from personal data collection (Anant, Donchak, Kaplan, & Soller, 2020). Demand for PII (personally identifiable information) marketing was real. It did not take long before many corporations were practicing unethical yet legal standards. No regulations were in place that covered data privacy as a whole until 2018 May when the European Union introduced GDPR. A federal data privacy law in the US is expected to arrive sometime in 2021-2022.
Privacy is no new subject to humankind. It was the 1970s when computers and ethernet became relevant to corporate America and individuals. The first Privacy Act and student privacy act, FERPA, were both signed into law in 1974 (Solove, 2006). Four years later, a financial privacy act, RFPA, was passed in 1978 (Solove, 2006). Moving forward twenty years where computers became common in homes, and corporate environments, the health privacy act, HIPAA regulation was enacted in 1996. Eleven years later, as the iPhone, a mobile computer that fits in a person’s hand, was introduced, a payment card industry compliance, PCI-DSS, brought new standards for merchants to follow (Wex, 2014). But it was not until 2018 when a data privacy law was introduced that encompassed all data, not a specific area of data.
It should not come out as a surprise, then, that industries that held data privacy regulations ahead of time were able to achieve greater privacy standards and are reflected upon consumer trust level indicated in the charts above. HIPAA regulation for the health-related industry, RFPA/GLBA/FCRA/FACTA laws for financial services, and PCI-DSS compliance for retails all had significantly higher trust levels from consumers than sectors that did not regulate data privacy.
Data Privacy Relevancy in Marketing Communication
Many companies such as Facebook enjoyed exponential growth before a general awareness of data privacy came along, buying and selling personal data to maximize profit (Madrigal, 2012). It only has been two years when data privacy became a hot topic and less than four months that it meant anything in the US due to the California Consumer Privacy Act. When Cambridge Analytica blew up back in 2018, it took one year for Facebook to acknowledge “improper data-gathering practices” concerns, which speaks volumes on legality versus ethical consumerism (Wong, 2019).
Last two years, data privacy rose to the stage, and companies have responded to consumer concerns on how and what data companies collect (Price, 2020). Companies are aware that consumer trust directly relates to brand image, and practicing good data stewardship is the company’s statement of fidelity to their customers ( Afzal, Ali, Khan, Rehman, & Wajahat, 2009). Also, the fines slapped on Facebook for $5 billion from FTC and possibly $2.2 billion from EU GDPR would be a good encouragement for other companies that may violate handling customer’s data inappropriately (Huddleston, 2019).
There are a few common messages that resonate in every data privacy regulations, which are the following:
- Only collect and retain customer’s data that are an absolute necessity.
- Map the data collected from customers.
- State customer’s rights in the privacy policy in clear and simple terms.
The rest of the laws are similar in variations of strength, requirements, and qualifications. Marketing communications have evolved. Companies now have requirements depending on the location of consumers and its business to display privacy and cookie banners, along with non-passive double opt-ins, showing user rights and what the company does with the consumer’s data collected within the privacy policy, and may build features for consumers to manage own user data (TermsFeed, 2020). Applying data privacy standards into practice will build trust with consumers, which will ultimately increase the company’s brand reputation and the likelihood of continued business. It is only a matter of time when a federal data privacy law is introduced to cover all companies (Swanson, 2020). Lastly, the upside of adopting common data privacy standards, whether the company is required to or not, counts as due diligence, which will reduce liability significantly in terms of fines, and such marketing communication through interactions with the consumers by the website or in person will liken to formulate fiduciary relationship and increase the company’s brand value(ADCG, 2020).
References:
ADCG. (2020, February 11). The data fiduciary and escalating privacy standards. ADCG. Retrieved from https://adcg.org/the-data-fiduciary-and-escalating-privacy-standards/
Afzal, H., Ali, I., Khan, M., Rehman, K., Wajahat, S. (2009). Consumer’s trust in the brand: Can it be built through brand reputation, brand competence and brand predictability. International Business Research, 3 (1). DOI 10.5539/ibr.v3n1p43
Anant, V., Donchak, L., Kaplan, J., & Soller, H. (2020, April 27). The consumer-data opportunity and the privacy imperative. McKinsey & Company. Retrieved from https://www.mckinsey.com/business-functions/risk/our-insights/the-consumer-data-opportunity-and-the-privacy-imperative#
Huddleston, J. (2019, July 25). The FTC’s $5 billion fine for Facebook shows that the government can crack down on tech companies without crushing them. Business Insider. Retrieved from https://www.businessinsider.com/facebook-5-billion-fine-from-ftc-good-policy-opinion-2019-7
Madrigal, A. (2012, October 4). The surprising trajectory of Facebook’s growth to a billion users in 1 chart. The Atlantic. Retrieved from https://www.theatlantic.com/technology/archive/2012/10/the-surprising-trajectory-of-facebooks-growth-to-a-billion-users-in-1-chart/263259/
Price, R. (2020, August 17). Consumers believe that data privacy is a human right. Digital Content Next. Retrieved from https://digitalcontentnext.org/blog/2020/08/17/consumers-believe-that-data-privacy-is-a-human-right/
Solove, D. (2006). A brief history of information privacy law. Proskauer on Privacy, No. 215. Retrieved from https://ssrn.com/abstract=914271
Swanson, B. (2020, May 15). What to watch for in federal data privacy legislation. Nextgov. Retrieved from https://www.nextgov.com/ideas/2020/05/what-watch-federal-data-privacy-legislation/165428/
TermsFeed. (2020, January 29). Are your marketing communications GDPR-compliant? Termsfeed. Retrieved from https://www.termsfeed.com/blog/gdpr-compliant-email-marketing/
Wex Inc. (2014, January 23). The history of PCI compliance. Retrieved from https://www.wexinc.com/insights/blog/corporate-payments-edge/history-pci-compliance/
Wong, J. (2019, March 21). Facebook acknowledges concerns over Cambridge Analytica emerged earlier than reported. The Guardian. Retrieved from https://www.theguardian.com/uk-news/2019/mar/21/facebook-knew-of-cambridge-analytica-data-misuse-earlier-than-reported-court-filing
One Response to Data Privacy: Disruption or Opportunity in Marketing Communication