“GDPR and Personalization: What Messages Are You Sending?” – Frank Grillo and Mark Blessington
If you ask Google Trends to compare three search terms “GDPR”, “data privacy” and “marketing personalization” for 2016 and 2017, which one do you think had the highest interest level? Well, the answer varies depending on geography.
At a global level, data privacy held the greatest interest among the three terms through 2016. Then GDPR took over and became viral in 2017. In the USA, however, GDPR did not take over and become viral until mid-2017. In other words, the USA lagged the rest of the world in taking a strong interest in GDPR.
It is also interesting to note that:
- The term data privacy is more interesting in the USA than worldwide. For the rest of the world, the term GDPR is far more important than mere data privacy.
- Marketing personalization has low interest relative to GDPR or data privacy. The implication for marketers is that the pursuit of personalization at the expense of GDPR and data privacy is probably unwise.
Levels of Data Privacy
One way to think about data privacy is to arrange various philosophies or points of view on a continuum. At one end of the spectrum, customer data can be regarded as a company-owned asset that should be fully monetized or maximized for monetary value. This reflects the classic “maximize shareholder value” perspective and minimizes other stakeholder interests such as customers and society.
At the other end of the continuum all customer data is treated as highly sensitive. Medical records are a good analogy; patient data is, by law, highly confidential and can be accessed only by appropriate personnel and used only in ways that serve the patient’s interests and instructions. In broader commercial application, customer data is treated as customer property, not company property. The company thinks of itself as a guardian of the customer’s data and rigorously works to protect the customer’s privacy rights surrounding that data.
In the middle of the continuum, companies accommodate key components of customer data protection. For example, they clearly state on their website that they collect and use customer data for specific purposes. If a company uses legalese or otherwise obfuscates their data practices, then they are more to the left of the continuum. If they use clear language and examples of the types of data they gather and what they do and do not do with that data, then they move to the right side of the continuum.
Facebook’s position on the continuum before the Cambridge Analytica scandal would be on the far left side of the continuum. Customer data was monetized aggressively, there was low transparency about its data monetization practices, and they often used customer data without explicit permission. In short, Facebook customers largely had no idea what Facebook was doing with their data.
Facebook’s eventual response to the Cambridge Analytica scandal was to move into the far-right side of the continuum. Not only are they now more transparent about their uses of customer data, now they also make it easier for customers to choose how their data can be used by Facebook. It is clear, however, that Facebook does not yet embrace the far right of the continuum. For example, they do not yet give customers the right to permanently remove all traces of historical posts, contacts.
After Facebook announced it would move toward the right side of the continuum in late July of 2018, its share price dropped a whopping 20%. Shareholders clearly saw their interests as harmed by the new Facebook data policy. This divergence illustrates a classic dilemma: shareholder interests are not always well aligned with customer interests. Regardless of whether the motivation was to stave off regulation or lead the industry toward the moral high ground, the result was clear: Facebook placed more emphasis on customer data privacy interests at the expense of Facebook shareholders.
More generally, we can see that the whole arena of data privacy thrusts marketers into the highly visible and exceedingly difficult position of advocating for customers over shareholders. While the test of time favors companies that place customers first, shareholder power is very strong, especially in the USA. This is perhaps the most significant reason why the USA was late to embrace data privacy and the GDPR, and why domestic companies are struggling with aligning their data practices with customer interests.
Levels of Personalization
It also helpful to think of a continuum of marketing personalization. At the left, there is very little personalization. For example, once you know a customer’s home, work or email address, the goal is to maximize message frequency. The theory is that higher message frequencies create higher customer awareness and ultimately higher sales.
The next step in the continuum is to align your offers with past customer behavior. Companies do this by identifying customers who visit the site, tracking visits and purchases, and using that information to make related offers. At the far end of the spectrum, companies anticipate customer needs during each phase of the buyer’s journey. They use advanced analytics to predict what job the customer is trying to complete in a given moment of their journey, and what context or persona best captures the buyer’s situation. The company then offers something that is highly tailored and relevant to the customer in that moment.
Privacy / Personalization Matrix: What Are You Saying?
The two continuums can be combined and used to gauge what messages your key marketing programs send to customers. Starting in the bottom-left corner, if you spam your customers and pay absolutely no attention to their data privacy concerns, this tells them all you want is their money. You’re also saying that you really don’t think their concerns about data privacy are legitimate.
If a company improves their capability to personalize their marketing efforts but does nothing to address customer data privacy concerns, then they are sending a mixed message. You are telling customers you will listen to them, but only if you like what they have to say. Otherwise, they are wasting their breath.
To adopt marketing personalization without addressing privacy concerns is tantamount to limiting the return on your personalization expenditures.
A company can use personalization to drive better results, but a regressive view on data privacy severely limits the extent to which customers think the company has integrity in its interactions with them.
Many USA companies are just now positioning themselves in the center of the matrix. They use customer data to personalize offers, and they accept that data privacy is a legitimate customer concern.
It is important to note that merely informing customers that you use cookies to track them is a trivial step toward meeting data privacy needs. The message to customers is: “The only thing we are willing to change at this time is to add a bit of transparency. We are now willing to tell you that we gather data on you and use it in ways that we think best.”
A company cannot really move into the center of the matrix without acknowledging legitimate customer data privacy rights. If a company promises to not sell customer data, then they give the customer a level of power, and therefore meet a significant data privacy need.
When a company allows customers to grant permissions for various data uses, and has more advanced personalization, they move into the upper levels of the matrix. Now a greater level of empowerment is given to the customer, and this can favorably impact a customer’s future loyalty.
Implications
Rather than obsess on the technical implications of GDPR, marketers must lead companies to think about data privacy from the customer’s perspective. They need to emphasize the importance of asking the right question: “What messages do our data privacy policies and practices send to customers?”
Short-term profits and shareholder interests make it advantageous to emphasize marketing personalization and postpone advances in data privacy. But in today’s environment where customers are well informed, this can be a dangerous strategy.
Despite potential push-back, CMOs must advance the right questions for consideration in the C-Suite. The CMO must clearly describe the down-side, long-term risks of appearing to be “data privacy illiterate” to customers, and how advances in marketing personalization without simultaneous progress in data privacy limits returns and long-term customer value.
Frank Grillo is the CMO of Harte Hanks. He is a passionate advocate for bringing the human back into marketing by better understanding and facilitating customer journeys.
Mark Blessington is a Partner at Consentric Marketing. He has three decades of experience in marketing and sales consulting to many of the world’s largest corporations, and is the author of over 40 articles and four books.