In a world where consumers expect higher quality buying experiences, how can brands balance personalisation and privacy? While consumers look for seamless omnichannel experiences, they also desire control of their data. New privacy regulations rolling out in 2023 will protect consumers’ control of their data, and it’s important that brands internalise and get comfortable with these new standards.
In Europe we’ve had the General Data Protection Regulation (GDPR) in force since 25th May 2018, and the 1st January 2023 saw the California Privacy Rights Act and Virginia Consumer Data Privacy Act go into effect, with three new laws in Colorado, Connecticut, and Utah will also go into effect later this year. One significant change will be that for the first time in the U.S., people in regulated states will need to opt in to share their sensitive data rather than opting out—creating a major shift in consumer privacy that changes the way marketers collect certain consumer insights moving forward.
What is sensitive data?
Sensitive data is defined by each state that regulates it, with some variation. Regulations under the laws taking effect this year are still being refined. Nevertheless, the principle is largely consistent: data that evidence characteristics or other information that might be used to discriminate against or otherwise harm an individual, such as race, religion, sexual orientation, health condition, precise geolocation, account log-in credentials and passwords, and even certain financial account information, is sensitive. Some states hold that “inferences” of sensitive information are sensitive data under the law as well.
Next steps for marketers
While the privacy landscape can feel ever-changing and complex, a culture of accountability is essential to success in the now highly regulated world of data. Meeting this year’s privacy standards takes significant forethought and planning; if your team hasn’t started, you’re behind. Here are three ways to ensure your marketing team is aligned with your privacy team and ready for this new customer data landscape:
Form a strong relationship with your privacy team.
If you’re not used to staying close with your privacy team, get a meeting on their calendar now. They can help you understand how the new laws apply to your company specifically, depending on your industry, company size, target audience, geographic reach, and your products and services.
They can also help you understand the data your company already has and how you can use and talk about it for campaign targeting, audience building, and more. All marketers want to provide an impactful customer experience. Now, data privacy is another key element of providing consumers with omnichannel marketing that provides the buyer’s experience they want while solidifying brand trust and loyalty.
Build consumer trust through transparency and ethical use of data.
Consumers have a right to know what data you are collecting from and about them, for what purpose, how you will use it, and how you will share it with others. With a few exceptions, they have a right to opt out of that use easily and without deceptive influence or repercussion.
Consumers in states with privacy laws have the right not only to opt out, (and to opt in to the use of sensitive data under the Virginia, Colorado, and Connecticut laws) but also to know what data you have about them specifically, and with a few exceptions, to require that the business correct it or delete it, and to exercise those rights freely and simply. Children (with age limits set by each state law), are entitled to additional protections.
Your readiness and full compliance with privacy regulations, like your responsible and ethical use of their data, gives your customers the confidence to provide their data and business to you.
Audit your data and processes.
Knowing what data you have, whether any of it is sensitive, what notice the consumer was given as to the purpose of its collection and how your company may use it, and if you’re managing this data in compliance with applicable privacy laws is as essential to the growth of your business as measuring marketing outcomes. The first step to better understanding the type of data you have is to work with your privacy team to perform a data audit. The good news is, if you’re already compliant with CCPA or GDPR, you’re well on your way conceptually and practically in your privacy journey.
Despite this year’s changes, there will be one constant—businesses will benefit from ensuring that consumers understand the value they’re getting in exchange for their data, how and why their data is being collected and used, and how they benefit from that collection and use. In complying with the new state laws, businesses can educate consumers on the value of their product or service, build their brand credibility, and establish strong customer relationships that are founded on trust and reinforced with each interaction and touch point.
Learn more about how LiveRamp stays focused on enabling safe and effective use of data.