Intro to Data Privacy: What Marketers Need to Know

You’ve probably heard about the Cambridge Analytica + Facebook drama.

If you haven’t, here’s a summary.

In 2013, a data scientist made an app called “This Is Your Digital Life.” It claimed to be a personality quiz.

We all like personality quizzes. Sounds pretty harmless.

But it wasn’t just a personality quiz. It collected psychological data on Facebook users (and their non-consenting friends list. This data was shared with Cambridge Analytica, a British political consulting firm.

By 2016, a US election year, they harvested enough data to work with both Ted Cruz and Donald Trump. Cambridge Analytica did the research, data, analytics, targeting … everything. 

And they used innocent Facebook user data to do it.

Fast forward to 2018 and a whistleblower comes forward, Facebook admits to mishandling the data, and we find out that Cambridge Analytica breached 87 million users’ data. 

Cambridge Analytica breached Facebook data to influence people for political campaigns. It might have influenced an election and it definitely influenced the way people think about online privacy. 

A great example of unethical data use.

Fast forward a little more to 2021, and we’re having post-Facebookpocalypse conversations about how to actually protect data privacy. 

‍

Data Privacy: The Right to Your Own Stuff

Data privacy and data security aren’t the same. So let’s make sure we know what we’re dealing with before we jump in.

Data privacy focuses on the rights of the individuals and the lawful collection and use of data.

‍Data security focuses on the protection of the data itself. 

Data privacy was breached by Cambridge Analytica and Facebook. Data privacy is what users worry about when they use platforms like Facebook, Instagram, and Twitter.

What Companies Track

When an ethical company collects your data, you can expect it to be tracked a few different ways: 

• Asking for email sign-ups

• Social media history
• Website history
• Apps & third-party trackers
• Cookies
  

But just what they collect is harder to find out and a lot more varied.

The general consensus is that they collect these things:

• Personal Information (like your name, phone number, email address, and payment information)
• Unique Identifiers (IP address, carrier name, device type, OS, or browser)
• Location Information (usually given through your GPS or device sensor)
• Activity or Behavioral Data (search terms, watched videos, purchase history, reviews)

They don’t (or shouldn’t) collect things like your social security number or driver’s license number.

If this is about the users, why should marketers care?

Because decency. 

But more specifically, because how you handle your customer data reflects on your company and determines the fate of your brand. It also determines whether people will actually trust you.

You should care.

There’s this little thing called General Data Protection Regulation (GDPR). You know those cookie opt-out pop-ups you get when you visit websites? You can thank the GDPR for that one.

Its purpose is to regulate the lawful, fair, legitimate, transparent, adequate, accurate, and appropriate use of personal data… basically, using data right.

No one wants sites collecting and leveraging the very data that makes us who we are for things like messing with our psyche. It’s a basic right to have that option to opt-out of unnecessary cookies.

Welcome to the GDPR

The GDPR is an EU regulation that aims to do three things within the scope of automated personal data:

1. Protect people and free movement of data rules in processing. 
2. Protect the fundamental rights and freedoms people have when it comes to personal data.
3. Allow  “free movement of personal data” within the Union.
   

They don’t want any people or rules harmed in the making of your business. That’s fair.

Any processors in the EU, regardless of whether or not they’re actually stationed in the EU, are under this regulation. That’s why, even in the US, you’ll see those pop-ups.

You also need “appropriate technical and organisational measures” in place to make sure there is some level of security.

In the US, there are specific rights regulations like COPPA, FTC, and HIPPA, but nothing quite as broad as GDPR.

‍

Consequences of Noncompliance

The GDPR is not optional. (Yes, even in the US.)  You will face consequences if you don’t comply.

If you have any assets in the EU, they will be seized. OR you will be fined as high as 4% of your annual global revenue.
Also, think about the possibility of liability if your non-compliance causes problems for other people. Those people have the right to compensation for any damage. You’re only exempt if you can prove that you’re in no way responsible for the damage.

This is overwhelming. How can I be compliant?

Most ethical companies collect data. But you can see that the difference is in consent and how it’s used.

As a marketer, you need to stay up to date on any regulations and user rights. 

According to Osana, those rights are:

1. The right to be informed
2. The right to access their data
3. The right of rectification
4. The right of erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
   

To operate ethically, make sure you’re keeping user rights at the forefront.

Some rules of thumb that someone forgot to use:

• Encrypt user data
• Ask for clear consent (and allow them to revoke consent)
• Use API (Application Programming Interface) 
• Be transparent
• Know the Federal (FTC, COPPA, HIPPA, Gramm Leach Biley Act, Fair Credit Reporting Act) and State laws

You can also limit your website to only US users as you build GDPR compliance or use compliance software.

What It Comes Down To

Obviously, there are a lot of moving parts when it comes to ethical (and lawful) data harvesting.

Every company makes a choice about how they’re going to view users: as data points or as people. One of those comes with bad consequences and the other comes with moving your company forward in a way that connects.

If you choose to be a force for good, you’re already choosing to practice ethically. 

You might be looking for a marketing team that will put you on the right track.

So when you’re looking for a team (or operating by yourself!), be sure to find one that understands these rules. One that has your and your customers’ best interest at the top of the list.