[Editor's Note: The management, care and use of PII (Personally identifiable information) is bubbling to the top of legislative agendas across the world due to the evolving data privacy regulation standards known as GDPR, or General Data Protection Regulation. GDPR has set a bar for compliance in Europe and influenced business concerns in the US. Australia is also active in forging legislation to protect all data that could be used to identify a specific individual. In this discussion for loyalty marketing, there are both threats and opportunities regarding privacy regulations. Our Managing Editor, Bill Hanifin, published this article in Forbes with his thoughts on how data privacy regulations will impact Loyalty Marketing and how the industry can take a leadership position to set future standards. Let us know your thoughts on this topic.]
The acronyms for the latest data privacy regulations have become part of the marketer’s lexicon. “How will GDPR affect our business?” and “Can we still operate our loyalty program in California post-CCPA?” are typical of the conversations heard in the halls (or now more likely on the Zoom calls) of every customer-facing business.
Consumer-facing brands in the U.S. are contending with a growing array of consumer privacy laws. There has been no creation of a federal standard for data privacy; instead, the states are walking a path to create statutes that treat consumer privacy through their respective lenses, and California passed the most comprehensive law to date with the California Consumer Privacy Act (CCPA). Other states will follow in the creation of their own statutes, but for now, all eyes are on California as a proxy for the rest of the U.S.
It was just over two years ago, in May 2018, when the General Data Protection Regulation (GDPR) became effective in the U.S. We haven’t heard as much about GDPR over the past year as CCPA drew the spotlight away from the European standard. If you have been watching this space closely, you may have noticed that just last month, the European Court of Justice (ECJ) issued a ruling that invalidated something known as the Privacy Shield, an international standard in place between the U.S. and EU governing the transfer of personal data between the regions.
The data privacy regulations coming from Europe are designed to manage the transfer of EU citizen data out of the EU to the U.S. For once, marketers are not all to blame for drawing the ire of consumer privacy advocates: The ruling in what is known as “Schrems II” cited the principal concern to be the handling of consumer data by the U.S. National Security Agency.
How did we get to this point, and how can you prepare your business for what is to come next?
We have worked with many companies that have data that is incomplete and lacks marketing utility. It’s fascinating that business practices for managing consumer data show big gaps between the current status of data management to full potential while concerns over the protection and management of the data are skyrocketing. Maybe it makes sense because since the 1980s, brands have demonstrated a high proficiency at collecting data but haven't done a great job at managing that data to serve customers better. The Delphi Report, an annual report published by the Wise Marketer, posed the question of why loyalty programs fail in its 2019 edition. The No. 1 reason on the list was poor use of data.
This should not come as a total surprise. As a frequent flyer program member for decades, I’m still receiving offers for golf vacations. Golf is a great game, but I don't play it. Why does this practice continue? Because the airline has never taken time to query me and better understand my preferences for hobbies and lifestyle.
Loyalty programs are opt-in and permission based. Proper disclosures should make it clear to members what data is being collected and how it will be managed. However, several years ago my company aggregated over 10,000 emails sent by brands to members of their loyalty programs and discovered that less than 1% were asking any questions of their members. No wonder they know so little about us!
There is an increasing tension that makes it challenging to create a stellar customer experience while being in full compliance with privacy laws. Human beings resist uncertainty. We want transparency. And what we have today is an online experience that effectively alerts us to the fact that we are being tracked but doesn't inform us fully about how we are being protected or give us full information about our rights.
And while we experience confusion as consumers, we know that big business is racing forward to collect even more data about us. For those people who use location services, Google now sends a timeline of our movements each month. Facebook and Google are under scrutiny by governmental bodies around the world. The result is legislation created to protect the consumer when it seems business is unable or unwilling to do the same.
To my surprise, a close examination shows the key tenets of CCPA are not unreasonable. The statute provides that consumers have a right to notice, access, opt out, deletion, and equal services and pay. Probably most consumers would desire these basic rights, so where is the threat to loyalty marketers?
The threat is capsulized in the statement that says a retailer is not allowed to offer a financial incentive unless it can show how its financial incentives do not discriminate. That is as ambiguous as it is dangerous for future customer marketing efforts. Without the initiative of private business, regulators will make their own interpretation of the fairness of the value exchange between business and consumer.
Marketers should be thinking of creating an industry group to address data privacy and security. We are the ones who tout how valuable data is and that brands can reap great rewards in the form of incremental profitability if they leverage customer data correctly. Why, then, doesn’t the collective data-driven marketing industry proactively take steps to create standards that provide comfort to consumers through transparency?
The momentum of the regulatory interests has been firmly established and will continue to gain pace. Would you rather be waiting for that to happen, hoping the impact is not disastrous, or be proactive in creating industry standards for the management of loyalty program data?
This article was originally published in Forbes.