By Jim Kaskade, CEO Janrain
They may not admit it, but advertisers and marketers here in the United States thank their lucky stars they don’t have to adhere to Privacy-by-Design standards, a series of principles that call for, among many other things, a strict limitation on the collection of customers’ personal data. They are privately thankful that U.S. law does not force them to collect only what is necessary for a specific purpose, earn clear and explicit consent to use that data, and provide the right and means to easily revoke that permission at any time — all of which are now mandated in the EU by GDPR.
As much as many marketers tried to put on a happy face on their plight in a GDPR-regulated European Union, most privately bemoan these new directives for one obvious reason: it makes their job harder. They have to get creative in order to earn and maintain permission to use valuable personally identifiable information (PII), the definition of which GDPR also expanded to include location, as well device IDs, IP addresses and biometrics.
In reality, no marketer can conceivably hold onto the majority of the thousands (and sometimes hundreds of thousands) of individuals that dot a typical target e-blast database culled from third-party lists and other sources unbeknownst to users not based in the EU if they follow Privacy by Design to the letter. In fact, switching to these guidelines ultimately results in a substantial paring down of companies’ primary target lists.
So why make your advertising and marketing departments’ life harder here in the United States, where Privacy by Design is not yet law? To protect your customers. The NY Times recent exposé of how brands, advertisers and location-specific marketing firms used location data to easily de-anonymize users reminds us that location (and all PII, for that matter) must be treated delicately. In our freewheeling marketing culture on this side of the Atlantic, it’s a given that aggregating location opens all sorts of possibilities. However, the Times piece is just one of several developments in the past year that has made the public increasingly aware — and wary — of how their data is being manipulated behind the scenes without their knowledge.
It’s not just that location alone can be used to decode every detail of your life when collected continuously and picked apart by a sophisticated analytics program. It’s that consumers have no control over who collects it and how. This leads to some potentially embarrassing moments for advertisers. According to an Accenture Interactive study, more than 40 percent of people find it “creepy” when they receive a text or mobile notification from a brand or retailer as they walk by a physical store. If you think purchasing and browsing history could lead a brand to cross a line, imagine if a person received a discount on maternity clothes after they accompanied a pregnant friend to the OB/GYN’s office?
In many cases, location-based ads aren’t a problem in and of themselves. Shoppers wouldn’t mind receiving automated messages from, say, Target or Walmart when walking by one of their storefronts if they already gave those companies consent to engage them. A study conducted by AdLucent revealed that 44 percent were willing to provide select personal information to receive a custom-tailored experience, while another survey found that a majority of people (55 percent) would let companies they trust use some of their personal data for specific purposes that benefit them in clear ways.
Yet, U.S. brands are still potentially jeopardizing customer relationships by not investing the time and effort into engaging on their consumers’ terms. In the wake of revelations of how location and other PII are being collected and bartered behind the customer’s back and used in potentially invasive ways, advertisers and marketers need to see (and act on) the handwriting on the wall and eschew the temptation to brazenly exploit this data, even if they currently have free rein on it from a legal standpoint. Better to do so now before customers (and ultimately regulators) demand they do.
Will features like Instagram sharing location data to Facebook for more relevant ads survive the growing privacy-aware community? Probably not. Facebook and any affiliates will be under much higher scrutiny after the Cambridge Analytica scandal and more recently after Facebook was manipulated by Russians, who used the same targeting tools that advertisers love to spread false information and polarize U.S. voters between 2013 and 2018. Advertisers must not delay in learning how to use these social-network location tools more carefully.
After all, location and other forms of PII are like plutonium: they are immensely powerful, but mishandle them even slightly and they can blow up in your face and cause severe long-term damage to others. They need to be handled with utmost care and protection.
About the Author
Jim Kaskade is a seasoned entrepreneur with more than 31 years of experience in complex enterprise technology. He has spent the last 10 years as a startup CEO leading companies from their founding to acquisition, most recently the successful exit of customer identity and access management (CIAM) company Janrain.