Aug 3, 2017

Why Marketers Should Care About Privacy Rulings

Privacy is the number one concern from online consumers, with 86% of users taking active steps to improve their safety online, according to Brandon Gaille. And as more data privacy regulations and guidelines are put into action by governments, industries and privacy organizations around the world, it’s becoming increasingly important that marketers understand these rules and follow them - or face penalties and/or fines.

Balancing Personalization and Privacy

A study by Accenture showed that 80 percent of the 2,012 consumers surveyed from the U.S. and the U.K. between the ages of 20-40 believe privacy is a thing of the past. Even more — 87 percent — say that safeguards aren’t enough to protect personal information. However, about half of these individuals( 49 percent) say they wouldn’t object to companies tracking their buying behaviors if it resulted in more relevant offers, and 64 percent wouldn’t mind text messages while in a store to offer them coupons onsite. Overall, 61 percent believe getting relevant offers is more important than keeping their online activity private.

61% believe getting relevant offers is more important than keeping their online activity private.

We know that demographic information is beneficial to customers because it provides them with a more targeted, personalized experience. 90% of execs surveyed by Adage say they’re dependent on consumer data for their marketing efforts. Brands don’t want to waste their time or their prospects’ time sending them messages that won’t convert.

Information storing also benefits customers. When customers store their addresses or credit card information with their favorite online retailers, for example, they’re able to make their purchases more quickly.

Still, consumers are cautious about privacy, and marketers must be increasingly so. As Google’s Eric Schmidt said at the 2015 World Economic Forum in Davos, Switzerland predicted, in the coming years:

There will be so many IP addresses … so many devices, sensors, things that you are wearing, things that you are interacting with, that you won’t even sense [the internet]. It will be part of your presence all the time. So, as an industry concerned with developing new processes and technologies to manage data in support of marketing effectiveness, how can we tread this ever-so-thin line between value and privacy?

Transparency in Marketing

Even today, marketers can collect a wealth of data on on consumers online. To provide customers with a positive, personalized experience, we need their data. However, all marketers are also legally obligated to treat this private personal data respectfully and fairly. To do so, you must be transparent about how you’re using data to inform your marketing activities.Truly protecting customer data involves more than defending your network from hackers and posting a boilerplate privacy policy.


To transform your marketing touch points around privacy into a positive customer experience, you should perform the following actions:

  • Develop user-centric privacy controls to give customers control.
  • Avoid multiple intrusions.
  • Prevent human intrusion by using automation wherever possible.

To be more thorough with your marketing privacy policies, take the following steps:

  • Provide customers assurance that you value their privacy, and publicize the tools and methods you use to keep their data secure. Prominently display your BBB-certification and other security logos on your website, and create a separate page for your privacy policy. This will encourage customers and prospects to trust you.
  • Let customers know when their information is being disclosed, and be very clear about how you will use their information once it is collected. Allow customers to decline to provide their information or opt out of receiving emails and other promotions.
  • Own and control your own data by restricting its sale to third parties. For example, use a marketing optimization solution that doesn’t require third-party data sales to activate it.

Key Data Privacy Regulations and Guidelines: United States

The steps above are great general guidelines, but how do you know if your privacy policies are achieving compliance with the onslaught of new regulations coming your way?

In the U.S., there is no single regulator for data protection, as regulations are typically created and enforced by industry or state. One of the most stringent regulations is PCI DSS (Payment Card Industry Data Security Standard), a set of standards created by card issuers such as Visa and MasterCard to ensure the security of credit card details online. In other words, if you run an eCommerce website of any kind, you must follow the rules laid out in PCI DSS. Not doing so will result in fines depending on what ‘level’ (how large) your organization is. Here’s a chart for reference:

 Not doing so will result in fines depending on what ‘level’ (how large) your organization is. Source:

The Federal Trade Commission provides additional privacy guidelines for marketers operating in the U.S.

Global Regulations - and Why They Matter

Though the U.S. has made some strides in introducing privacy laws in the past few years, it's still lagging far behind Europe, which continues to put one privacy law after another into effect. And because most of today’s mid to large-sized companies sell their products and services to customers around the world, it’s important to know and understand these regulations and how they impact you if you're a marketer in the States.

The European Data Protection Regulation (EU GDPR)

The regulation that’s currently on the minds of organizations across the globe is the upcoming EU Data Protection Regulation, which goes into effect on May 25, 2018. Though it says “European” in the title, this law will apply to any company that sells to European citizens or residents-or anyone who creates data in the EU.

This “data creation” could include a purchase or submission of details during a sales or marketing interaction. As you can imagine, that’s influencing marketers across the globe to up their privacy and opt-in requirements to make sure they’re compliant. This law will become the go-to best practice for protecting consumer data. And marketers in the U.S. who don’t adhere to these rules could find themselves in hot water.

Why You Must Comply with European Privacy Regulations

Marketers in the U.S. must ensure they are ready for this regulation, along with Europe’s ePrivacy Regulation, which is also set to go into effect next year.

Reed Freeman, a Partner at WilmerHale, discussed the subject of European privacy laws and their effect on the U.S at the Advertising Research Foundation's (ARF) 2017 Audience Measurement Conference in the session What the EU’s GDPR and ePrivacy Regulation mean for US marketers. He states:

“Bullet point number one: It has extraterritorial effect.”[The GDPR] applies to you if you're processing the information of somebody in Europe – [if] you touch it, you process it … If it’s a European resident’s data, the GDPR applies to you, wherever you sit.”

If this doesn’t motivate you, consider that organizations that breach compliance with the new regulation could receive fines of €10m, or 2% of global revenues for smaller offenses and €20m, or 4% of worldwide sales for larger ones. Such steep fines are unfamiliar to most U.S. companies--as are the rules around European data subjects’ personal data and profiling.

How Will the EU GDPR Affect Email Marketing?

As the EU GDPR is a regulation and not a set of guidelines, it will be unlawful to ignore its rules. Here are the elements of the GDPR what will affect email marketing specifically.

  1. Stricter Consent Guidelines: Marketers will only be allowed to send emails to those who have opted-in to receive messages. This is currently the case in most European countries under the EU Privacy Directive, but the GDPR further specifies this consent. It states that brands must collect affirmative consent that is “freely given, specific, informed and unambiguous” to be compliant with GDPR. The legislation clarifies that an affirmative action signalling consent may include checking a box on a website, ‘choosing technical settings for information society services,’ or ‘another statement or conduct’ that clearly indicates consent to the processing. Doing nothing, using pre-ticked boxes and inactivity are not adequate signals. Marketers could set up two different systems for U.S. and EU citizens, but this could be expensive and time-consuming. Consider updating all of your consent guidelines globally

  2. New Requirements for Record-Keeping: Marketers must also keep records of following the consent rules listed above so that they can present reports if questioned by auditors or in court. This will prove a new challenge to many marketers, though rules like this have been in place in countries like Germany for some time. 3. Formatting Existing Data to New Standards

  3. Formatting Existing Data to New Standards: Getting consent and documenting it are just the start of new requirements. GDPR also applies to all existing data. If your database includes subscribers whose permissions haven’t been collected and tracked according to the regulation’s standards, you may no longer be allowed to send email to those subscribers. Because of this, many brands may run re-permissioning campaigns in early 2018


Stay diligent. Privacy regulations are constantly changing, and your marketing policies must keep up! It’s not too late to examine your current policies and make changes. Doing so may save you trouble (and fines!) down the road.

Learn everything you need to know about becoming a digital marketing expert on topics such as privacy. Browse our digital marketing courses now.

Upgrade to Power Membership to continue your access to thousands of articles, toolkits, podcasts, lessons and much much more.
Become a Power Member

CPD points available

This content is eligible for CPD points. Please sign in if you wish to track this in your account.