{"id":35918,"date":"2020-06-16T04:46:07","date_gmt":"2020-06-16T08:46:07","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&p=35918"},"modified":"2022-08-04T07:43:43","modified_gmt":"2022-08-04T11:43:43","slug":"marketing-data-privacy","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/marketing-data-privacy\/35918\/","title":{"rendered":"Great marketers do more than just follow privacy law"},"content":{"rendered":"

Why is privacy the word on everyone\u2019s lips today? Perhaps because according to the Kaspersky Global Privacy Report 2020, a third (34 percent) of consumers have had someone access their private information without consent<\/a>. And that\u2019s just those who know it happened.<\/p>\n

Governments around the world \u2013 including in Europe, the US and Brazil \u2013have brought in new personal data protection laws. Others, like Japan, are being revised. Regulating new technologies, like biometrics and facial recognition<\/a>, is controversial because it extends the fine line between privacy to protect society and state surveillance. Data breaches are becoming more common and more expensive. In 2019, the average data breach cost the affected business 1.4 million US dollars<\/a>.<\/p>\n

The new rules of marketing<\/h2>\n

Marketers now have new rules to follow when collecting data about website visitors, sending marketing email and using customer relationship management (CRM) software. Not complying means hefty fines and reputational damage. In 2020, the Italian Data Protection Office fined a telecommunications company over 27 million euros for making marketing calls without consent<\/a>.
\nOn the bright side, we may be increasingly trusting and engaging with businesses that respect our privacy. A 2018 Harvard Business School study found customers were 40 percent more likely to visit a website\u2019s recommended products when wording made clear the recommendations were informed by their browsing behavior<\/a>. Similarly, in a 2020 study by Cisco, three in four companies said complying with data protection laws had increased their customers\u2019 loyalty and trust<\/a>.<\/p>\n

Marketing must adapt to new regulation, but it looks like there is potential for this change to make marketing better.<\/p>\n

Laws marketers should know about<\/h2>\n

As privacy legislations cover more of the globe, it\u2019s challenging to keep up with what applies to your company. Here\u2019s a primer on legislation already out there or coming soon.<\/p>\n

Europe: General Data Protection Regulation (GDPR)<\/h3>\n

The GDPR applies to all organizations in the European Economic Area (EEA) or that process its citizens\u2019 personal data.<\/p>\n

Data protection authorities for different countries in Europe regularly publish clarifying guidelines, such as the Irish Data Protection Commission\u2019s 2020 guide on how and when websites may use cookies<\/a> \u2013 text files containing users\u2019 data downloaded onto their device, used for personalizing content.<\/p>\n

Brazil: Lei Geral de Prote\u00e7\u00e3o de Dados (LGPD)<\/h3>\n

Like GDPR, Brazil\u2019s new data protection law<\/a> (going into effect in 2021) applies to all organizations operating in Brazil, offering services or goods to the Brazilian market or processing data of those living in Brazil.<\/p>\n

Unlike GDPR, LGPD does not explicitly address marketing. Nonetheless, marketers with Brazilian customers should understand it, because it directs how they should handle customer data, including sensitive personal data, such as health or political preference.<\/p>\n

California Consumer Protection Acts (CCPA)<\/h3>\n

California\u2019s new data protection law<\/a> came into force on in January 2020. It applies to companies that operate in California, US and make 25 million US dollars, make more than half their money selling user data or gather data on more than 50,000 consumers, households or devices.<\/p>\n

It regulates some marketing activity. For example, companies must let users opt out of sale of their data with a clear \u201cdo not sell my personal information\u201d link. It also sets out rules for how companies may store and handle customer data.<\/p>\n

When marketers don\u2019t follow the rules<\/h2>\n

While making your marketing privacy-friendly could improve customer loyalty, failing to comply with data protection laws can be costly.<\/p>\n

Heavy fines<\/h3>\n

Most famously, French data protection authority Commission Nationale de l\u2019Informatique et des Libert\u00e9s (CNIL) fined Google 50 million euro<\/a>. According to CNIL, Google didn\u2019t give users clear enough information about how their data would be used and didn\u2019t give them enough control over its use.<\/p>\n

The cost of non-compliance varies. Under GDPR, the maximum fine is 20 million euros or four percent of your total worldwide annual turnover<\/a>, whichever is higher. Under the new Brazilian law, the maximum fine for each violation is 50 million reais (nearly US$1 million)<\/a>, plus daily penalties for not stopping violations after an order from authorities.<\/p>\n

Keep in mind that you can also be fined under several different regulations at once, so 20 million euros under the GDPR and 50 million Brazilian reais under the LGPD for a similar violation. Being fined in one country or region doesn\u2019t exempt you from further prosecutions.<\/p>\n

It\u2019s not just big, high-profile businesses like Google getting stung either. European data protection authorities issued over 428 million euros in fines in 2019<\/a>.<\/p>\n

Legal hot water<\/h3>\n

On top of fines, companies that don\u2019t protect customer privacy risk being sued by customers or governments. Facebook has had its revenue affected by privacy lawsuits<\/a>.<\/p>\n

Aside from financial pain, the bigger risk is damage to reputation. Despite its marketing campaigns trying to fix its tarnished reputation<\/a>, many no longer trust Facebook with their personal information<\/a>.<\/p>\n

Making marketing more privacy-positive<\/h2>\n

Getting creative can make your marketing more privacy-oriented and appealing to customers. You\u2019ll also need to watch for where others have fallen foul of the law.<\/p>\n

Accept and follow the law<\/h3>\n

After GDPR required cookie consent from users, many turned to dark patterns: Interface desi<\/a>gns that try to trick the user<\/a> into doing something like agreeing to marketing emails or consenting to cookies. In some cases, websites use dark patterns to prevent users reading a privacy policy or opting out of sale of their personal information.<\/p>\n

\"data<\/p>\n

Dark pattern techniques violate data protection laws<\/a>. Companies that use them can be fined or see their reputation damaged. Tumblr learned the hard way when people began Tweeting about dark patterns in their cookie consent form<\/a>.<\/p>\n

Give privacy options, even when you don\u2019t have to<\/h3>\n

Build customer trust by giving them privacy options, even when the law doesn\u2019t require it. For example, if you\u2019re running a contest on social media, let people enter privately with a direct message or through a website form. While this may decrease numbers of tags and hashtags that increase your contest\u2019s reach<\/a>, it builds a privacy-friendly reputation and increases participation.<\/p>\n

Ask for consent<\/h3>\n

Beyond cookie banners and newsletter opt-ins, ask customers for consent whenever you run a marketing campaign. For instance, when gathering feedback through a survey, ask participants\u2019 consent to use their feedback publicly, even if it\u2019s anonymous. Asking shows you respect their privacy and preferences.<\/p>\n

Protect your customers\u2019 data<\/h3>\n

To put customer privacy first and follow data protection law, you must invest in cybersecurity<\/a>. Even one data breach can lower trust<\/a> in your company.<\/p>\n

Reflect on how you collect and use personal data, how it\u2019s stored and what tools you use. Find out if your customer management system has reported data breaches recently or your email marketing platform has been fined for privacy violations.<\/p>\n

Keep up your education about privacy<\/h3>\n

Privacy laws and industry standards will evolve. Educate yourself, constantly.<\/p>\n

A good place to start is Undatify\u2019s blog<\/a> (a Kaspersky Innovation Hub<\/a> project), for explanations of data protection law, privacy advice and monthly news roundups. Knowing what\u2019s right will give you confidence you\u2019re doing your job right and treating customers\u2019 privacy with the care it deserves.<\/p>\n","protected":false},"excerpt":{"rendered":"

Not following privacy laws means harsh penalties, but going even further in marketing privacy practice can build a valuable company reputation.<\/p>\n","protected":false},"author":2602,"featured_media":35919,"template":"","coauthors":[3835],"class_list":{"0":"post-35918","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-data-and-privacy","7":"emagazine-category-opinions","8":"emagazine-tag-gdpr","9":"emagazine-tag-internet","10":"emagazine-tag-marketing"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/marketing-data-privacy\/35918\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/marketing-data-privacy\/22628\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/35918","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2602"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/35919"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=35918"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=35918"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}