GDPR-Era Privacy Laws Demand a New Approach to Identity
This article was originally published on Adweek.com on September 16, 2019.
Anyone watching Europe’s GDPR battle play out over the past few years could see the writing on the wall for data-led brands.
Since the tough privacy protection regime went into effect in May 2018, over 60 countries have announced plans for new data privacy laws. Many are based more or less on the EU’s historical approach to data protection.
The U.S. has yet to enact comprehensive legislation at the federal level, but several states have taken steps to protect consumer privacy. California, for example, enacted the California Consumer Privacy Act (CCPA) last June and New York, North Dakota, Utah and Washington now have similar legislation in the works.
Many tech giants recognize that most consumers support privacy laws, and as a result, have expressed support for some form of federal privacy legislation. In addition, several have introduced enhanced privacy features to prevent the strictest forms of regulation.
Google, for example, recently upgraded Chrome to allow consumers to prevent browser fingerprinting and eliminate cross-site cookies. Preceding that, Apple launched an upgraded Intelligent Tracking Prevention system for iOS and Safari users, and Microsoft announced that 18 million people, including nearly 7 million in the U.S., use its new privacy dashboard to manage their personal data.
Brands relying on Facebook Pixels for ad targeting will also feel the pinch in the coming months. Mark Zuckerberg announced in May that Facebook’s clear history tool will roll out sometime in 2019. The new tool allows users to disconnect their browsing history– information Facebook collects about users outside the app–from their Facebook profile, thus rendering Pixels and Custom Audiences essentially useless for targeting.
It’s a changing world for digital marketers. The new environment requires a whole new approach to content creation, targeting and even attribution models without the benefit of tracking pixels, cookies and browser fingerprints. One could say consumer data privacy has gone from an esoteric IT concept to a corporate data crisis.
Privacy and the data-driven dream
Privacy concerns aside, the reality is that consumers have grown to expect a personalized, frictionless experience. According to Salesforce’s second annual State of IT Survey, over 75% expect brands to provide a consistent, customized and seamless experience whenever and wherever they engage.
And brands are committed to providing it. Over two-thirds of CMOs reported prioritizing technology to provide a single customer view according to the Salesforce survey, and data-driven personalization was named as a top-five marketing trend in 2019 for maximizing ROI.
Consumer expectations and brands’ marketing objectives appear to be at odds with strict data privacy laws and newly launched privacy-protection tools. How can businesses deliver the frictionless, customer-centric omnichannel experience consumers demand when privacy laws restrict the data pipeline?
A (sort of) simple solution
Identity resolution is the connective tissue that enables a clear and accurate picture of a consumer’s omnichannel journey. By integrating identifiers across available touchpoints and devices with behavior, transaction and contextual information, a cohesive and addressable consumer profile can be constructed for marketing analysis, orchestration and delivery.
A meaningful and proprietary identity profile can then be built and maintained over time.
It can also be used to link pseudonymized IDs like cookies and mobile ad ids (MAIDs) to construct a strong cross-device identity for acquisition across digital touchpoints. This is all easier said than done, however, especially given the infinite volume of online and offline data to sort through.
Identity involves three essential functions. The first is data collection across a variety of online and offline sources. You’ll also need to resolve fractional profiles to establish a unique, persistent identity. The third is corroboration to maintain that persistent identity as identifiers shift over time.
Privacy legislation no doubt throws a wrench into identity resolution because it limits your ability to collect valuable consumer insights from third-party pixels, as well as first-party pixels in some instances (i.e., browsing behaviors, page visits and referral URLs). It also restricts the ability to collect data directly from consumers without their consent and limits the use of previously collected data should they opt-out.
While this may force a pivot toward first-party data, technology that collects and matches disparate data sets in a privacy-compliant manner are key to creating the persistent identity at the heart of customer-centric omnichannel marketing.
The days of implied consent are fading fast. Even without privacy legislation, consumers are demanding more control over the use of their personally identifiable information.
But that doesn’t mean they’ll never consent to share. A recent survey showed 83% of consumers will give brands permission to use their data in exchange for a personalized experience as long as the company is transparent about how the data will be used.
In other words, consumers recognize the value of this two-way exchange.
Identity is the foundation of that exchange—if brands can’t recognize customers at every touchpoint, the personalized experience falls apart.
Privacy management and identity resolution
In the face of ever-tightening privacy protections, identity technology may seem counterintuitive but it has emerged as a powerful tool for protecting consumer data and maintaining compliance. In this case, privacy laws have actually aligned the interests of brands and consumers.
As it turns out, the single customer view is as essential to marketers as it is to privacy officers. For example, both GDPR and CCPA legislation enshrine the right to be forgotten.
In other words, if a customer requests that data linked to her identity be erased, businesses are legally obligated to do so or face financial penalties. And given the broad definition of personal information in these laws, which includes pseudonymized persistent identifiers, that right applies to a lot of data.
Brands without a single source of truth are left scrambling to mine siloed data and unstructured data lakes to comply—no trivial task. Privacy management is no longer an optional best practice, even for brands doing business just in the U.S. The onslaught of new privacy regulations makes it an absolute must.
Marketers who believe identity resolution is a part of the privacy problem are missing the larger picture. If anything, identity will displace other technologies as marketers build out their targeting strategies because identity serves a larger corporate-wide purpose.
Identity resolution isn’t only useful for known, existing consumer data. It yields a trove of granular intelligence enabling a clearer picture of the brand’s consumer base.
Consolidating disparate data into a single, persistent source of truth not only improves the consumer’s cross-channel experience, it also safeguards his privacy requests, a winning situation for both business and consumers.
As consumers move through various marketing channels, they give consent for technology to collect and analyze information such as cookies, email addresses, device IDs, site visits and past purchases.
Identity is a symbiotic relationship. Consumers willingly share personal information in exchange for a better experience and brands happily use that data to provide the connected experience consumers expect through targeted, personalized media.