Editor’s Note: While this piece was originally written for the publishing audience, privacy legislation and consumer consent are still very important topics for marketers to navigate.
The EU’s General Data Protection Regulation (GDPR) laid the foundation for privacy legislation in 2018. One of its key aims was to give consumers more control over their personal information and make users understand they have a choice when it comes to providing consent to data collection and processing.
In the US, initial responses to the GDPR ranged from criticism to pay walls or completely blocking EU visitors from accessing content. While many companies made sure their legal teams were up to speed with the newly introduced regulation, multiple factors are now making US publishers sit up and further address data privacy, associated regulations, and the importance of consumer consent.
Google’s €50 million fine — issued by French regulator CNIL, for lack of valid consent in ad personalization — was one of the first to grab attention. Fines for data breaches might not have been as frequent as some expected, but regulators have had time to build cases and more large fines are expected to come, according to The Wall Street Journal.
In addition, US states are working to implement their own regulations. California’s Privacy Act (CCPA) is due to come into force in January 2020, Vermont’s new legislation is already in place, and a consumer privacy bill has been proposed in New York. The exact requirements of each regulation may differ from the GDPR — the CCPA relies on the user opting out rather than opting in, whereas opt-in is expected as part of the New York Privacy bill development. There may even be a federal regulation requiring opt-in on the horizon, with privacy advocates such as Apple CEO Tim Cook, as well as members of the Federal Trade Commission, calling for a stricter national privacy law.
Collecting user consent may not yet be a legal obligation, but publishers are realizing that it makes good business sense as consumers demand more control over their personal data. According to GlobalWebIndex, more than 70% of US consumers say they are both more aware of, and more concerned about how companies use their information than they were 12 months ago, while less than half feel they are in control of their personal data online.
By opening a dialogue with audiences about data collection and processing, as well as empowering them to decide how their data is used, publishers can enhance their relationship with consumers. Demonstrating transparency and responsible data use builds trust, but also educates users via one-to-one communications about the necessity of data to their business models and the inherent value exchange.
Publishers that go beyond the one-size-fits-all approach to create meaningful consent experiences right now will reap the rewards in the long term. The next two years will be critical for consent and there are a number of practical considerations to take into account when implementing consent programs.
The consent interface is often the first point of contact between publisher and consumer, so care needs to be taken in its design and functionality. Consent requests need to achieve the perfect balance between giving the user the details they need to make an informed choice and not alienating them with complex jargon they won’t understand or unnecessarily disrupting their user experience – all while ensuring legal compliance. Consent requests should be highly explicit, giving users the power to opt in or out of data collection for specific purposes or by particular companies. Ideally, publishers should test a variety of messaging formats to deliver the best possible experience.
Execute Consent Seamlessly
Once a user submits their consent preferences, publishers need to make sure they are integrated across the advertising supply chain. The IAB released its Transparency and Consent Framework (TCF) as a tool to help publishers and other participants in the digital advertising ecosystem comply with their obligations. The updated second version of the TCF increases the importance of consent by enabling users to object to data collection under legitimate interest, an alternative legal basis for data processing. It’s also important that consent preferences can be communicated across non-IAB vendors.
Apply Preferences Across Devices
With consumers frequently switching between laptops, smartphones and TVs to consume content, it is best practice for publishers to share choices across multiple devices. The ability to connect user preferences to an authenticated profile and apply these everywhere the user interacts with a publisher’s content saves the user from having to supply consent every time they log in through a different device. An authenticated profile is a tool that allows users to manage their preferences across site, browser, and devices, and allows publishers to collect consent signals based on identity rather than cookies.
Publishers in the US who aren’t yet legally obliged to implement a consent program yet might be hesitant, with the fear it will be disruptive to their business or they will lose advertising revenue if their audiences fail to give permission. However, they need to consider that across the EU, the publishers that experienced the least disruption were those that adapted early and gave themselves plenty of time to get the consent process right.
By 2021, with GDPR well established, the CCPA in force, and other regulations underway, consent will be a user expectation if not a legal obligation. Publishers should start implementing consent programs now to build trusting relationships with their audiences, increase transparency around data processes, and put themselves in a good position to deal with the regulatory changes ahead.