What Did You Do on Data Privacy Day 2020? Do Tell Us.

Each year, Jan. 28 is known as “Data Privacy Day” in the United States and globally — also Data Protection Day in other jurisdictions. As business organizations — and marketers — we see that it’s a day when consumers are reminded to exercise their “privacy rights.”

Each year, Jan. 28 is known as “Data Privacy Day” in the United States and globally — also Data Protection Day in other jurisdictions.

As business organizations — and marketers — we see that it’s a day when consumers are reminded to exercise their “privacy rights” and take advantage of tips and tricks for safeguarding their privacy and security. In our world of marketing, there are quite a few self-regulatory and co-regulatory tools (U.S. focus here) that enable choices and opt-outs:

  • To opt out of commercial email, direct mail, and telemarketing in certain states, consumers can avail themselves of DMAchoice. For telemarketing, they can also enroll on the Federal Trade Commission’s Do Not Call database.
  • For data collected online for interest-based ads, consumers can take advantage of Digital Advertising Alliance’s WebChoices and Network Advertising Initiative consumer control tools, which are accessible via the ubiquitous “AdChoices” icon. DAA also offers AppChoices, where data is collected across apps for interest-based ads. [Disclosure: DAA is a client.]
  • Now that California has a new consumer privacy law, consumers there can also take advantage of DAA’s new “Do-Not-Sell My Personal Information” Opt Out Tool for the Web. Its AppChoices mobile app also has a new CCPA opt-out component for “do not sell.” Publishers all over the Web are placing “Do Not Sell My Personal Information” notices in their footers, even if others outside California can see them, and offering links to their own in-house suppression lists, as well as DAA’s. Some publishers are using new the Privacy Rights icon to accompany these notices.

Certainly, businesses need to be using all of these tools — either as participants, or as subscribers — for the media channels where they collect, analyze, and use personal and anonymized data for targeted marketing. There’s no reason for not participating in these industry initiatives to honor consumer’s opt-out choices, unless we wish to invite more prescriptive laws and regulations.

We are constantly reminded that consumers demand high privacy and high security — and they do. We also are reminded that they prefer personalized experiences, relevant messaging, and wish to be recognized as customers as they go from device to device, and across the media landscape. Sometimes, these objectives may seem to be in conflict … but they really are not. Both objectives are good business sense.

As The Winterberry’s Group Bruce Biegel reported while presenting his Annual Outlook for media in 2020 (opens as a PDF), the U.S. data marketplace remains alive and well. For data providers, the onus is to show where consumer permissions are properly sourced, and transparency is fully authenticated and demonstrated to consumers in the data-gathering process. It’s a rush to quality. Plainly stated, adherence to industry data codes and principles (DAA, NAI, Interactive Advertising Bureau, Association of National Advertisers, among others) are table stakes. Going above and beyond laws and ethics codes are business decisions that may provide a competitive edge.

So what did I do on Data Privacy Day 2020? You’re reading it!  Share with me any efforts you may have taken on that day in the “public” comments below.

White House ‘Big Data’ Review Recognizes Innovation and Self-Regulation

When the White House announced its intent to study the rise of “Big Data,” as a citizen, I guessed there might be a lot to say about government surveillance, public safety and terrorism, in light of Snowden. As a consumer, I suspected there might be a lot of attention to data breaches, in light of the recent Target incident among others. As a working individual whose livelihood depends on data access and use for more relevant marketing, I was nervous

When the White House announced its intent to study the rise of “Big Data” and its impact on business, commerce, government and consumer’s everyday lives, with privacy protection as an underlying theme, I have to admit I was bracing myself.

As a citizen, I guessed there might be a lot to say about government surveillance, public safety and terrorism, in light of Snowden. As a consumer, I suspected there might be a lot of attention to data breaches, in light of the recent Target incident among others.

As a working individual whose livelihood depends on data access and use for more relevant marketing, I was nervous there might not be a practical discussion of how information sharing and privacy protection can (and is) successfully provided through a combination of peer regulation, enterprising technology and sector-specific legal regulation where information protection and security is niche-based and designed to prevent harm from data error or misuse (credit, financial, health, for example).

Then the report, titled “Big Data: Seizing Opportunities, Preserving Values” (pdf), was released.

As a citizen, I was left wanting. Government surveillance of law-abiding U.S. citizens is parked for another report, another day. Some reforms have already been announced. Perhaps this is a blessing—there never should have been a link made between government spying and private sector use of data for commercial purposes anyway.

As a consumer, I was glad to see a call for a single national data breach notification standard. A few years back, I received several notices of “my” data being breached in a few months’ span—two of which offered a year’s worth of identity theft and fraud protection (which I continued to purchase on my own). Whether by luck or design, those notices have declined in number—I’ve had none in the past year. As I hear and read about more recent major data breaches, I haven’t been directly affected (to my knowledge), and maybe—just maybe—some organizations and brands in which I’m involved have gotten better about security. (Indirectly, we all pay for fraud—in higher prices for products and services, insurance, bank fees and the like—and perhaps in our collective loss of trust and carefree.)

As a marketer, I have to say I was happily surprised at the clear-headed conveyance of facts and reporting of opinion in this report—and, importantly, the steer-clearance of political grandstanding. I will leave it to our trade associations to comment on the policy recommendations, but as one our industry’s leading practitioners stated in Adweek, “If anyone of my clients wants a 101 on big data, I’m going to send them this report. This report is very relevant because a lot of what drives this business is programmatic media buying. There are millions of places to advertise on the Web, so an algorithm will decide what your likely audience will be.”

The report either cited or recognized such industry initiatives as the Data-Driven Marketing Institute’s “Value of Data Sharing” report, the Digital Advertising Alliance (disclosure, a client) and its own recent research on data sharing’s role in increasing advertising’s value, as well as DAA’s YourAdChoices.com site and consumer opt-out program for online interest-based advertising. There was care to note—even in the report’s title—that innovation is one of the benefits made possible by big data, and that this economic and social value needs to be enabled, if not fully supported and facilitated.

The report did raise red flags about commercial redlining, eligibility issues connected to employment, healthcare, finance and insurance, and data security (as noted)—but these important areas for consumer protection largely are already regulated, and even have industry backing for further regulation in certain areas such as breach notification. Most of these topics don’t have much to do with smarter marketing, even if some privacy advocates and academics hypothesize about that stretch.

Where do we go from here? The report did make several policy recommendations—and while there were some seeking to codify in law Fair Information Practices Principles (a Consumer Privacy Bill of Rights), there was no attempt to call for an omnibus privacy protection law that treats all data and all data usage the same. If you haven’t had the chance, give it a read—I actually learned from it, and avoided tears and rage.

5 Things ’60 Minutes’ (Intentionally) Didn’t Tell Americans About Data Brokers

Kids, “60 Minutes” is no longer U.S. broadcast journalism at its former best—it’s pseudo-infotainment. Frankly, correspondent Steve Kroft and company had their own point of view that they wanted to report to whip up hysteria, and it wasn’t part of any of the data-driven advertising ecosystem that anyone of us practitioners recognize. Here’s what I know—that I want every consumer to know—and what CBS and “60 Minutes” should have told its viewers:

Kids, “60 Minutes” is no longer U.S. broadcast journalism at its former best—it’s pseudo-infotainment.

The Direct Marketing Association, my editor at Target Marketing, our friends at Direct Marketing News and The Magill Report were spot on with their responses.

Frankly, correspondent Steve Kroft and company had their own point of view that they wanted to report to whip up hysteria, and it wasn’t part of any of the data-driven advertising ecosystem that anyone of us practitioners recognize. Bryan Kennedy of Epsilon did yeoman’s work: Self-regulation exists because all marketers know that data is the currency of our livelihood, and consumer trust underpins us all.

Here’s what I know—that I want every consumer to know—and what CBS and “60 Minutes” should have told its viewers:

1. You Can Opt Out
For decades, Americans have had numerous free ways to “opt-out” of the data-sharing-for-marketing-use marketplace—and millions upon millions of Americans have taken advantage of these free industry-offered programs:

  • DMAChoice, offered by DMA, allows industry-wide opt-out of prospect direct mail, email, do-not-call (for selected states) and unaddressed mail delivery.
  • Nearly all consumer brands also offer their own preference centers and in-house suppression lists on their Web sites and Privacy Policies—both for do-not-send and for do-not-share, bridging multiple channels. Many business brands also do the same.
  • More recently, the Digital Advertising Alliance and its Consumer Choice Page provides an industry-wide opt-out mechanism for targeted display ads online that are served (in a de-identified basis, by the way) based on browsing behavior. Consumers can harden their choices against cookie removal once each opt-out choice is made.
  • A similar opt-out mechanism for mobile interest-based advertising from DAA is now in the works.

2. Marketing Data Is Used for Marketing Only
Every code of conduct and every ethics guideline in our business states this clearly. Furthermore, firewalls exist between marketing data (our business’s data sources) and individual referential data (information used for private investigation, employment, credit, insurance eligibility). If “60 Minutes”—or a consumer, or anyone else for that matter—has evidence that a marketer or service provider is sharing, renting or selling marketing data for non-marketing uses, the DMA’s Committee on Ethical Business Practice would want to be first to know—so as to investigate and bring any organization into compliance. Hypotheticals and inferences are not reality, despite the innuendoes used by Kroft.

3. Sensitive Data Are Already Regulated
Areas of sensitivity that most consumers care about—personally identifiable data related to their children, financial data, health information, credit data and a few other categories—are already regulated under federal law. Marketers must adhere to these laws and regulations.

4. Fraud Is Not Marketing
Another sensitive area—where and when marketing data is breached with a likelihood for fraud—you’ll find that most marketing organizations indeed want one national standard (not 50 plus one) for how consumers are notified and what protections they are afforded. Fraud prevention—as well as data governance and data stewardship—is a heightened priority for all businesses and organizations that rely on consumer information.

5. Data Benefits Customers
Data used for marketing purposes should be a government concern: not on how to stop it—but how to promote it, both domestically and globally, to benefit consumers and the economy. On the whole, consumers demand relevance. They demand recognition. They crave personalization. And every day—millions of times a day—they vote with their wallets: They shop, they donate, they subscribe, they raise their hands, all based on their participation in commerce. Marketing data also enables competition and the innovation and variety of choices consumers enjoy. As DMA has ably documented, marketing data exchange generates sales, jobs and tax revenue—and, might I add, satisfied consumers. Yes, we need consumer protection from fraud, bad players and unfair and deceptive practices—but “our data-driven economy” is a hugely wonderful default.

Which begs the question: Where is the harm, “60 Minutes”?

Marketing Data: Do I Own My Own Name?

I’ve always been uncomfortable with the position taken by some privacy advocates that each of us owns our own information—and thus has some form of property rights derived from this information—and that marketers shouldn’t have use of that information without first having permission and providing compensation

I’ve always been uncomfortable with the position taken by some privacy advocates that each of us owns our own information—and thus has some form of property rights derived from this information—and that marketers shouldn’t have use of that information without first having permission and providing compensation. To this, I say—hey OK, but let’s be pragmatic.

Certainly, if I’m a celebrity, where my name and likeness has commercial value, perhaps as an endorsement, such an “ownership” rationale is a valid one.

But in the exchange of customer data for marketing purposes, this argument lacks merit, in my opinion. The value of my name on a mailing list, for example—mail, email, telephone, otherwise—has nothing to do with “my” name being on the list or, for that matter, “your” name being on that same list. (Even when we are both see ourselves as celebrities.)

Rather, the value of both our names being on the same list is by knowing the shared attribute that placed us both there—alongside the thousands of others on that list. In the world of response lists, it’s the sweat equity of the business where you and I both chose to become a customer that deserves the compensation in any data transaction, as it alone built the list by building a business where you and I both chose to become customers.

Yes, that marketer must provide notice, choice, security, sensitivity, marketing data for marketing use only, and perform other ethical obligations that are part of the self-regulatory process that have governed this business for nearly 50 years—recognizing that customer data is our most important asset, and that consumer trust and acceptance serves as the foundation of the data-driven marketing field. Privacy policies, preference centers, in-house suppressions and DMAchoice collectively serve the consumer empowerment process by enabling transparency and control in this data exchange.

In the world of compiled lists, where third parties assemble observed data for marketing purposes, again there is the sweat equity of the entities assembling and analyzing that data to “create” or “discover” the shared attributes of that data. Knowing these attributes is where the combined data derive their value. Marketers deploy activity based on these attributes to generate commerce. While the relationship between individuals and these third parties may be indirect, we still have the same ethical codes and opt-out tools governing the process. Recently, in the case of Acxiom, we’ve seen such a data compiler working to establish a direct relationship with consumers, providing individuals with the ability to inspect the data the company holds and to suggest corrections—as if the firm were a (highly regulated) credit bureau. (It is not.)

The fact that my name—Chet Dalzell—is on both response and compiled lists, to me, doesn’t entitle me to anything except to expect and demand that these movers of data act as responsible stewards of this information using well established ethics and self-regulatory methods. (Granted, in the US, there are legal requirements that must be met in such sensitive areas as credit, personal finance, health and children’s data.)

This flow of data, as the Direct Marketing Association most recently reaffirmed, generates huge social and economic value—and, in my view, my own participation as a customer in the marketplace is my agreement to allow such data exchange to happen. In fact, were it not for such flows, I might never have been provided an opportunity to become a customer in the first place. Benefits to consumers accumulate, while harm is nowhere part of the marketing ecosystem—other than to protect from identity theft and fraud. I find it fascinating some would-be regulators fail to grasp this truth.

That’s why inflexible government regulations—and opt-in-only regimes—and technology strictures that interfere with my interaction with brands are so troublesome. Such restrictions may claim to be about privacy; more often than not, they’re really motivated by political grand-standing, anti-competitive business models, and the forced building of new data siloes that do nothing to advance consumer protection—and potentially ruin data-driven marketing.

Yes, I own my name—and by choosing to be a customer of your brand, so do you own your customer list. Of course, I am the ultimate regulator in this process. For whim or reason, I can choose to take my business elsewhere.

Now, what about my Twitter, Facebook, Google and Yahoo! profiles?