Are We Hypocrites on Privacy?

I have been carefully reading the terms and conditions and privacy policies of companies to which I subscribe more often, lately. I am concerned about with whom my data is shared and under what conditions. While I hold my vendors to high standards, have I let our company’s standards slip?

I have been carefully reading the terms and conditions and privacy policies of companies to which I subscribe more often, lately. I am concerned about with whom my data is shared and under what conditions. While I hold my vendors to high standards, have I let our company’s standards slip?

With great confidence I can say, “No, I have not,” but can you?

My sister wears a FitBit. She explained to me it reminded her to walk 10,000 steps per day, and also enabled her to track her fitness progress on their website. That sounds great, I thought—until I read their privacy policy, one with gaping black holes and ambiguous terms. A privacy policy I found so objectionable the benefits simply did not justify the means.

After shopping for nearly a year, I recently bought an HTC phone—the unlocked version, which enables me to control which apps are installed and what they share. Though Google is by no means setting the standard for privacy, I feel Google is reluctant to share my information with others and so those are the only third-party apps allowed—no Facebook, no Twitter, no games, no sharing of any kind.

So, here are two instances where a company’s privacy policy has changed not just my habits, but my buying decisions. This got me to thinking about how many marketers’ privacy policies have been written in such a manner as to be intentionally ambiguous, somewhat misleading, or downright dishonest in order to encourage people to subscribe. As you set about collecting subscriber names, what are your answers to these hard questions:

  • Is your privacy complete and up to date?
  • Is your privacy policy clear and honest?
  • Do you use your subscriber names ONLY in the way you have described?
  • If your company marketing practices have changed, does your policy reflect these changes?
  • Are you collecting, or have you collected, information you did not disclose?
  • Do others have access to what you proclaimed as private?
  • Have you been hacked?
  • Has an employee taken your data with them when they left the company?

Some of these answers have the air of intent, while others present you as the victim. But in both cases, it’s time to update your policies, and this can present a wonderful, welcomed opportunity for dialog with your subscribers.

We’ve all received of one of those seemingly nefarious letters, “We’ve Updated Our Privacy Policy,” so how about a new take on an old problem: “Good News! We’ve Updated Our Privacy Policy to Give You Even More Privacy!”

If you’ve spent the last few years collecting data about your subscribers and you’ve found you’re not using the vast majority of it—and let’s face it, the data shows we’re simply not—it’s time to delete it from your list. If you haven’t used it thus far, it’s out of date and useless to you going forward. Delete it and brag about it. Send a cheery note to your subscribers reminding them that while others are collecting more and more, you are collecting less and you’re intentionally deleting everything you have not found directly useful to how you interact with them today and not specifically covered in your privacy policy.

Send them to a link with the shortest, sweetest privacy policy they’ve read, for example:

Our Privacy policy

  • We have on file only your first name, last name, and email address.
  • We ask for nothing else.
  • We send you only emails you request.
  • We have nothing to share with others, and wouldn’t if they asked.
  • We won’t change this policy without prior notice – ever.

Thank you for being our customer.

– Sincerely,
Your Grateful Vendor

No, I’ve never actually seen a policy like this, but if I did, I wouldn’t hesitate to purchase their wearables or buy their phone.

The Terms of Your Terms of Service

Most of us have a terms of service document on our websites, even if they’re mostly contained within our privacy policies. We reference these documents in much of our correspondence, including our business and marketing emails. Your privacy policy or terms of service sets the expectations for what your customers will receive from you as a company

Most of us have a terms of service (TOS) document on our websites, even if they’re mostly contained within our privacy policies. We reference these documents in much of our correspondence, including our business and marketing emails. Your privacy policy or terms of service sets the expectations for what your customers will receive from you as a company.

Recently, Google upgraded its terms of service to explicitly inform its customers they have automated systems analyzing content in order to deliver relevant ads and provide customization and security. General Mills in a separate, yet oddly related move, has changed its terms of service to inform customers who “like” their products on Facebook that they have given up their right to take the company to court if there’s a problem with the product.

As mentioned in previous articles, Google is already camped out in courtrooms for these business practices, and I am confident that General Mills will find similar legal challenges over their new draconian policies, which potentially create an adversarial relationship with their customers.

In both of these scenarios, and for our company, when the need arises to make changes to our policies, the new language is probably more enlightening to current customers, followers and subscribers than it is giving future customers sufficient warning—after all, when was the last time you read the terms of service of a new company with whom you’ve chosen to follow or create an account? Most of us are good about sending notices when we have a change in policy, and our subscribers are much more likely to read that than the original TOS.

The Trust Factor
As marketers and builders of brands, we know honesty is paramount. Building credibility and trust sells, whether it’s product or service. It’s why many of us choose to include a link to our privacy policies in our emails. We want our subscribers and customers to know we value their information and will do our best to protect it. When our privacy policy changes in a way not congruent with the original version the client may—or may not—have read, we run the risk of damaging the credibility we’ve worked so hard to build.

Companies such as Google and General Mills have the means to defend their companies against customers who object to the TOS changes, but for those of us who represent small- to medium-size businesses, lawsuits challenging a policy change could easily bankrupt even the most successful. What’s more, negative policy changes put us at odds with the very persons with whom we are trying to build a trusting relationship; and that is likely to land us, like Google and General Mills, on the social-media hot seat.

While truthfulness in our policies is necessary, it’s also important to give consideration to the delivery. Of course there is a need to have a TOS that protects us when a beautiful relationship becomes discourse, but a candy coating can make it that much easier for our customers to swallow. For a great take on how to deliver your TOS or make changes or updates to it, Daily Conversions did a great piece on this topic a couple years ago.

Our marketing emails are difficult to deliver and getting more so. We need to consider each component of the email to ensure deliverability improves over time, and a friendly, yet firm, privacy policy most certainly will have a positive effect.

Treat your recipients with respect—and humor when you can—and you will continue to create a nurturing, healthy, trustful relationship.

UPDATE: After I completed this article, General Mills announced (due to the severe roasting they took in social-media platforms), they will reverse their new policy. You can now safely like General Mills and reserve your right to sue them—not as though there was a whisper of a chance they could have defended their position in court, IMO.

Don’t Be Creepy: Using Robust User Data for Ad Targeting While Respecting Privacy

When your brand possesses or has access to data that provides deep visibility into user interests, you should use that visibility to create more relevant ads, thus increasing performance while limiting costs. But with deep visibility comes deep responsibility to respect privacy. The fastest way to hurt performance is to cross into the creepy zone. Don’t be a creeper.

Google announced that on March 1 it will be updating its privacy policy to enable the integration of user data across Google properties. As it integrates more cross-property data, including information on user interests and demographics, Google can provide advertisers with more robust and precise targeting capabilities in search and display.

For instance, Google may uncover a certain person’s interests through their interactions on Gmail and Google+. This capability may someday enable an advertiser to direct search or display ads to that person based on those interests.

Although users can opt out of the experience and adjust and delete information that Google has collected, the privacy policy update has been met with some backlash. Lawmakers in the U.S. and European Union have asked Google to explain why the changes are necessary and how privacy will be protected. A privacy advocacy group sought a court order directing the FTC to sue Google, and sites like Gizmodo have urged people to take control of their privacy by switching to various non-Google-owned properties for search, email, social, photos, docs and video.

Assuming Google goes forward with the update and activates the potential for more robust targeting options, advertisers should keep a few things in mind to increase performance while respecting privacy:

1. There’s a fine line between appropriate and creepy. Ads that are more tailored to a person’s interests are more likely to satisfy that person’s needs. However, many users would prefer that advertisers don’t know everything about them. If a user sees an ad that’s eerily related to a Google+ or Gmail conversation they’ve just had with a friend, a line may have been crossed.

2. Users will blame you. Creepy ads harm people by making them feel as if they’ve been unwillingly observed. But who’s responsible for this unwanted observation? Technically Google observed the user, but the average web surfer doesn’t think about what’s happening behind the scenes. Users ask, “How did this brand know that about me? Have they been watching me?” Creepy isn’t always a label that users attach to Google (or Facebook or any other advertising platform). It’s a label attached to brands that push the platform’s capabilities too far.

3. Just because you can doesn’t mean you should. Users must agree to the new privacy policy in order to sign in to Google. Google provides an easy means within its Ads Preference Manager to opt out of customized or personalized search and display ads. Thus Google’s informing its users, obtaining their consent and providing them with privacy controls. But just because a person consents or fails to adjust their ad preferences doesn’t mean that it’s open season for creepiness. People shouldn’t have to choose between using Google and avoiding the creep factor.

As a marketer, don’t think that people agreed to diminish their right to privacy in order to use Google or another service. Respect privacy as a right that can’t be diminished, no matter whether a person opts in to a privacy policy.

When your brand possesses or has access to data that provides deep visibility into user interests, you should use that visibility to create more relevant ads, thus increasing performance while limiting costs. But with deep visibility comes deep responsibility to respect privacy. The fastest way to hurt performance is to cross into the creepy zone. Don’t be a creeper.