By 2024, 75% of the global population will have their personal data covered under some or other privacy regulations.
Marketing will be at the forefront of not just ensuring that compliance with these regulations does not impact buyer journeys, but also that customers trust the brand to do the right thing with their data. All of that is in the midst of a volatile economic environment where legal, technology, and security are also key stakeholders for success.
In this article, we explore five major privacy, consent, and data priorities for 2023 that all marketers need to be prepared for.
Marketers need to take the lead in designing the privacy experience
Privacy cannot be an afterthought for marketers anymore
The impact of privacy regulation is real. Businesses operating in the E.U. were fined more than double the amount levied in 2021, and the total instances of fines went up from 954 in 2021 to almost 1400 in 2022.
While the big giants like Vodafone, TikTok, and Amazon pay a majority of those fines for violations ranging from misuse of data to external breaches, the Executive Summary of the GDPR Enforcement tracker report provided by CMS Law indicates that fines on smaller firms are also on the rise. They refer to the phenomena as the ‘GDPR fine iceberg’ - a bulk of the violations and fines are invisible because they don’t make it to the headlines.
According to new research from the Capgemini Research Institute, around three-quarters of CMOs are now responsible for contributing to business growth (76%) and leveraging data and technology (74%). Privacy and consent are at the heart of data-led marketing, and most marketing leaders will find themselves smack-bang in the middle of these conversations in the boardroom.
The most progressive ones, however, will not just participate, but find ways to lead it. They realize the potential of privacy as not just a trust builder and CX differentiator, but also as the cornerstone of sustainable business revenues in times to come.
The top 5 privacy priorities for marketers in 2023
While there are several complex issues to grapple with, here are 5 of the most high-priority aspects of the conversation needing the attention of marketing leaders in 2023:
1) Data Subject Access Rights (DSAR) readiness
The pattern of customers wanting to be more involved in how their data is processed continues, with data access requests and the right to erasure requests being the most common types of data requests companies receive from customers. In 2023, with several more states flagging off their privacy laws and regulations, and customer awareness of data ownership growing, there will be an exponential increase in DSARs and ‘do not sell’ requests (DNS).
Are companies ready? In a 2021 study, 92% of privacy professionals in companies with more than 1000 people said they are concerned about honoring data subjects' rights under the CCPA. The study also found 51% said data subject request fulfillment is the most difficult part of CCPA compliance.
These fears are not unsubstantiated. In the EU, DSAR-related fines came in as the 4th and 5th most common types of fines this year, with ‘Insufficient fulfillment of information obligations’ violations being fined in 122 instances (€ 237,002,595) and Insufficient fulfillment of data subjects rights at 135 instances (€ 50,054,070).
As marketing leaders generate and use much of the customer and business data generated, they need to urgently consider how these inbound DSAR or DNS requests will be handled. Are there adequate systems and infrastructure to trace and erase personal data sitting across the many systems, applications, devices, and channels? Which department will be responsible for handling them in a customer-friendly manner? What staff, resources, processes, and infrastructure are needed to make that happen?
Processing DSARs manually will come with a high cost and will neither be scalable nor secure in the time to come. But the highest potential cost of poorly handled DSAR requests will be the loss of customer trust and credibility.
2) The impact of privacy on AdTech
The cookie deprecation saga continues. New adtech models such as retail and commerce media will impact how customers feel about becoming a data commodity for retailers to sell to advertisers. As acceptable options to access third-party shopper data diminish, what new tactics will emerge?
Marketers must weigh new options from the lens of compliance to current and future regulations, or risk opening the brand up to new vulnerabilities or consumer resistance. For instance, digital fingerprinting methods are gaining traction in the face of receding cookies. While they are not entirely illegal, and nothing gets downloaded on the user’s device, as consumer awareness grows, these methods may erode brand credibility or invite consumer ire.
Of course, most customer-centric marketers are already building strong first-party data workflows, but investing in robust preference management centers to create zero-party data will not only elevate the trust and value equation but also foster a more collaborative privacy experience for customers.
3) The time-to-value of data privacy investments
Gartner predicts that by 2024, a large organization’s average annual budget for privacy will exceed $2.5 million, allowing a shift from compliance ethics to competitive differentiation. Smaller brands will need to make considered investments to remain compliant and competitive.
Marketing leaders who are about to start building a business case for privacy, consent, and preference investments will need to factor in what success and ROI will look like for those investments. Privacy, consent, and preference metrics will begin to matter and show up on CMO dashboards.
While earlier conversations centered around conversions and ‘opt-outs’ were seen only as an unpleasant byproduct of marketing, the tide is turning. Higher investments in consent and preference management infrastructure necessitate a conversation around metrics. In addition, analytics will need to include what impact deliberate efforts to minimize opt-downs and opt-outs have on churn and re-engagement.
4) The increasing complexity of data spread and flows
Data sprawl is real. A brand’s data is captured, processed, and used across its many apps, IoT devices, edge computing, external cloud, communities, vendors, partners, and thousands of end-points with remote and hybrid workplace models.
AI, the metaverse, and blockchain will soon start having a significant impact on consumer data processing. Biometrics and facial recognition on social media are becoming hot topics even among consumers. Employee experience with zero-trust approaches needs to be managed as well as customer experiences.
When it comes to data flow, the EU-U.S. Data Privacy Framework took decisive steps forward in early December 2022, to foster safe trans-Atlantic data flows and protect the rights of citizens on both sides. On the other hand, data localization planning too is a top priority for global companies, based on the governing regulations per geography.
Marketers working with large data sets on the cloud need to start collaborating with IT for privacy-enhancing computation (PEC) technology. These are designed to protect data in use, or on the move. Gartner predicts that by 2025, 60% of large organizations will use at least one PEC technique in analytics, business intelligence, and/or cloud computing.
5) The balance between data security, compliance, and user experience
This remains a hot topic. CMOs, CISOs, and data, legal, and tech leadership need to work closely together to develop customer-centric privacy policies. Gartner predicts that by 2024, 60% of CISOs will establish critical partnerships with key market-facing executives in sales, finance, and marketing, up from less than 20% today.
As the privacy experience is becoming central to the larger customer experience, it makes sense for marketing to take a leading role in how PX gets baked into the CX.
Today, advancements such as native integration between the Preference Management Platform (PMP) and the marketing cloud mean preference data will automatically enrich the associated contact with each additional first-party data point they provide. For marketers, this is an opportunity to design more effective and impactful marketing campaigns, and deliver the best user experiences using granular first- and zero-party data.
Self-service portals that encompass multiple elements of privacy including privacy and consent notices, cookie managers, and DSAR requests save time and costs and foster convenience, transparency, and trust. By 2023, Gartner predicts that 30% of consumer-facing organizations will offer a self-service transparency portal to provide for preference and consent management.
Marketers need to take the lead in designing the privacy experience
The World Economic Forum cites recent research to remind us that 75% of the world's population will have its personal data covered under some or other modern privacy regulations by 2024.
Failing to prepare is a recipe for disaster in this environment. The convergence of PX and CX is a golden opportunity for marketing leaders to step up and take the lead. The goal is to navigate the brand through the complex landscape, bring various stakeholders and constituents together, and create a long-term competitive advantage that will hold the business in good stead - not only through the oncoming recession but also through future disruptions. These 5 priorities offer a good starting point in this effort.
To learn more about Didomi'soffering and how we can help with your privacy and compliance efforts, book a call with our team: