When economic conditions are challenging, business leaders are under pressure to make wise spending choices and do more with less on all fronts, including marketing. At the same time, customers are pickier about the brands they choose, and increasingly perceive a poor ‘privacy experience’ as a poor customer experience (CX). 


In this scenario, ‘Privacy by Design’ presents a golden opportunity for marketers to leverage the ‘privacy experience’ as a competitive advantage to boost CX, even in a downturn. Especially in a downturn.






What is Privacy by Design and why should marketers care?


In 2009, Ann Cavoukian, the former Information and Privacy Commissioner for Ontario, Canada proposed a framework called “Privacy by Design” (PbD) - a set of 7 principles for organizations to proactively incorporate privacy into the design specifications of IT systems and business processes. 


Though defined around technology and systems, at heart, PbD is all about customer-centricity. It’s closely aligned with the marketers’ vision of customer experience. Customers themselves increasingly conflate a poor ‘privacy experience’ with a poor customer experience, and consequently, unattractive brand values. 


Being privacy-first is a must-have today, not just from the regulatory point of view, but also from the marketing point of view. Privacy by Design principles allow marketing leaders to take ownership of the ‘privacy experience’ - the sum total of a customer’s interaction with the brand around data, privacy, and preference -  and build it as a core element of customer experience. 


The tools to do this effectively include a privacy policy and mindful data collection strategy, an effective Consent Management Platform, and a customer-centric Preference Management Platform.


Recognition for Privacy by Design around the world

  • The International Conference of Data Protection Authorities and Privacy Commissioners unanimously passed a Resolution recognizing PbD as an essential component of fundamental privacy protection 
  • The U.S. Federal Trade Commission counts PbD as one of three recommended practices for protecting online privacy
  • PbD is a legal requirement under multiple privacy regulations including Europe’s General Data Protection Regulation (GDPR) 
  • In January 2023, ISO (the International Organization for Standardization) published a new standard, ISO 31700-1:2023, to operationalize and institutionalize the PbD process for digitally enabled consumer goods and services


The 7 principles of Privacy by Design seen from a marketer’s lens


Didomi - PrivacyByDesign - Principles


Now that privacy is no longer in the exclusive domain of legal, let’s look at the 7 foundational principles of PbD through the marketing lens and connect the dots back to the larger customer experience goals.


1) Proactive not reactive; preventative not remedial

Marketers should anticipate possible privacy risks when designing campaigns and data collection workflows, and build in preventive mechanisms with mindful and secure data collection.


2) Privacy as the default setting

The onus of protecting a customer’s privacy lies with the brand, not the customer. Marketers should ensure customers are not worrying about privacy while using their digital properties or products. It should be a given.


3) Privacy embedded into design

Day-to-day customer-facing business interactions, from websites to chatbots should be designed with privacy at the core, not as an afterthought. Marketers should question all design and campaign decisions from the privacy lens, not just the UX or performance lens. 


4) Full functionality: positive-sum, not zero-sum

There are no trade-offs between better privacy, stronger data security, user experience, and functionality. Marketers must ensure privacy and functionality don’t come at the cost of UX or vice-versa.  


5) End-to-end security — full lifecycle protection

For any customer data collected, managers should have full visibility into privacy through its lifecycle - from how and when it is collected, stored, processed, transported, shared, or destroyed.


To start with, marketers should be mindful of how much data they collect and whether it is needed at all.


6) Visibility and transparency — keep it open

Data owners (customers) have the right to know what data is being collected, how it's being used, and all other relevant details. They also need easy access to a redressal process when this information is not made available.


7) Respect for user privacy — keep it user-centric

Customer best interests should be at the heart of all business processes, and data protection is central to their best interests.


Preference centers let marketers take user-centricity a notch higher, by inviting customers to co-create data usage.


Privacy by Design in a downturn


The scope of customer privacy has expanded way beyond legal and IT. Brands that acknowledge the importance of theprivacy experience’ to customers will fare far better and come out of the ongoing economic challenges stronger. 


As custodians of the customer experience, marketers are also, by default, custodians of the privacy experience. This is the right time to evangelize Privacy by Design within the organization. It is also an opportunity to institutionalize and scale zero- and first-party data collection and usage. Both initiatives support the brand goal of building a hard-to-replicate competitive differentiator for the brand. 


There are several compelling reasons for marketing leaders to weave Privacy by Design seamlessly into CX design:


Times may be tough but the regulations are tougher

The laws are not going away, and nor are the privacy risks that all brands operating in the digital space are vulnerable to. Marketing activities are responsible for the most data collection, and they are most liable for data risks or violating privacy laws. The risk and cost of non-compliance will only go up and no company small or big will be spared, irrespective of the economic environment. 


Customer loyalty is at stake

43% of 20,000 European residents surveyed by Ipsos and Google said they would switch brands for a better privacy experience. Trust is a key factor in choosing the brands that customers are loyal to. This is even more important in a tough economic environment where buyers are more choosy than ever about the brands they pick.


New audience segments value privacy differently

Younger generations of digitally native customers are very particular about buying from the right brands - privacy, trust, and ‘doing the right thing’ are a big part of that. Not only are they more aware of the value of their data, but customer data privacy is a baseline expectation for them.


Simply adhering to data privacy best practices is not something a brand can earn brownie points for with new generations. Marketers need to mindfully craft a differentiated privacy experience into the overall customer experience to win their loyalty.


Executing Privacy by Design in challenging economic times


Customer-centric brands will commit to a PbD approach, recession or not. Investing in the three key components - a sound privacy policy, an effective, scalable consent management platform, and a customer-centric preference platform - is necessary. 


However, in a downturn, it is useful to approach it in a way that creates a lower impact on team resources and efforts.  Here are 3 suggestions to get started:


Adopt a layered approach to PbD 

Build a more appealing business case and secure funding for privacy-first interventions in marketing. 


For example, when it comes to data collection, 



Find the right partner to execute PbD 

To deliver cost efficiencies, speed, and watertight compliance from the onset, avoid a DIY approach. Since laws keep changing, and company processes, workflows, and geographical exchanges only get more complex, choose a partner that:


  • Allows a modular approach to privacy components, letting you plug in different parts like security, consent, and preference when needed, without disruption
  • Enables done-for-you templates for a full privacy experience without requiring additional expenses on design and customizations 
  • Automates all the key aspects of privacy by design to minimize resource requirements
  • Guarantees agility in response to changing customer data privacy regulations in all your industries, verticals, and geographies


Secure leadership buy-in 

A cost-benefit analysis helps build the right internal business case:


  • Ad-hoc fixes and patchwork solutions can cost the company unnecessarily, not just in terms of resources but also in potential fines. Centralizing privacy, consent, and preference across the organization brings operational efficiency to all privacy-related elements. 
  • Factor in the value of zero- and first-party data, which could be a hard-to-replicate competitive advantage for brands as they battle out the recession. Such data can help brands use marketing budgets far more efficiently and effectively with sharper targeting, more informed creation of look-alike segments, and better marketing ROI at a time when each dollar spent matters. 
  • Leverage real-time privacy metrics and analytics to showcase the value of the consent and preference management program, in terms of lower opt-outs, higher retention, and loyalty.


When things slow down, pick up the pace of Privacy by Design


A recent study by IAB Europe shows that customers want to ‘feel’ in control of their privacy. Marketers can take a proactive leadership role and focus on designing a privacy experience that becomes part of a stand-out CX. 


Wondering where to start? Why not with your company website? Websites can often be surprisingly less compliant than marketers expect. Get a reality check on the privacy and compliance status of any of your customer-facing websites with a free, instant Compliance Report from Didomi.


In just a few simple steps, you will learn not just if your website is compliant, but also the exact actions you should be taking to make it compliant. As a bonus, it’s the perfect way to get quick leadership buy-in for your Privacy by Design efforts! 


Get your Compliance Report