Anyone remotely interested in technological and sociological trends can tell that for the past decade, consumer data privacy has become a major topic worldwide. Starting with the GDPR in Europe, regulations have been popping up all over the globe, a phenomenon you can put into perspective by browsing the Data Privacy Barometer.
But why is that? How can we explain this acceleration, and how can companies prepare themselves to embrace this change? In this article, we take a closer look at the facts, before exploring the reasons behind that trend, and the ways brands can use it as a business opportunity.
The pace of data privacy regulation and customer preference activity is accelerating
Gartner predicts that by the end of 2023, 85% of US residents will live in a state with a data privacy law, and by 2024, over 80% of companies around the world will be impacted by at least one data privacy regulation.
Even as 5 US states have enforced or approved their own privacy laws - California (California Privacy Rights Act, CPRA), Colorado Colorado Privacy Act, CPA), Virginia (Virginia Consumer Data Protection Act, VCDPA), Utah (Utah Consumer Privacy Act, UCPA), and Connecticut (Connecticut Act Concerning Personal Data Privacy and Online Monitoring, CTDPA), members of Congress are also tabling multiple federal privacy bills, including those focused on children’s privacy.
Beyond the US, of 149 countries listed in the privacy barometer tracker, 127 have already enforced laws, and the rest have laws in approved or draft stages. The former group includes 45 European countries, 37 Asian countries, 34 African countries, 31 in the Americas, and both Australia and New Zealand.
Multiple countries are coming together to streamline consumer data protection requirements and fill trans-border gaps as well. For instance, the US and six other nations including Canada, Japan, South Korea, Singapore, the Philippines and Taiwan are coming together as the Global Cross Border Privacy Rules forum. The goal is to develop an international certification system that will help companies demonstrate compliance with internationally recognized data privacy standards, as well as support the safe and free flow of data across borders.
In short, the pace of data privacy regulation is growing exponentially. For any marketer or business leader operating in any part of the world today, it is important to understand the reasons behind this accelerated pace of regulation, so they can better plan what needs to be prioritized to keep brands compliant and ahead of the curve.
Factors driving the accelerated pace of privacy regulations & consumer preference activity
1. The privacy ‘push’
Regulatory bodies around the world have been proposing new, more stringent privacy laws, or amending existing regulations to upgrade what compliance entails, as well as who is covered under them. For instance, the new bipartisan draft bill of the American Data Privacy and Protection Act (ADPPA) released in June this year, will force organizations to review even basic terms such as PII and what they include. The bill will not only require them to comply with granular and stringent data protection and transfer protocols, but also demonstrate how they strive to minimize consumer data collection.
On their part, companies have been struggling not just to understand the evolving nuances of consumer privacy mixed with preference and experience, but also to streamline processes so they can comply with multiple different regulations and laws across countries and states.
Industry bodies are stepping up to bridge the gap. They are working to increase the pace of education, training, and enabling initiatives for advertisers and marketers; reduce complexity and fragmentation in the advertising ecosystem, and enable member organizations to respond to amendments in privacy laws more cost-effectively.
For instance, IAB Tech Lab, the body that sets technical standards for digital advertising in the US, recently unveiled the Global Privacy Platform (GPP) which provides all stakeholders of the advertising value chain - advertisers, publishers, and ad tech vendors - a single protocol to streamline how privacy, consent, and consumer choice signals are transmitted from publishers to ad tech providers.
Such initiatives, coupled with more mature technology solutions to address privacy, preference, and compliance as part of the operating model, are creating a push for consumer privacy.
2. The privacy ‘pull’
In a recent speech, Lina M.Khan, Chair of the Federal Trade Commission (FTC) questioned the validity and relevance of the dominant ‘notice and consent’ framework most companies use at present. This framework requires consumers to either give consent, or risk losing access to the service altogether. However, in an age when privacy and preference are becoming central to consumer trust and experience, companies must do better than that.
Multiple surveys have shown us that a majority of consumers want more choice and control over their data. A recent Washington Post-Schar School poll surveying more than 1,100 adults found a wide distrust, particularly of social media companies, with 73% calling data collection for ad targeting, “unjustified,” and 64% saying the government should do more to regulate privacy.
More customers are taking extreme measures to opt-out of data systems altogether. This 2021 state of the CCPA report showed a dramatic rise in the volume of Data Service Requests (DSRs) from 2020, nearly doubling the cost of response and compliance for companies. With the amended California Privacy Rights Act (CPRA) and other new state laws, the trend is projected to accelerate.
Consumer awareness of their right to limit and control the way their data is collected, used and shared is growing; and privacy regulations such as CCPA and GDPR are giving their efforts some real teeth. To support and enable them, new initiatives to educate consumers about their rights, and the tools or resources to enable them are also emerging.
For instance, a coalition of search engines and publishers including Brave, Duck Duck Go, Mozilla, The New York Times, and The Washington Post are coming together to form the Global Privacy Control initiative, with the aim of making it easier for consumers to exercise their data subject rights and communicate their preferences to publishers via browser extensions.
Such education and empowerment initiatives are creating the ‘pull’ for brands to take definitive action towards privacy and preference investments.
3. Blending of privacy, preference and experience
Privacy is no longer just a matter of legal compliance or IT protocols.
Customer-centric brands have realized that the privacy paradox - balancing the customers’ need for relevance and personalization with their need for privacy protection - is also an opportunity to add a new dimension of trust to their relationships, and deliver even better customer experiences.
However, they also realize that a fragmented approach to addressing the geographically diverse regulatory landscape would be more expensive and operationally challenging to manage, while leaving room for inadvertent non-compliance and non-cohesive brand experiences.
To address this, global brands like Société Générale are increasingly investing in a centralized approach to privacy and preference management, across all their customer touchpoints. Not only does this make it easier to manage compliance across geographies, channels and devices, but the resulting seamless experience creates customer preference, and ultimately, better profitability.
Equally important, such initiatives make consumer data privacy efforts more visible across all geographies - not just the heavily regulated ones; and raise the bar (and awareness) of how both - regulatory and customer expectations can be met.
4. Multiple associated trends which support the acceleration of data privacy regulations
- Growth of data-consuming customer industries such as edtech, health tech, and digital payments, where recording customer behavioral data is an intrinsic element of service delivery, demands an urgent pace for developing privacy laws and data use regulation in these industries.
- Mainstreaming of brand presence on Web 3.0: the metaverse, AR, VR, and all their attendant data, privacy and preference related challenges are coming. Business leaders need to prioritize conversations with key stakeholders to better understand and prepare for them, as they expand their brands into these emerging spaces.
- The growth of AI and automated decision-making technologies across a wide swathe of industries and use-cases has its own legal implications when it comes to adhering to privacy regulations and individual rights granted under laws such as GDPR.
- The remote/ work-from-anywhere trend: the more decentralized traditional offices become, the less IT can control how data is stored, used, and shared across all the end-points around the world. Data security is closely related to data privacy, and the conversation around who can handle data and how is a growing one.
- An evolving data economy: brands and consumers are experimenting with new and interesting ways to control and manage individual data. And it’s a wide spectrum, from Apple’s App Tracking Transparency, which hands control over data usage to customers; to Project Red Card, which seeks to disrupt the sports betting industry.
- Phasing out of third-party cookies and the commensurate increase in first-party data investments requires brands to build solid compliance and privacy workflows.
- The growth of data-driven martech solutions such as CDPs is facilitating the faster and smoother adoption of consent and preference management platforms.
Focus on trust to keep up with regulations and customer expectations
The take-it-or-leave-it ‘notice & consent’ approach, while table stakes today, already seems out-of-touch with the market. Thanks to the growing pace of consumer data privacy regulations, and the factors driving that growth, consumers today care equally about how brands are asking for opt-in or allowing opt-out, as they are about what data they are asking for and why.
No wonder Gartner predicts that soon 30% of consumer-facing organizations will offer a self-service transparency portal to adequately address preference and consent management, while keeping pace with evolving and emerging regulations with resources such as the privacy barometer.
These CX leaders know that giving customers control over their data is not at odds with using data effectively for the brand to stay competitive. The truth is, if data is the engine of the digital economy, then trust is the oil that runs it. Making them work together can result in a win-win for all - the consumers, the regulators, and the business.