Communication Counsel: Paying the price of big data with data privacy protections
Remember when people loved throwing around “big data” in every business meeting and presentation? Well, marketers and communicators are now dealing with the repercussions of all this big data integration, thanks to an influx of data privacy rules and regulations that have started trickling down from lawmakers.
If you’ve noticed a deluge of “Accept,” “Opt-In,” “Opt-Out” and “Learn more about cookies” pop-up windows, these are just a few of the disclosures companies are now required to share with their readers and users.
When did all of this start?
Some of the first sweeping data privacy protections began in Europe. Does GDPR ring any bells? GDPR, for those who need a refresher, is the General Data Protection Regulation that was enacted in 2018. GDPR is a complex, heady regulation, but the TL;DR summary from Wired is: “There are new rights for people to access the information companies hold about them, obligations for better data management for businesses, and a new regime of fines.”
At first, those of us in the data collection realm thought the GDPR was data compliance rock bottom, but what it did was highlight the need for practical data regulation. And as trends often do (the Beatles anyone?), privacy regulation traveled the pond to become integrated in our own operations.
Data privacy in the U.S.
While GDPR was originated in the EU for EU citizens, it does not mean that U.S. companies are immune. In fact, the opposite is true. If you are a U.S.-based company, and EU residents use your site or you collect EU citizens’ personal information, then you are required to be compliant with all parts of the GDPR. Further, in addition to GDPR, individual states have begun rolling out legislation of their own.
Both California and Washington have passed privacy acts, which gives consumers the right to learn what personal data is being collected and sold and lets them prevent their data from being used for ad targeting. These acts also require companies to provide clear privacy notices and would allow consumers to correct, and maybe even delete, their data.
“If Washington’s act passes, it will go into effect in 2021, but there are more states that are starting to take this kind of legislation seriously,” says Ashley Brooks, managing partner at the Schroder Brooks Law Firm in Richmond, Virginia which specializes in advertising, marketing and media law. “Hawaii, Maryland, Massachusetts, New Mexico and Rhode Island have legislation pending. And Senator Markley (D-Mass.) has introduced a bill that would limit or prohibit companies from using an individual’s personal data, require companies to secure and protect all consumer data they obtain, and only collect the data needed from consumers to provide the services requested by the consumer.”
Lastly, the Do Not Track bill is back in Congress, which would prohibit websites that users visit intentionally from collecting or sharing data for ad targeting when users click the “Do Not Track” option.
“The Do Not Track law would be implemented and regulated by the FTC,” said Brooks. “The FTC would create a simple downloadable program available to help make organizations compliant.”
The bill also defined fines of $1,000 per person per day for willful or reckless violations, with a minimum of $100,000. Yikes.
What does this mean?
What would running a business be like with 50 separate state privacy regulations? Advertising lobbyists as well as other industry groups are pushing for a national privacy standard to try and preempt such a scenario where you could collect some data in Alabama but different data in Washington, where you can get consent one way from Delaware but another way from Illinois.
We should all pay attention to bills, acts and directives because they have significant impact on our day-to-day tactics. Do you have advertising pixels installed on your websites? This matters to you. Do you have contact forms, collecting information from prospects and leads? This matters to you.
For more resources on the ever-changing privacy regulatory landscape, check back on Brooks’ blog, The Ad Matter, and keep on eye on this blog for more scoop.