Struggling to wrap your head around GDPR, the CCPA, and other proposed data privacy legislation? It all comes down to reconceptualizing data as a privilege, not a commodity.
With only months to go before the California Consumer Privacy Act’s requirements go into effect on January 1, 2020, marketers are understandably laser-focused on compliance. The potential for hefty fines (with, yikes, no ceiling) looms large—and quite frankly, we’re all still scarred from GDPR.
No shade on the compliance wonks, but this laser focus puts us at risk of missing the data privacy forest for the compliance trees. Yes, ensuring your marketing activities are still kosher needs to be a priority (see the aforementioned fines). But that priority can’t eclipse the big picture, or we’ll forever be playing catch-up to new legislation.
If there is a single thing for marketers to understand about data privacy legislation, it is this: It fundamentally changes the nature of consumer data from a commodity to a privilege. And that means big, big things for us all.
Let’s unpack that statement.
Econ 101: A commodity is a basic good that can be bought and sold. This is the way consumer data has been treated since long before Facebook, Google, and their brethren were making headlines for harvesting data at astonishing scale (in fact, there’s a fascinating history of pre-digital consumer data brokerage spanning decades).
Two years ago, the Economist generated massive buzz with the bold statement that data is the new oil. While they were making a point about its economic value and the need for new antitrust rules, the metaphor still stands. Companies use consumer data like they might a natural resource: It gets collected and refined, bought and sold, and transformed into products.
And just like drilling for oil, data harvesting creates negative externalities—which, back to Econ 101, is a cost borne by someone other than the seller or the buyer. Where the oil industry creates negative environmental costs, the data industry creates negative social costs in the form of privacy violations and a loss of consumer trust.
Data privacy laws have the potential to blow up the old regime.
The CCPA, like its continental cousin GDPR, gives consumers new rights that in effect give them ultimate ownership over their own personal information. Both laws give consumers the right to delete the information that a company has on them, and the CCPA also allows consumers to deny the sale of their personal information from one company to another (one of several key differences between the CCPA and GDPR).
To translate: In the new world order, companies don’t own the information they have gathered about the consumers. The consumers do. And if they don’t like how companies use that information—or if they’re just bored on a Tuesday and feel like exercising some rights—they can revoke access to that information.
To be clear, neither GDPR nor the CCPA nor any proposed data privacy legislation make any of the usual marketing activities relating to consumer data illegal. It is still A-OK to gather information through form fills, cookies, etc., and it is still A-OK to buy information from data brokers, and it is still A-OK to target consumers with specific messages and offers based on the information you have about them. (NB: These laws do require some changes to how these activities are done, but the activities are still totally legal.)
The changes these laws introduce are subtler than that, but that doesn’t make their implications any less profound.
Imagine, if you will, that a critical mass of consumers exercise their newfound rights. (Yes, California’s just one state, albeit a big one—but in the very likely scenario that federal legislation is around the corner, we could get to that critical mass faster than you’d think.)
If enough consumers opt out of the resale of their information to third parties, the third-party data broker business model falls apart. At the same time, negotiating second-party data-sharing becomes prohibitively difficult. If users of Google, Facebook, and other targeted ad platforms start deleting their data en masse, that ad targeting becomes way less, well, targeted.
In sum, the digital marketing landscape as we know it is undergoing a shift of tectonic proportions.
Before you panic—the marketing apocalypse isn’t imminent. In theory, our thought experiment could come true all at once, but what’s much more likely is that consumer opt-outs will gradually erode the remaining value marketers see from those practices that consumers find objectionable. We’ll get there, just not overnight.
So we’re not about to face an extinction-level event, but we’re still facing plenty of pressure to evolve. What’s a marketer to do?
Tactically, shoring up first-party data acquisition capabilities is a logical response to the coming issues with second- and third-party data. Still, it’s not an adequate answer in and of itself. First-party behavioral and transactional data, if used in a way that make consumers uncomfortable—indiscriminately bombarding consumers with ads for products they’ve viewed, for example—will just motivate consumers to request that their data be deleted.
Preparing strategically for a more limited consumer data landscape comes down to understanding the fundamental change in consumer data from a commodity to a privilege. If consumer data is a privilege, we need to provide a compelling reason why they should entrust us with that privilege—and we need to follow through on that promise or risk having that privilege revoked.
In practice, that means giving consumers the opportunity to explicitly declare data about themselves in order to enhance their brand experience through more relevant, personalized, valuable touchpoints. It’s the right-message-to-the-right-person-at-the-right-time promise that data-driven marketing was supposed to enable in the first place. The only difference is that consumers are in control.