Marketing privacy news, trends and how-to guides | MarTech MarTech: Marketing Technology News and Community for MarTech Professionals Thu, 13 Apr 2023 17:02:29 +0000 en-US hourly 1 https://wordpress.org/?v=6.1.1 Italy lays out requirements for ChatGPT’s return https://martech.org/italy-lays-out-requirements-for-chatgpts-return/ Thu, 13 Apr 2023 16:54:41 +0000 https://martech.org/?p=383571 Regulators say OpenAI must inform users why and how data is being used, give them ways to opt out and prevent anyone under 13 from using it.

The post Italy lays out requirements for ChatGPT’s return appeared first on MarTech.

]]>
On Wednesday, Italy’s data protection agency laid out what OpenAI must do before ChatGPT can operate again in the nation. The company took the AI chat app offline in Italy last month after the government restricted its data processing and launched an investigation into privacy breaches.

OpenAI has until April 30 to inform Italian users of “the methods and logic” behind the processing of data and provide a way for them to exercise their existing personal data rights. Longer-term deadlines were also given for age-gating to the app and launching an awareness campaign so Italians know what their rights are.

Why we care. Italy is the first EU nation to take any regulatory action on ChatGPT. In the past most EU restrictions around privacy have come from France and Germany. Spain has also requested the EU’s privacy data protection board to look into ChatGPT’s practices.

As generative AI technology continues to evolve, regulators are taking a hard look at its use of user data across the web, especially when large language models are trained on that data without the consent that GDPR law requires.

Conditions for ChatGPT’s return. OpenAI has until April 30 to inform users in Italy about how data is used in its algorithms to run its AI models. 

OpenAI will also have to provide tools that allow those whose data is used — including users and non-users — to request a correction of data inaccuracies or to have the data removed if a correction isn’t possible.

Age verification. OpenAI has until the end of September to install a robust age verification system that keeps out users under age 13. And they must submit a plan for this system by the end of May.

Additionally, users aged 13 to 18 who don’t have parental permission will also need to be restricted from using the app.

Campaign. As another condition for lifting the ban, OpenAI will need to launch a local awareness campaign on radio, TV and digital to educate Italians about ChatGPT’s processing methods and data usage. The company has until May 15 to launch the campaign.


Get MarTech! Daily. Free. In your inbox.


The post Italy lays out requirements for ChatGPT’s return appeared first on MarTech.

]]>
MarTech Salary and Career: Saidah Abdulhaqq on the making of a unicorn https://martech.org/martech-salary-and-career-saidah-abdulhaqq-on-the-making-of-a-unicorn/ Wed, 05 Apr 2023 15:50:33 +0000 https://martech.org/?p=378675 "It's hard to be a generalist in marketing technology. You definitely have to be a specialist to really do the work that we do well."

The post MarTech Salary and Career: Saidah Abdulhaqq on the making of a unicorn appeared first on MarTech.

]]>
As part of the MarTech Salary and Career Survey, we interviewed people about their experiences in marketing. Today we’re talking to Saidah Abdulhaqq, senior digital architect at Enterprise Holdings. Her career path has been “typical” for a marketing technologist in that it’s atypical and results in a specialist who has also done some of everything. 

Q: How did you get to where you are today?
A: My career path has been an irregular one, to say the very least. I have a degree in English, which certainly works towards marketing, but since I work in marketing technology, it kind of makes less sense to most people. After I did my degree, I worked a lot in early internet communications, like the keyword stuffing type of online articles and things to bring people in to websites.

I moved more into generalized content and then, through the recommendation of my husband, into more of an analytics role. This made use of some additional training for understanding programming languages, not necessarily being able to be a programmer but to understand the context around them. And from that moving into more specific digital marketing, which is very data-driven experience. 

Dig deeper: Marketing technologists are well-rewarded

I’ve been working in really highly privacy-focused marketing, for Medicare and Medicaid organizations before getting into the role that I am in now, which is specific to marketing technology, but also still very much focused on the privacy operations kind of element of marketing. 

I wouldn’t necessarily call myself truly a marketer because I don’t do any of the brand content, SEO, e-mail, marketing automation or anything like that. It’s more of the foundational elements 

Q: What’s the biggest challenge for martech?

A: The biggest issue that I’ve seen in marketing technology truly [at previous places I’ve worked] is a lack of understanding and awareness of the value at the leadership level. In my experience a lot of leadership will be very operations focused. It’s kind of like the short term wins focus mentality. The thought they have about marketing is that marketers make things pretty. It’s a long-term perception that marketing and advertising are the same thing, which they are not. 

Bringing in the data and the analytics is a really important layer that a lot of leadership are only just starting to understand. Not having that understanding means that they don’t give the buy in, they don’t invest in the technologies. They don’t think about the foundational marketing tool strategies or governance strategies and things like that. 

Dig deeper: 20 ways to make your marketing team more productive

As a result, it winds up being very reactive when it comes to marketing technology. That’s not the case with the work that I’m currently doing because [Enterprise has] much more of a proactive take on the importance of marketing technology. They’re starting to really look at it as an important foundational element and putting in the budget. 

Q: I know you want to expand your team, are you having trouble finding people with the skills you need?

A: Yes. The reason why there are very few people who can do marketing technology in the way that it needs to be done is because we tend to be very much unicorns. There’s a certain subset of us who grew up with the internet and who saw the changes and worked in them. 

I personally have worked in just about every part of digital marketing technology and digital marketing from content to wireframing websites, to implementation, access management, implementation of advertising and implementation of an analytics platform. Because I’ve had this much experience, I’m able to look at the privacy operations part of it from a very different lens. 

That’s the way things went for every member of my team. We’ve got some members of the team to focus on tagging and analytics operations, some that focus on site speed, some that focus specifically on how best to optimize content on the site.  Each of us went kind of in our very, very unique paths and there’s not a lot of people who have that experience or knowledge or even interest in doing many different things to get that one particular focus.

There is the potential for that to happen with training, but I think it will take some time. It will also take a unique subset of individuals who are interested in both marketing and technology and are willing to do that super deep dive into one very specific area. It’s hard to be a generalist in marketing technology. You definitely have to be a specialist to really do the work that we do well.

Career And Salary Cover E1680028580553 800x563

Download the survey here (no registration required).

The post MarTech Salary and Career: Saidah Abdulhaqq on the making of a unicorn appeared first on MarTech.

]]>
career and salary cover
Why we care about data management platforms https://martech.org/why-we-care-about-data-management-platforms/ Tue, 21 Mar 2023 15:11:30 +0000 https://martech.org/?p=360169 Explore data management platforms in depth — what they are, why they are important and their future in a privacy-focused landscape.

The post Why we care about data management platforms appeared first on MarTech.

]]>
Consumers buying products and services across various online channels leave a trail of every digital marketer’s most important asset — data. But this data is worthless if it can’t be collected, organized and put to use. 

That’s where data management platforms (DMPs) come in. DMPs allow marketers to understand customers and their purchasing behaviors better. This leads to more effective marketing campaigns that drive higher engagement and sales. With DMPs, marketers can glean insights into which campaigns drive the best results among target audiences.

This article looks at data management platforms in depth — what they are, why they are important, what they are used for and their future in a privacy-focused landscape. 

Table of contents

Estimated reading time: 5 minutes

What is a data management platform?

A data management platform is exactly what the name suggests. It is a digital platform that allows businesses to collect, store and organize data that is then used and analyzed to drive marketing and other business decisions. DMPs collect data related to:

  • Customer demographics.
  • Purchasing history.
  • Website clicks.
  • The online registration forms they fill out.
  • And other sources.

This information is then segmented to provide businesses with actionable insights and a clear understanding of customers and their purchasing habits. 

While DMPs can use first- and second-party data, they heavily rely on third-party data from online sources. The differences between data sources are essential. 

  • First-party data is information collected directly from your audience, like website clicks, social media follows, likes and comments, email addresses, etc. It’s considered extremely valuable because it’s collected first-hand, assuring greater accuracy and availability. 
  • Second-party data is first-party data that someone else has collected and sold to you.
  • Third-party data is gathered by entities that don’t have a direct relationship with the consumers whose data is being collected. 

Once data is collected, DMPs organize it into segments so marketers can build specific campaign audiences. These audiences can be people who fit into certain demographics or purchasing behaviors. Audience segments are built using any number of data points, like family size, household income and age ranges. 

Most DMPs have reporting features for analyzing audience data to discern patterns and understand customer behavior. Because large portions of the data DMPs collect are anonymous (via cookies and IP addresses, for example), marketers get the 10,000-foot view and create generalized audience profiles.    

DMPs vs. CDPs

DMPs aren’t the only avenue by which brands and businesses can harness the power of data. Customer data platforms (CDPs) are similar to DMPs in that they collect information, organize it and provide actionable insights. 

But there is one significant difference: CDPs generally only use first-party data and collect and store specific information about customers using personal identifiable information (PII). CDPs connect the data points gathered back to the individual user, providing even better knowledge about customers and their behaviors. 

For example, with DMPs, marketers might know that a user in a specific age group in a specific geographic area searched for women’s skincare products and is interested in workout gear and running shoes. 

A CDP could tell you that user’s name, specific age, address and other identifying information. Also, because CDPs don’t rely on third-party data (i.e., third-party cookies) to collect information (remember, first-party data is gathered with permission), privacy and consent issues are less of a concern than those currently associated with DMPs which gather and use third-party data. 

Data protection laws

Marketers should note that legislation, like the EU’s General Data Protection Regulation (GDPR) and, stateside, the California Consumer Privacy Act (CCPA), protects consumers as it relates to their personal data and defines guidelines for any businesses that use — or share — that data.

Consumers are more aware of online privacy issues now and expect transparency about how their data is used. Marketers must tread carefully and be prepared for how this continuing evolution will impact their strategies and tools, including DMPs.

The future of data management platforms 

Central to the privacy discussion — and the compliance issues introduced by GDPR/CCPA — is Google’s plan to phase out third-party cookies in the second half of 2024. Created by advertising companies, these cookies track website visitors across the web to gain information about where consumers go and, crucially, what they buy. 

Because DMPs have historically relied heavily on third-party data to fill their pipelines, a future without third-party cookies would mean platforms must gather customer information from different sources, such as point-of-sale and social media. 

In an online environment without third-party cookies, many believe that DMPs are becoming redundant — with marketers increasingly turning to CDPs. That said, it’s probably premature to say that the platforms will become extinct anytime soon. DMPs will likely evolve as the conversation on data privacy and third-party cookies plays out. 

One solution seems simple, pivot more wholly to first-party data. Some DMPs, like Lotame’s so-called next-gen Spherical platform, already primarily utilize first-party data, the benefits of which are already well documented.

Brands and marketers should continue to focus on building customer experiences and providing reasons for customers to engage. Ultimately, all this will help increase the volume and quality of data collected.

Dig deeper

Want to learn more?


Get MarTech! Daily. Free. In your inbox.


The post Why we care about data management platforms appeared first on MarTech.

]]>
3 privacy-centric solutions for marketing compliance https://martech.org/3-privacy-centric-solutions-for-marketing-compliance/ Thu, 16 Mar 2023 14:43:10 +0000 https://martech.org/?p=359983 Stay ahead of changing regulations and consumer sentiment with these privacy-centric solutions for marketers.

The post 3 privacy-centric solutions for marketing compliance appeared first on MarTech.

]]>
Data protection and privacy are at the forefront of marketing conversations today as consumers demand greater control over their data. This year will see a renewed emphasis on regulatory compliance as five additional U.S. states roll out new privacy legislation. ​

Between growing consumer concerns, technological changes and mounting data protection legislation, companies that do not address the need for data privacy will inevitably take a hit, especially in terms of user confidence, credibility and reputation.

This article covers three privacy-centric solutions for marketers looking to comply with privacy regulations.

Data privacy compliance in marketing

Courts are increasingly holding companies accountable for flouting data privacy regulations. We can expect to see more of these cases in the coming year. 

The news of large retailers getting sued or fined for privacy breaches is having an impact on consumers. Their increased awareness of the data collected for tracking and marketing has raised the expectations around privacy protection. We must adopt privacy-centric marketing solutions to cater to changing consumer demands.

While third-party cookies reigned supreme in the early and mid-2000s, they are blocked in Safari and Firefox today. Edge limits some third-party cookies, and Google is working to phase them out in Chrome by 2024. 

Luckily, marketers have a variety of privacy-centric solutions to help them stay ahead of changing regulations and consumer sentiment.

Dig deeper: Why we care about compliance in marketing

Privacy-centric solutions for marketers 

There is no one-size-fits-all solution to privacy matters. Organizations must weigh their options to identify appropriate solutions catering to their specific needs. As marketers, we can — and should — use multiple solutions to become more privacy-centric. 

With the sheer number of solutions, knowing what is right for your business and how to prioritize can be hard. Server-side tagging and conversion APIs, consent management platforms and Google’s Consent Mode are good places to start.

While other privacy-centric solutions are nice-to-haves, consent management platforms (CMPs) are virtually mandatory. CMPs are crucial in blocking cookie usage unless users consent to storing and tracking their data. 

CMPs help you gain insight into the personal data lifecycle to track and respond to consent preferences. A correctly installed CMP can minimize the impact on marketing teams and build more content-driven and profitable relationships with today’s privacy-focused customers. 

As legal requirements differ by jurisdiction and user experiences vary between device categories and browsers, CMPs must be customizable. Website visitors should easily understand the cookie banner when asking for consent to track cookies. 

Moreover, the cookie banner should match the look and feel of the brand’s website and be easy to use. If your company needs a CMP, keep a few questions in mind: Which CMP balances out user expectations, data collection needs, legal requirements and is easy to use?

Dig deeper: Going beyond cookie consent: 3 strategies to achieve data compliance

2. Server-side tagging and conversion APIs 

Server-side tagging and conversion APIs are among the most mature and best-tested solutions to increase privacy resilience for marketers. Rather than sending network requests to and getting responses (including cookies) from third-party vendors, you only need to add a proprietary, cloud-based solution in between that grants you:

  • Full access and control over the data collected.
  • The ability to transform it before passing it on to vendor platforms. 

For example, server-side tagging in Google Tag Manager (GTM) allows for data collection in a server container in Google Cloud. With Conversions API, we can share key events — both on and offline — with Meta. Setting up server-side tagging in GTM can help you easily deploy Facebook’s Conversions API on top. 

Server-side tagging and conversion APIs address multiple challenges simultaneously: 

  • No third-party cookies are used that can be restricted by browsers or browser extensions. 
  • Data can be transformed, including anonymized and masked, before being passed on to vendors (data endpoints).
  • The client load is reduced by removing code such as JavaScript libraries from having to load in the browser. 

Consent mode is among the additional privacy solutions Google offers to bridge the gap between legislation, user experience and tracking. It is a GTM feature that integrates with many CMPs — including OneTrust and Didomi — to orchestrate GTM tags based on users’ opt-in or opt-out preferences. 

If a user opts out of cookies, consent mode sends cookieless pings to Google servers to model traffic of opted-out users in Google platforms, including Analytics and Ads. These cookieless pings are considered compliant with existing privacy legislation by Google. 

They do not contain personal information, but it’s always important to consult your corporate counsel to ensure compliance.

Dig deeper: Why data compliance is more than consent management

Moving forward with privacy-centric solutions

Everyone providing online services ought to know their clientele and corresponding expectations well, including their existing user base and total addressable audience. Work with your legal and UX/UI teams to identify appropriate solutions for the changing ecosystem. Those solutions need to be frictionless, user-friendly and legally and technologically compliant.

Depending on your investment in media, work with vendors and media partners to identify solutions that mitigate the impact of tracking limitations. Most importantly, ensure that your consent/cookie management is compliant in all jurisdictions you operate in.

The world of privacy-centric solutions is vast. Investing in multiple platforms that work in tandem with one another can help ensure compliance with regulations and consumer mindsets while measuring the success of your marketing campaigns and generating ROI. 


Get MarTech! Daily. Free. In your inbox.


The post 3 privacy-centric solutions for marketing compliance appeared first on MarTech.

]]>
75% of marketers still rely heavily on third-party cookies https://martech.org/75-of-marketers-still-rely-heavily-on-third-party-cookies/ Thu, 09 Mar 2023 19:27:28 +0000 https://martech.org/?p=359715 45% of marketers are spending at least half their budgets on campaigns and other activations based on third-party cookies.

The post 75% of marketers still rely heavily on third-party cookies appeared first on MarTech.

]]>
Cookie-based advertising is on its last legs, but not enough marketers have moved on. A full 75% of marketers still rely heavily on third-party cookies, according to a new Adobe study.

Going in the wrong direction. Some 45% of marketers are spending at least half their budgets on campaigns and other activations based on third-party cookies, according to the study. The report surveyed 2,667 full-time marketing and customer experience leaders in the U.S., Europe, Australia, New Zealand, Japan and India.

Surprisingly, 64% plan to increase their spending on cookie-based activations this year.

Dig deeper: 3 ways marketers can prepare for a cookieless future

Writing on the wall. The real head-scratcher is how many marketers are aware of the opportunities lost when overlooking cookieless environments. Eight-three percent say at least 30% of their market is in environments where third-party cookies don’t work, the study found.

Nearly half of companies say over 50% of their potential market is found in cookieless environments like social media platforms and on Apple devices.

As a consequence, over three-quarters expect the end of third-party cookies will hurt their businesses, Adobe found. Thirty-seven percent expect a moderately negative impact, 23% expect significant harm. And 16% of marketers said the end of cookies will be “devastating” to their businesses.

Why we care. To be fair, marketers aren’t going all-in on cookieless strategies because tech giants like Google are waffling on their phase-out.

Brands should take a nuanced approach in order to meet their customers where they are and whether those environments use third-party cookies. But they should also keep in mind the spirit of the cookie phaseout, which is built around consumer privacy and trust. Deep relationships with customers are forged through intentional data sharing, where each side knows what the other knows.


Get MarTech! Daily. Free. In your inbox.


The post 75% of marketers still rely heavily on third-party cookies appeared first on MarTech.

]]>
IAB Tech Lab launches first clean room standards https://martech.org/iab-tech-lab-launches-first-clean-room-standards/ Thu, 16 Feb 2023 18:48:59 +0000 https://martech.org/?p=359096 The data clean room standards include DCR Guidance & Recommended Practices and will be open for public comment for 60 days.

The post IAB Tech Lab launches first clean room standards appeared first on MarTech.

]]>
IAB Tech Lab today announced the launch of its Data Clean Room (DCR) Standards portfolio, which includes the release of DCR Guidance & Recommended Practices, and also Open Private Join & Activation (OPJA) specifications. The standards will remain open for public comment for 60 days, until April 17, 2023.

As part of their Building for Privacy Series, the organization also released a primer for clean rooms that outlines the industry with definitions and concepts, and includes a roadmap of future clean room proposals and initiatives.

Why we care. Over the last two years, data clean rooms have emerged in digital advertising as a way for publishers, advertisers and their tech partners to share data for matching ads with individuals in a privacy-compliant manner The establishment of clean room partnerships by independent adtech companies, as well as the roll out of clean-rooms-as-a-service by AWS, has created a diverse field of offerings difficult to navigate without clear definitions and standards.

Dig deeper: Why we care about data clean rooms

Guidance and efficient interoperability. “There is already a multitude of clean room vendors available, each with their own unique data-sharing mechanisms that their clients must work with,” said Shailley Singh, Executive Vice President, Product & Chief Operating Officer, IAB Tech Lab, in a release. “IAB Tech Lab is collaborating with the industry to create technical standards guidance and more efficient interoperability, which will make it easier for advertisers to leverage emerging and exciting DCR technology.”

“As this segment of the ecosystem matures, vendors can adopt IAB Tech Lab’s growing library of clean room standards to enable interoperable data collaboration use cases,” said Bosko Milekic, Chief Product Officer and co-founder for clean room technology company Optable, in a statement. “The goal is to enable secure, purpose-limited and privacy-protected data collaboration no matter who uses which technology provider and to do so while minimizing data movement.”

DCR Guidance and Recommended Practices. This document outlines baseline expectations for DCRs. It establishes the standards for privacy and security of data used in the clean room technology, so that data owners can be certain that data is safe and secure.

The new specifications offer guidance across various DCR use cases in digital advertising.

Open Private Join and Activation (OPJA). OPJA specifications help define interoperable clean room interactions, and were developed within IAB Tech Lab’s Rearc Addressable Working Group. The goal is to provide a framework for different parties to enhance audience activation in advertising without transferring personally identifiable information (PII) from one partner to the other.

This library of purpose-build specifications aims at providing the rules of the road between different vendors. Establishing and defining these interactions and use cases will make it easier for data owners to collaborate, making data clean rooms truly interoperable as the DCR marketplace matures.


Get MarTech! Daily. Free. In your inbox.


The post IAB Tech Lab launches first clean room standards appeared first on MarTech.

]]>
Why we care about compliance in marketing https://martech.org/why-we-care-about-compliance-in-marketing/ Fri, 27 Jan 2023 14:43:50 +0000 https://martech.org/?p=358345 Complying with marketing regulations is paramount, as consumers — and governments — have become more privacy-conscious.

The post Why we care about compliance in marketing appeared first on MarTech.

]]>
Marketing compliance laws and regulations are nothing new. Until relatively recently, marketing regulations rarely went beyond the realms of trademark, truth in advertising and similar areas of consumer protection.

The 21st century changed much of that. Data got faster, cheaper and more voluminous. Search engines, social networks, tracking widgets and more have made it easy for even the most novice of two-bit marketing organizations to get the most direct form of customer insight — in the form of something akin to outright surveillance.

It’s not exactly a secret. One of the biggest developments to happen in the world of marketing is that the average consumer has become increasingly aware of the kind and volume of data that’s being collected, analyzed and used to market to them.

Martech bulls have clung to this realization as a justification for going further in their bids to move from buyer personas to buyer dossiers. They cite research purporting customers demand that marketers focus on personalization and seamless omnichannel experience. Marketers have entered an arms race of who can suck up and best use the most personal data.

But just as CX-focused consumers have noticed these trends, so too have the privacy-focused ones and their government representatives.

As never before, marketers need to be alert to consumer sensitivity about data and privacy issues — and need to recognize that trust is supremely important when consumers decide which brands they want to engage with.

Dig deeper: Build trust, gain sales

In this article:

The EU’s GDPR

The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. This is in no small part the culmination of European sentiment toward data handling practices in the U.S. and general antipathy towards Big Tech. The law was notable for governing behavior that did not actually take place in the EU.

One of the fundamental premises of GDPR is that if a company controls or processes data belonging to an EU subject, that company is violating GDPR and is liable for penalties. Regardless of where in the world that company is located and where in the world its data collection, controlling or processing took place.

And those penalties can be steep. GDPR drastically elevated the maximum fines for which companies would be liable under prior European privacy laws. A GDPR violator may face a fine as high as €20 million (~$21.7 million) or 4% of total annual revenue globally.

GDPR was the broadest, most severe and most sweeping data protection law worldwide — at the time.

GDPR analogs

Although it’s been less than five years since GDPR was enacted, the world has become increasingly privacy-conscious. More laws and regulations, each with their own regional (and nationalist) quirks, have sprung up, including in Canada, Brazil, Indonesia and elsewhere. In the wake of Brexit, the UK ditched EU governance but kept its own version of GDPR (UK GDPR).

One of the most recent and, arguably, the most significant of major privacy laws is China’s Personal Information Protection Law (PIPL). PIPL is China’s analog of GDPR for that country’s own citizens, but stricter in some areas. For instance, the handling of “sensitive information” (i.e.,  categories of personal information receiving enhanced protection, including but not limited to data involving health, race, politics, religion and more) requires the data subject’s express consent — a high bar not even necessarily required in the EU under GDPR.

But what makes PIPL stand out even more from GDPR is the potential severity of the penalties. Under PIPL, grave violations may put a perpetrator in debt to the Chinese government to the tune of the greater of ¥50 million (equal to about $7.37 million) or 5% of their total global annual revenue, plus any and all “unlawful income.”

Additionally, employees and directors of the violating company may face personal liability up to ¥1 million (~$147,000), be suspended from the same kind of employment in China and/or have their social credit scores in China negatively impacted.

Meanwhile, the United States has gotten into the privacy act (so to speak). There are a few niche laws and regulations affecting privacy at the federal level in the U.S. For instance, the Children’s Online Privacy Protection Act (COPPA) impacts how companies can collect data involving or potentially involving minors, while a variety of other laws may incidentally overlap with data privacy concerns. But a U.S. version of GDPR at the federal level has yet to come into being.

Stateside, there has been more action. It all started with the California Consumer Privacy Act (CCPA), which came into effect about a month after GDPR did. The law was openly a GDPR-lite adaptation, applying not just within California but worldwide to certain businesses handling the data of California residents.

Since then, other states — Virginia, Colorado, Connecticut and Utah — have promulgated their own versions, all going into effect this year. (Virginia’s Consumer Data Protection Act (CDPA) has already gone into effect this year, as of January 1.) 

Each state’s consumer privacy law is a bit different, not so much that you can’t glean the gist once you know the requirements of one of them, but more than enough if you’re a marketing, IT or compliance organization that has to stay abreast of these things.

California, too, has passed yet another privacy law, the California Privacy Rights Act (CPRA). Going into effect in July of this year, CPRA updates and amends CCPA. The amendments add and more clearly define new consumer data rights. They also establish a new state agency dedicated to handling the administrative enforcement powers of CCPA and CPRA.

And it’s all just the tip of the iceberg stateside. Other states are at various stages of developing their own respective privacy laws.

“State-level momentum for comprehensive privacy bills is at an all-time high,” reads a statement from the International Association of Privacy Professionals (IAPP). “Although many of the proposed bills will fail to become law, comparing the key provisions helps to understand how privacy is developing in the United States.”

Indeed, Virginia’s CDPA recognizes “sensitive information” and provides special protections for such information — but California’s CCPA in its original form does not. Now, California’s CPRA rectifies that, taking a cue from Virginia and providing enhanced rights for California residents related to sensitive categories of personal data.

Common privacy law provisions

Obviously, not all privacy laws and regulations are alike. Even laws and regulations that share similar provisions may differ in the bounds and mechanics of those provisions. 

That said, here is a general overview of some of the rights and duties that may be found in some of these laws.

Consumer/data subject rights. An individual variously may be able to demand:

  • Confirmation: …that a data handler confirm or deny whether or not it possesses/handles/processes their data.
  • Access: …to their data such as a data controller may hold.
  • Portability: …that a data handler disclose the data subject’s information in a common file format.
  • Correction/rectification: …that a data handler correct their personal information if outdated or otherwise wrong.
  • Deletion: …that a data handler delete their personal data.
  • Opt-out: …that a data handler refrain from or stop processing their personal information in some way, such as selling the data subject’s data, constructing a personal profile of a data subject based on their information or making decisions about that data subject through automation (i.e., without human input).

Additionally, some data privacy laws grant a data subject or consumer a right of private action (i.e., the right to sue a data handler or other entity for violations of the given law). Notably, some data privacy laws, like Virginia’s CDPA, do not grant this right.

Other duties

Under various privacy laws, data handlers owe duties not only to individual consumers or data subjects but also to the government itself. These may include duties to:

  • Give consumers/users/data subjects notice about the data handler’s data practices and related information.
  • Conduct a privacy and/or security risk assessment.
  • Refrain from processing certain kinds of data in certain ways.
  • Disclose breaches, data exposures and similar events.
  • Develop and abide by policies for collecting and/or handling minors’ personal data in an even more protected manner than other personal data.

Other laws

While data privacy laws across the world are perhaps the most nascent and complex to impact marketing practices, there’s more to marketing compliance than data privacy and data stewardship. Much older laws continue to place limits on what is considered acceptable marketing.

While this list is in no way exhaustive, it is common for various jurisdictions to have laws proscribing the following:

False advertising

In general, advertising must be truthful. Marketers constantly look for ways to stretch this (under English common law, the UK and the  U.S. have long allowed for “mere puffery” — for instance, that a product is “the best”). But if you’re claiming that your product is, say, compatible with iOS devices, it better be compatible with iOS devices.

Misleading, deceptive or unfair claims

General consumer protection laws are a heightened version of false advertising laws, banning what are called “unfair” and “deceptive trade practices.” This can include misleading claims, even if “technically true.” These laws are far broader than even that, affecting business practices in general. For instance, paying for online reviews may be prohibited by such laws.

Industry-specific laws and regulations

Other laws and agencies, as well, generally prohibit misleading claims. For instance, in the  U.S., the FDA regulates advertising claims related to health and medicine, while the SEC regulates statements, disclosures and advertising about investments. 

Companies in highly regulated industries like healthcare and finance are restricted not only in what they can say but the context of what they say and how they can say it. 

Pharmaceutical advertising, even if as innocuous as a piece of conference swag with the brand name and logo of a drug featured on it, may need clearance from the FDA. An investment firm may face SEC action if it makes embellished claims or if it makes subject claims in violation of disclosure regulations.

Trademark infringement

Trademark laws are often less about banning anyone in the world from ever using a word or phrase or logo (or sound or color or even smell) and more about:

  • Avoiding customer confusion.
  • Preventing businesses from trading on the goodwill of another business. 

To that end, even advertising that is deceptively similar to an in-effect trademark, even if not quite the same, can be infringing. 

Sometimes (though not always), PPC and backend SEO practices that use a competitor’s trademark can be deemed an infringement. (For instance, bidding on your competitor’s company name).

Influencer marketing disclosures

If you’re working with a social media influencer, generally that influencer should clearly and conspicuously disclose that they were compensated for posting about your company, product or service. Failures to do so may create liability for both the company and the individual influencer, as per FTC regulations.

Disclaimer: This article is provided for informational, educational and/or entertainment purposes only. Neither this nor other articles here constitute legal advice or the creation, implication or confirmation of an attorney-client relationship. For actual legal advice, personally consult with an attorney authorized to practice in your jurisdiction.

The post Why we care about compliance in marketing appeared first on MarTech.

]]>
Feds finally file anti-monopoly suit over Google’s adtech https://martech.org/feds-finally-file-anti-monopoly-suit-over-googles-adtech/ Tue, 24 Jan 2023 19:17:17 +0000 https://martech.org/?p=358330 The suit seeks to force the tech giant to get rid of its ad businesses and engaging in allegedly anticompetitive practices.

The post Feds finally file anti-monopoly suit over Google’s adtech appeared first on MarTech.

]]>
The Department of Justice has filed its long-threatened antitrust lawsuit against Google, accusing the company of using its adtech to create a monopoly. The suit seeks to force the tech giant get rid of its ad businesses and stop the company from engaging in allegedly anticompetitive practices.

“Having inserted itself into all aspects of the digital advertising marketplace, Google has used anticompetitive, exclusionary, and unlawful means to eliminate or severely diminish any threat to its dominance over digital advertising technologies,” the lawsuit says.

Why we care. Google simultaneously acting as broker, supplier and auctioneer of online ads has always been problematic at best. As Sen. Mike Lee (R-Utah) put it, “The conflicts of interest are so glaring that one Google employee described Google’s ad business as being like ‘if Goldman or Citibank owned the NYSE.’” Cracking down on monopolistic business practices does great things for the consumer and the economy. The breakup of AT&T in the 1980s is why communication is so inexpensive and widespread today.

In the past, Google has rebutted monopoly claims by pointing to the large number of other companies which facilitate online advertising. The company did not respond to a request for comment today. 

Dig deeper: Google offers adtech unit changes to fend off antitrust lawsuit

This is the fifth antitrust lawsuit filed by state and federal officials against Google since 2020. That year a group of states led by Texas filed an antitrust lawsuit over the company’s advertising technology, while the DOJ and another group of states sued Google over claims that it abused its dominance over online search. In 2021, several states also sued over Google’s app store practices.

Dig deeper: Antitrust bill could force Google, Facebook and Amazon to shutter parts of their ad businesses

Google and other tech giants are currently under pressure from governments around the world trying to restrain their power over online information and commerce. In the European Union, Amazon, Google, Apple and others have faced antitrust investigations and charges, as well as new laws limiting the use and collection of consumer data.


Get MarTech! Daily. Free. In your inbox.


The post Feds finally file anti-monopoly suit over Google’s adtech appeared first on MarTech.

]]>
EU hits Meta with $414m fine over advertising practices https://martech.org/e-u-hits-meta-with-414m-fine-over-advertising-practices/ Wed, 04 Jan 2023 18:45:47 +0000 https://martech.org/?p=357722 Ireland's data privacy board punishes Meta for effectively forcing users to accept targeted ads.

The post EU hits Meta with $414m fine over advertising practices appeared first on MarTech.

]]>
The Irish data privacy board has imposed a fine of 390 million Euros ($414 million) on Meta over advertising practices that are illegal under European Union law. Because Meta’s European operations are based in Dublin, the Ireland board is the company’s EU regulator.

Meta’s offense, the board concluded, was to incorporate user consent to use data for targeted advertising purposes within its terms of service, effectively forcing anyone using Facebook or Instagram, for example, to give up their data as a condition of using the platform. The board found this to be in violation of the EU General Data Protection Regulation (GDPR).

Why we care. The reaction of marketers to this news might be mixed. The rich trove of first-party data collected by Meta’s social media platforms allows for precision audience segmentation and targeted advertising — even if the exact processes used are largely opaque to advertisers. On the other hand, brands will expect user data to be collected, managed and activated responsibly.

Of course, the U.S. doesn’t have anything in place quite like GDPR — yet, anyway. CCPA is much less constraining.

What happens next. What the board has not done is tell Meta how to solve the problem. Rather, it has set out a three month deadline for Meta to tell them the changes they will make. The obvious solution is to separate consent from the terms of service, allowing users to refuse permission to collect data while still having access to the platforms. If large numbers of users opt out, it could have a depressive effect on the value of Meta’s inventory — but the social media giant is already dealing with the tracking opt out on iPhone apps. This just adds to the pain, and so far in only one — albeit large — jurisdiction.

The post EU hits Meta with $414m fine over advertising practices appeared first on MarTech.

]]>
On next year’s to do list: Clean rooms and better data https://martech.org/clearing-the-way-for-clean-rooms-in-2023/ Mon, 19 Dec 2022 19:41:42 +0000 https://martech.org/?p=357194 To stay ahead of the curve, more marketing teams are updating privacy policies, revamping their tech stacks and leaning on data clean rooms.

The post On next year’s to do list: Clean rooms and better data appeared first on MarTech.

]]>
Over the past few years, brands and marketers have been bombarded with an ever-changing landscape around identity and privacy regulations. Throw in Apple’s privacy restrictions and Google’s impending deprecation of third-party cookies, and it’s no wonder everyone’s dizzy trying to keep their data-driven campaigns from falling off a cliff. 

While all these macro changes aim at giving consumers more control over their data, it’s also making data-driven marketing a far trickier business. To stay ahead of the curve, more marketing teams are updating privacy policies, revamping their tech stacks and leaning on clean rooms.

Yet, at best, many midsize marketers still have only a basic understanding of what a clean room is and if it really can be the one-stop shop to solve their problems.

So, what exactly is a data clean room?

At the most fundamental level, a data clean room is a type of privacy-enhancing technology that gives marketers a secure and neutral silo where all consumer data can be stored securely, anonymized and made available for a host of services. 

While clean rooms offer a host of services, the most common use cases include audience segmentation, audience overlap analysis and acting as the conduit to conduct measurement and attribution studies, all without compromising user privacy or sharing personally identifiable information.  

The critical aspect that makes data clean rooms a potentially game-changing tool is clean rooms offer access, availability and data usage, for a host of sources, where strict privacy rules are all governed and enforced by the clean room provider. Data privacy is a crucial driver for any marketers looking to work within this environment.  

All data suppliers within a clean room maintain complete control over their data, which is fully encrypted and anonymized throughout the onboarding process and audience building. 

Another critical element clean rooms allow is maintaining privacy-compliant querying and analytics across multiple activation channels giving marketers a way to create aggregate performance reporting. 

Let’s take a deeper look at two of the most common use cases for a data clean room. 

Dig deeper: Why we care about data clean rooms

Use case: Overlap analysis and second-party data 

Clean rooms provide a secure environment to overlay their customer data with information from other brands. This show what the customers have in common based on user profiles, engagement and conversion metrics. 

With this deeper understanding of the customer base, marketers can create new second-party audiences for activation and further analysis. Because all customer data in the clean room is anonymized, both brands can build targeting lists keyed off it. 

The data can also be overlayed with enterprise data providers. This provides new insights based on key demographics, interest behavior and other valuable data points. It means more opportunities to segment their customer data files and build more personalized ad experiences to boost engagement and conversion.

Dig deeper: How companies are leveraging clean rooms and first-party data as cookies vanish

Use case: Measurement and attribution

Privacy legislation and new restrictions around tracking users are making the most basic measurement and attribution studies difficult to conduct with any confidence.

Clean rooms, in this case, are creating small walled gardens where brands can partner with publishers to look at a consumer’s path to purchase. 

Here’s how it works:

  • Marketers combine their conversion level data with publisher impression logs, providing a new lens to see if the 10 million impressions they purchased with a participating publisher yielded the desired KPIs. 
  • The publisher works with the marketer to onboard an entire anonymized file of users who were shown the brand’s ad. 
  • The clean room — with its centralized identifier — matches and analyzes the data. This gives insights into overall performance and enables better informed decisions regarding campaign efficiency.

Clean rooms also offer customized solutions for doing more with first-party data. Marketers can build, activate and measure performance to align with their data-driven marketing goals. 

Remember: It takes a skilled team with analytical and technical prowess to derive the benefits of clean rooms.  

Dig deeper: Marketers look to adtech and agencies to solve the addressability problem

Key considerations before adopting a clean room

Another critical aspect is the overall state of the customer file from a hygiene and compliance perspective. All data in a clean room is federated, which means multiple data sources function as one file. The more accurate your customer file is, the easier it is to create factual and actionable insights. 

This means marketers must do more to ensure the accuracy of first-party data. They must also see to it that all the data is in one location to create a complete and holistic customer file. Below are key questions to ask clean room providers when deciding which one to use:

  • What capabilities do you have to integrate into our existing marketing tech stack?
  • Do you have the integrations needed to easily use the data with our tech solutions?
  • How much can we control data within the clean room, and who else will have access to it?  
  • How easy is the clean room to use? Can we use and benefit from this if we don’t have a data tech team?  

Looking to 2023 and beyond, we’ll see more focus on privacy and further limitations on legacy identifiers. 

Clean rooms will likely grow and grow and play a more significant role. First-party data will become even more valuable, allowing us to make the most of clean rooms’ capabilities.


Get MarTech! Daily. Free. In your inbox.


The post On next year’s to do list: Clean rooms and better data appeared first on MarTech.

]]>