Balancing privacy and personalization - how can marketers stay compliant
Today, brands face a dilemma when it comes to customer data and how they use it. On one hand consumers are demanding a more personalized, tailored experience that provides them with the information, products and services that best meet their needs. Yet, at the same time they want to protect their personal data while they are online and keep it safe, secure and private.
In this blog I want to explain how marketers can balance privacy and personalization, while ensuring compliance with regulations such as the GDPR and CCPA when it comes to A/B testing, experimentation and personalization.
1 Data privacy and web personalization: two trends that are impossible to reconcile?
With online channels, consumers leave a detailed digital footprint behind when they browse, engage and buy from websites or interact on social media. The use of this data enables brands to better understand their website visitors and provide them with personalized offers, adverts and information.
The benefits of personalization
Consumers increasingly want personalization – in fact 63% said they now expect it as standard when interacting with brands. Personalization helps them:
- Navigate an expanding universe of information online to find what is relevant
- Maximize their time by delivering relevant content and offers without lengthy searches
- Ensure a better user experience by prioritizing the right content, especially on small screen mobile devices
- Strengthen the relationship with brands and make them feel valued as an individual
Successful personalization has corresponding bottom-line benefits from brands – as our new Complete Guide to Personalization explains, it enables marketers to:
- Increase visitor engagement
- Increase conversion rates
- Boost lead generation
- Retain customers
- Reduce churn
The need for privacy
However, consumers and regulators have become increasingly concerned about how personal data is collected, stored and used by brands. Consumers want to protect their privacy online and ensure that they are in control of their personal information and how it is used.
Regulations, such as GDPR and CCPA, are tightening how brands collect and use personal data, with the emphasis shifting to (informed) consent.
2 The growth of data privacy regulations
The GDPR
By now every marketer is familiar with the General Data Protection Regulation (GDPR), which covers all citizens within the European Union. Brands engaging, marketing or selling to these citizens need to follow the GDPR, wherever they themselves are based, risking potentially large fines if they fail to comply. Data needs to be collected openly and honestly, and requires informed consent for its use in many scenarios. Any breaches have to be reported promptly and transparently.
The CCPA
Since the beginning of 2020, the GDPR has been joined by the California Consumer Protection Act (CCPA) which has similar aims and objectives, granting consumers new rights to know what data is collected on them, to have information deleted and to prevent their personal data being sold.
Other countries, and US states, are also looking at tightening or introducing privacy regulations, all potentially impacting how brands manage and use consumer data.
3 Browser technology becomes privacy-first
Reacting to the needs of consumers and regulators, many technology companies are changing their approach to privacy – particularly around cookies and how they are used:
Apple’s Intelligent Tracking Prevention (ITP)
ITP sits within the Safari browser, which has a 50% mobile market share in countries such as the US and UK. It tightens restrictions on JavaScript and now Local Storage-based cookies, limiting them to a seven day lifespan. So, any data on the visitor stored in cookies (and now Local Storage) is now automatically deleted after seven days.
This has an impact on A/B testing in particular - if a visitor returns after seven days they will be seen as a new visitor, and therefore potentially not linked to any A/B variations that they saw on their first visit. Therefore A/B tests don’t provide reliable results for Safari visitors, a major source of traffic for many sites.
There’s more on ITP, including its latest version, ITP 2.3, in our developer documentation section.
Google Chrome and Mozilla Firefox
Google has announced it will ban third-party cookies by 2022 within Chrome, although this does not have an impact on experimentation platforms.
Mozilla Firefox’s Enhanced Tracking Protection (ETP) technology has banned third-party cookies in June 2019 by using an approach similar to adblockers.
4 The impact on testing and personalization
As we’ve seen testing and personalization aims to improve the overall experience for individual consumers, benefiting their browsing and visitor journey. However, marketers need to focus on two areas when it comes to their experimentation strategies.
Be sure of your test results
As we’ve seen Apple ITP in particular means that the results from testing and analytics platforms may not be accurate - in fact 1 in 2 of your mobile visitors may be classified incorrectly. It is the equivalent of buying a new car, yet not being sure that the speedometer is always showing the correct speed. To overcome this, brands need to work with their technology provider to ensure they are able to satisfactorily run experiments across all browsers.
A requirement for informed consent
One of the key principles of the GDPR is that sites should only collect the information required to deliver the service to the visitor. Therefore:
- Some actions don’t require consent at all as they relate to the data/operational layer of the website.
- For other actions consumers don’t have to give explicit consent
- While for others they need to give informed consent
The need for consumers to provide informed consent has a major impact on both personalization and A/B testing.
However, to complicate matters, different European countries appear to be interpreting the GDPR differently when it comes to consent around personalization and testing, while the CCPA does not require prior consent for the use of cookies. However, it does have a requirement of clear disclosure along with a need to provide the visitor with the ability to opt-out of cookie usage.
Levels of consent
Under the GDPR, A/B testing consent is classed within the Audience and Statistics Measurement category of cookies, which means that in many countries (such as France) it does not require informed consent.
Personalization sits under the Advertising and Content Personalization category, and therefore does require informed consent - normally through the pop-in that appears when a consumer visits a site for the first time.
This means your experimentation platform has to offer different consent management policies depending on the uses cases that need to be delivered on the website:
- Technical ones (no consent required)
- A/B testing - inform through a banner or ask for explicit consent depending on the country
- Personalization – ask for explicit, informed consent
5 The benefits of behavioral data to deliver efficient personalization
GDPR and CCPA both focus on data that identifies the visitor. However, when it comes to delivering personalization, Kameleoon’s platform offers a compliant alternative.
Hot anonymized data
In its standard setup, Kameleoon doesn't collect or process any personal data as defined by the GDPR. The only data collected is ‘hot’ anonymized browsing data which doesn't allow a visitor to be identified. If customers inject existing ‘cold’ personal data from their technology ecosystem (such as CRM or DMP solution) into Kameleoon, then this does need to be covered in a GDPR compliant manner.
Examples of hot data
- Visitor behavior on website
- Information on the visitor’s device, location, browser
- Wider information based on location (e.g. weather, season, time of day)
Hot behavioral data delivers a real-time picture of what a visitor is looking for – their intent at that exact moment. It is therefore central to delivering the personalization that visitors want - while safeguarding their anonymity. In fact using this Kameleoon’s platform can predict the conversion intent of completely new visitors within 15 seconds of them arriving on your website.
Successfully balancing privacy and personalization
Consumers increasingly want to engage with brands that they trust – and that starts with how their data is collected and used. Therefore companies must focus on ensuring compliance, while still delivering the personalization that is essential to continually improving the user experience. That requires following best practice and partnering with technology providers that can provide experimentation platforms that can balance the need for personalization with consumer consent.