HELPFUL VS CREEPY: THE MARKETING PROFESSIONAL’S DILEMMA

If digital was the lifeline of 2020, then for marketers, personal information was the anchor. Many underestimated the momentum of digital until the global pandemic forced an uptick in remote working globally. With 70% of professionals in the UK working remotely, professional services firms must rapidly pivot their marketing strategies to embrace digital channels fully. Marketing to a remote population requires a greater understanding of user preferences and content engagement. As such, companies will increasingly rely on cookies and tracking capabilities to gain these valuable insights. Information acquired using cookies can then be used to predict users’ interactions with content accurately leading to improved client stickiness. The challenge is how best to use tracking and profiling without appearing creepy.

Transparency is Key

People like to feel valued and recognized for their individuality. Remembering personal details and preferences celebrates uniqueness and strengthens bonds. When it comes to corporate marketing, being transparent about the collection and use of personal information is key to being perceived as helpful. We have become used to big tech companies such as Amazon and Netflix predicting our preferred content and purchases based on past engagement with their platforms. Today, we accept and even expect these practices as a norm.

In research on B2C marketing, 63% of consumers surveyed stated they would cease purchasing products and services from companies that took “creepy” marketing too far. According to SmarterHQ, techniques considered too far include use of push notifications and AI-powered automated chatbots. Consumers’ concerns centred around the lack of awareness on how personal information was obtained, used, or tracked with no option to opt-out. Even when users are aware that their data is being used to sell more products, there was further annoyance at the incorrect assumptions being made about their likes or interests as a result. This highlights the critical role of information transparency when using cookies and appropriate profiling as a means to increase brand trust and user engagement.

Be clear, be confident and don’t overthink it. The beauty of your story is that it’s going to continue to evolve and your site can evolve with it. Your goal should be to make it feel right for right now. Later will take care of itself. It always does.

The Legal Landscape — Consent or Legitimate Interest?

Data privacy laws help marketers to garner trust and increase engagement. In the UK, the use of personal information for marketing purposes is governed by the UK Data Protection Act 2018 (DPA 18) and the Privacy of Electronic Communications Regulations 2003 (PECR). The DPA 18 complements the General Data Protection Regulations 2016 (GDPR). PECR implements the oft-debated ePrivacy Directive 2002 into UK legislation.

Cookies: Novel digital marketing techniques primarily rely on data collected from cookies and other tracking technologies. Cookies provide detailed insight into a user’s online activity. Although it does not mention cookies specifically, PECR requires companies to provide clear and comprehensive information to users about the use of cookies and similar technologies. When using cookies, companies must receive a user’s explicit consent unless the cookie is strictly necessary for the website to function.

Profiling: Profiling, in itself, is permitted under the GDPR subject to the general rules on processing of personal data. The GDPR recognizes that profiling (automated processing to analyze or predict preferences) is a necessary tool to support commercial activities. In general, companies can rely on legitimate business interest as the legal reason for profiling. Profiling will require consent if it involves:

1. An individual’s sensitive personal data;

2. Automated decision-making without human intervention; or

3. Decision-making that results in a legal or significant effect on the individual.

Despite lobbying efforts by the DMA to exclude profiling for marketing, the GDPR still considers, in specific contexts, that profiling for marketing purposes can have a legal or similarly significant impact. Profile-based marketing will have a legal or similar significant impact if it could lead to unfair discrimination e.g. paying a higher price as a result of the profiling.

Due Diligence to Reduce the Creep Factor

Cookies are considered creepy because of their potential intrusiveness; while profiling can be creepy because of its power to discriminate. Helpfully, the GDPR provides three essential tools to assess and reduce the creep factor.

The Data Inventory: The Data Inventory is a GDPR mandated record of all uses of personal information. It should be completed each time a company commences a new processing activity or shares personal information with a new provider. The Data Inventory should be regularly updated and maintained.

This sample Data Inventory details the information to record for each new use of personal information.

The Data Protection Impact Assessment (DPIA): The DPIA is a management tool to identify less privacy-intrusive means of achieving the same goal when implementing new systems, tools, and processes. It consists of a list of questions that set out the nature, scope, context and reasons for using personal information. The DPIA should be completed at the beginning and throughout the duration of the project. The DPIA should focus on how to improve privacy at the same time as achieving commercial goals.

Under the GDPR, we must carry out a DPIA where processing personal information involves systematic and extensive profiling, large scale use of sensitive personal information, or the systematic monitoring of personal information on a publicly accessible area such as a website e.g. cookies. Use of cookies and profiling for digital marketing require a DPIA.

However, it is more than just a tool to prove compliance. If correctly designed and implemented, the DPIA can be an early detection system to alert the business to risks while still fixable.

The Privacy Notice: Controllers should use privacy notices to provide clear and comprehensive information to users. A well-worded privacy notice will tell users how their personal information is used, why the company’s use of the requested personal information is necessary and proportionate to its aims, and the benefits to the user. Marketers often express concern that full transparency about the use of personal information will negatively impact opt-in/opt-out rates. Increased transparency allows users to make informed decisions.

Top Tips for Demonstrating Helpful Marketing

Companies are unprepared for this rapid acceleration in digital marketing. Professional services clients often expect gold standard compliance, particularly when entrusting advisors with their employees’ personal information. Scrutiny is higher during the global pandemic while clients grapple with balancing workplace safety and personal privacy. Clients communicate their risk-averse approach to data privacy in rigorous due diligence checks, restrictive data privacy agreements, and periodic audits. Firms must be even more mindful of legal requirements and client’s compliance expectations to pierce these barriers to novel uses of personal information.

Over the years, digital compliance teams developed a reputation as the “Department of No”, where many new uses of personal data can be met with caution. However, by working closely with digital compliance functions (Compliance, Privacy, and Information Security) marketing teams can stay on the helpful side of the helpful vs creepy divide.

Follow these top tips to demonstrate helpful marketing practices and increase user adoption.

1. Identify any marketing restrictions in client agreements.

2. Do your due diligence as early as possible to understand the full capabilities of the tool, system, or process.

3. Collect only as much personal information as is necessary and proportionate. There should be a clear value to the user, the client, and the firm.

4. Use the DPIA to review profiling methods to ensure accurate personalization.

5. Be fully transparent about the use of cookies and profiling using clear and positive language in any privacy notices.