Skip to content
All Blogs

Walking the line between privacy and personalization

Author: Laura Ballam


We’re experiencing unprecedented changes to privacy and personalization, driven by increasing consumer awareness about privacy and their digital footprint. As consumers become more privacy-savvy, and regulators find more holes to fill, organizations must rise to the challenge of adapting to a privacy-focused customer experience.

The ultimate goal of marketing with a privacy-first mindset is to walk the line between being helpful and being creepy - without tripping over it. And consumers are the only ones who can tell you where that line is when it comes to personalization.

We’ve all seen the headlines about personalization campaigns that crossed the line - like Wayfair's Proactive Customer Service, where if they saw you shopping on the website but didn't complete a purchase, they’d call you hoping to encourage you to complete that purchase. Not surprisingly, consumers immediately flagged it as creepy. The Cambridge Analytica scandal played a huge role in educating consumers on how their data is used and how something like personalization actually involves sharing your data with a lot of parties. Then there’s all the lawsuits against companies who’ve taken advantage of consumer data in the name of personalization, dropping cookies without consent or violating privacy laws. Consumers are taking notice, and they’re not impressed.

What consumers want

It’s pretty much a given that consumers want relevant content and experiences. According to Forrester’s 2022 Media and Marketing Benchmark Recontact Survey, 34% of U.S. online adults say they're more likely to purchase from brands that share content that interests them - and they're willing to join loyalty programs to get it. In fact, Forrester's Consumer Benchmark Survey 2022 reports that 50% of consumers say they join loyalty programs just to get relevant messages, offers, or promotions. Unfortunately, those same consumers aren’t impressed with brands’ personalization efforts, nor how organizations are handling their data. Only 22% say the information companies collect on their behaviors makes their online experiences better and 62% of consumers reported being concerned about their online behavior being tracked in 2022.

The problem is that organizations tend to think of it in a binary way - you either care about it, or you don’t. Privacy is much more complicated than that.

If you think of buyer personas, marketers have been using (and honing) them for years to understand consumer attributes and behaviors so they can create target segments to deliver customized flows and personalized experiences. Yet the attitude towards privacy has been a one-size-fits-all approach. It doesn’t make sense. Privacy and consent management is an important component of marketing (and a huge part of customer experience) and should be approached just as strategically and critically as every other factor.

Consumers want their privacy, but they also want a positive experience

Think of data sharing as shining a light in a room. If a consumer is accepting and willing to share data, the room is going to be extremely well lit. As a result, you're going to know a lot as a brand and it's going to present a lot of opportunities for you to interact with that consumer at a certain level.

As you start to move down the spectrum to the consumers who aren’t quite as open to sharing data, but they’ll share some things if they perceive value, maybe it's more of a warm light. It's not as bright, but it's there. And the expectation from these consumers is that the little bit they’re going to share with you will be used in a very positive way. If it’s not, they’ll turn off the light.

When you get to the other side, the lights go out completely because these consumers aren’t sharing anything.

As a marketer, you must think about how to best use the data you have and create a balanced approach for each segment. It's not one size fits all, and it's not one size fits most.

Organizations need to expand their understanding of privacy and consent

It’s no secret that marketers are facing data deprecation, which according to Forrester is a combination of four forces: consumer action, browser and operating restrictions, privacy regulations, and walled gardens. As consumers become more privacy savvy, and more privacy aware, they’re taking action to protect themselves. At the same time, browser/operating system providers and regulators are taking note, implementing stronger guardrails to protect consumers. Then, you’ve got the companies who see the value in the vast amounts of customer data they have and are capitalizing by putting more restrictions on how marketers use and access that data.

So, what are marketers doing in response to this widespread data deprecation? According to Forrester, 76% said they’re collecting more first-party data. Which makes sense, right? When your relationship with consumers is being disrupted by the decisions external forces are making, the natural response is to simply collect the data directly. And that works great with 40% of consumers. But what about the other 60%? Not everyone is okay with freely sharing their data - in fact many don’t want to share anything.

Getting legitimate consent is key. Remember, consumers are very privacy aware, and they’re frustrated. Think about how you’re going to ask for consent in a way that encourages consumers to give you their data, and in a way that generates trust and convinces them you’re doing the right thing and they should continue to share their data with you.

Don’t oversimplify privacy

Many organizations oversimplify privacy into just a matter of whether they get consent or not. It’s much broader than that. You must consider how you’re asking for permission, if you’re doing what you say you’re doing, if you’re acting in the best interests of consumers, and if you’re acting ethically.

The rapid adoption of regulations and restrictions has resulted in a lot of brands simply slapping a consent banner on their website and calling it a day, but the approach to consent needs to be thought of more holistically. Enough is enough of operating in silos. The organizations that are going to do this right and avoid the news in a negative manner are the ones that bring business and technology together - and have compliance at the table when they do it. There’s a widespread concern that this will make the organization move slower, but it's not a bad thing to put a little bit more thought into things like privacy and compliance that come with serious consequences for customer loyalty, not to mention some pretty hefty fines.

While a lot of vendors, especially software-as-a-service solutions like tag management, claim to offer privacy and consent management, the truth is they don’t. These third-party solutions are rooted in JavaScript, and they’re just hoping their technology isn’t blocked by a browser that’s already trying to restrict what they can do.

If a vendor can’t persist what they're doing because of all the challenges in the marketplace, they definitely shouldn't be managing something as critical as consent.

And consent isn’t just a checkbox. Many brands rush to put a cookie banner up and hope that somebody clicks accept, or they reduce it so there's no consent or confirmation of consent. That’s missing the point (not to mention using questionable ethics) - if there's no confirmation of consent, then what are you going to do? Is no confirmation of consent implied consent? What if a person just didn't understand the consent options?

To truly respect privacy and consent, organizations need to approach it with a consumer focus and be transparent in their collection and use of customer data.

Focusing on data ownership is the key to building trust.

The first step to moving forward with privacy-focused marketing is accepting that third-party data can’t be trusted and can’t be relied on. It’s the reason we’re at this challenging point in time with regulations and restrictions - because third-party data was being shared all over the place without consumers even being aware of it.

Starting from what you own (i.e., true first-party data) gives you better control as a brand, which means your consumers can trust that you know, and you're making decisions on, how that data is going to be used. And they trust they can hold you to that via the various privacy policies and legalese that you might have in front of them.

Many brands are convinced they have first-party data, but when they start talking about the process it takes for them to get access to that data it’s clear they don't own it and they don't control it - so how could it possibly be first-party? This confusion needs to be addressed in organizations.

Ultimately, true first-party systems are those that are embedded within your environment, are part of your ecosystem, and part of how you bring your channels to life.

Understanding whether your data is true first-party is key when it comes to the regulations and challenges around data deprecation. Look at your technologies and the data sets you have available, think about what level of control you have, how you get access to it, where it comes from, and the limitations of that data set, then put them into buckets of first-party, second-party, or third-party. This creates your starting point and clarifies what you can control.

You can’t build a strategy around the restrictions of your marketing technology.

When most vendors talk about digital identity they’re talking about when someone logs in. That’s a lazy approach - of course when someone signs in you know who they are. It’s an easy solution for vendors who think it’s worth ignoring a huge portion of consumers just to have a subset of “known” individuals so they can say they provide identity resolution.

That’s not good enough. Digital identity resolution needs to be thought of starting from a position of being anonymous. An anonymous individual who’s in the far left, who’s willing to share data - that's an identity. They're providing valuable information. You don't need to know who they are as a person to know what they’re interested in if they’re providing that information.

If the approach you’re taking today is based on the limitations of your MarTech stack, then most of your consumers are going to turn off data sharing with you because they don’t think you care, and they don’t think you’re being a good steward of their data.

If you don't have technologies that can maintain that anonymous individual beyond seven days, allow you to stitch that automatically across channel on device, and recall those profiles (including the anonymous individuals) in-the-moment, you're going to fail your consumers. You're not going to meet their expectations and you're almost forcing them to stop sharing data with you.

As a final word of advice, remember that when dealing with consumers you’re only as good as your last effort as a brand. If you’re not a good steward of consumer data, and you end up in the news for the wrong reasons or make a negative personalization decision that upsets an individual, that can very quickly push a consumer who’s happy to share data into the other end of the spectrum with your brand. Worse, it could trigger them to view your competitors more favorably if they’ve done a better job with their data.

Subscribe to our blog for regular updates!