But now there’s a new Information Commissioner at the helm. Rather than tales of blistering fines, John Edwards’ speech on 14 July struck a more pragmatic tone. Sitting in the hand-picked audience, I heard plans for sector-specific support, ambitions to save businesses money, and proposals to empower organisations to “use information responsibly and confidently to invest and innovate”. 

The ICO25 is a three-year strategy with plenty of detail to dig into. Edwards calls it “a vision of the regulator we want to be, the world we want to shape, and a practical plan of how we get there”. 

Here are my key takeaways:

Targeted pragmatism

Edwards was honest about the fact that the ICO has limited capacity and can’t be everything for everyone at the same time. There’s a danger that the ICO will spread itself too thin across the whole economy, so it makes sense the Commissioner would target resources where they’ll have the greatest effect. And he admitted they need to be transparent about how they make those decisions. The ICO25 seeks to lay out those priorities so that decisions can be made “for the greatest benefit to the greatest number”. That includes supporting the most vulnerable communities, addressing AI-driven discrimination, setting expectations for the use of biometric technologies, work on children’s online privacy and an examination of how CCTV is being used, including in care homes. A shake-up of Freedom of Information processes is also being planned. 

More accountability 

One big change is that Edwards has publicly committed to make the ICO more open, accountable and transparent. That’s laid out in the ICO25, which crucially includes SMART goals and KPIs against which the success of this strategy can be judged. The Commissioner is also keen to build public confidence around how information is handled, and to help reduce the burden of privacy on businesses.  

Sustainable growth 

It was refreshing to hear that the regulator plans to help organisations grow by investing in “responsible information use”. “You’ll see us support responsible innovation, bring down the cost of compliance, engage with organisations and share our knowledge and insight more,” he added. One such proposal was a new bespoke iAdvice service, which will allow businesses to double check a new product or service isn’t in breach of privacy rules before launch. Finally, he promised to prioritise helping to reduce the cost of compliance, challenging his team to save businesses “at least £100 million over the next three years,” he said.

A regulator that empowers

Edwards wants to empower people to “to confidently share their information to use the products and services that drive our economy and society”, and to help organisations innovate with data.  But, he included a note of caution for those who “choose not to play by the rules… you will find yourselves on the receiving end of our most punitive regulatory tools”. 

The ICO25 is a big step forward towards ensuring better information practices and I welcome Edwards plans. But alongside acknowledging the ICO’s limited resources, he should have acknowledged the role the wider privacy ecosystem plays, including consultants, campaigners and other experts. Organisations such as the Privacy Compliance Hub have the same vision as the ICO. We want to fix the privacy crisis by providing practical tools and guidance to nurture a culture of continuous compliance. Because when people understand privacy they care about it. And when they care about it, they take action to protect it. We all have a part to play in creating a better world for tomorrow. And it’s time for the ICO to let us in.

You can provide feedback on the ICO25 strategy until 22 September. Or, if you’re ready to take the first step on your organisation’s privacy compliance journey, take our free GDPR health check.

The post Empowering Responsible Innovation: Why the ICO is Changing Tack with ICO25 appeared first on PerformanceIN.

With this digitisation, consumers are generating a tsunami of data that gives a detailed picture of who they really are, their channel preferences, buying habits, attitudes, and even their emotions. Data allows brands to understand and connect with their customers in ways we couldn’t have imagined ten years ago. 

However, in this new landscape, brands have to take greater care to better understand and communicate with customers through first-party data. Brands that have acted irresponsibly are learning the hard way, dwindling into nonexistence due to endless regulatory fines. Those brands that have been able to make sense of this data influx and unlock better experiences for customers are prospering like never before…

As if this was one of Derren Brown’s latest social experiments, ‘you are back in the room’.

In thinking about what the world might look like in 2030, the above might sound overwhelming, but we only need to look back on how much has changed over the last decade to realise it isn’t that far-fetched. 

Yet, as someone who has been urging clients to think about prioritising and setting strategic goals to guide the collection of and investment into first-party initiatives for many years, numerous brands still don’t have a plan in place. I’m not alone in this. Boston Consultancy Group recently found that only around 30% of companies are able to create a single customer view, and only 1-2% are using data to deliver a full cross-channel customer experience. 

Thankfully, there is still time to course-correct, but the time to act is now. 2030 may seem far off, but it is just around the corner. There are still many unknowns, but the last thing you want is to be left behind.

As companies embark on this journey, there are many factors to consider. A critical yet often overlooked component is the value exchange brands create with their customers. This does not mean sending a generic discount offer via email every month. An authentic value exchange should put the customer at the core, offering something that delivers a meaningful, tangible, and individualised experience. Without this, it doesn’t matter how sound your strategy is, how much you invest, and your tech infrastructure. If your customer doesn’t see the value in sharing their data, you have failed before you began. 

So, why will the value exchange be even more critical in the future? 

In 2030, the power will be in the hands of the consumer. They will have complete control and choice over the data they give to brands. I envisage users being able to do this centrally within an app on their phone or smart device. In this app, they will have full visibility of their unique digital footprint. They can turn on and off what they decide to share with each brand at the ease of a swipe. The wild-west of brands, tech partners and third parties being able to harvest and use your data without your consent will be a thing of the past. 

With the power in the user’s hands, what will get them to swipe right and allow that data to flow freely? There are three things that brands will need to consider now if they are to succeed in the future:

• Brands need to identify what data they want to collect and why. Brands need to be thinking about what data is essential rather than nice to have. To help answer this, ask what data is necessary to achieve business outcomes, not just now but in the long term. There is an abundance of signals brands could be harnessing to benefit themselves and their customers. For example, insurance brand Vitality uses its customer’s biometric health data captured through smartwatches to tailor their services. This allows them to reduce their own risk whilst rewarding their customers with cheaper premiums.

• Provide complete transparency on how the brand intends to use its customers’ personal information. Only 21% of consumers trust established brands to keep their personal information secure. This is a challenge for advertisers, with trust being a critical component in whether a customer decides to share their personal information or not. Brands need to move away from asking for everything under the sun and refrain from giving generic privacy policies. Instead, they must provide absolute clarity and openness on the intended uses of each data point. Not just because it’s the ethical thing to do, but also because it makes complete business sense; Research by Europanel demonstrated that a 1% increase in brand trust was correlated to 3% growth in value.

• Work out what a value exchange​ means for your individual customer. Just 17% of users surveyed by Econsultancy find it worthwhile ‘most of the time’ to share their data with brands for what they get in return. That is a staggering 83% who do not feel a real tangible value exchange exists. If brands are to be transparent with consumers about what this new influx of data will be used for, they must also help them understand what they are getting back in return. What’s more, it needs to be something that will stand the test of time rather than just a one-off welcome voucher. This approach may have worked previously to get customers through the door, but in this new world, it will be easier than ever for customers to opt-out and even harder to get them back once they are gone.

Exciting times lie ahead for our industry, filled with opportunities and potential risks. Brands are moving closer to the edge of a precipice as they look to understand whether they can meet the expectations of the increasingly data-savvy consumer. Getting it wrong means they risk losing the opportunity to build longer-lasting relationships with their customers. However, those that get it right, that create a modern-day value exchange, one that adapts to the ever-changing needs of today’s consumer and offers benefits over time, will flourish. Which path will you and your brand choose?

The post Getting Customers to Swipe Right: Value is a Two-Way Street appeared first on PerformanceIN.

The post How Has Mobile Marketing Adapted to the First Year of ATT? appeared first on PerformanceIN.

Prioritising privacy requires transparency. People should be able to understand how, why, where and by whom their personal data is being processed. There needs to be a fundamental shift in the way adtech businesses view, collect and process user data. Here’s why: 

Avoid sizeable fines

The Information Commissioner’s Office (ICO) was busy dishing out fines for breaches of the UK GDPR last year and poor marketing practices were one of the top offenders. We Buy Any Car was fined £200,000, Saga was fined £225,000 and Sports Direct paid £70,000. All were found guilty of sending marketing emails or texts without permission.

This is prolific in the adtech sector too, despite users rejecting unnecessary cookies. Research by Adlytics investigating how the adtech ecosystem responds to user signals that request only basic (non-tracking-based) ads found many vendors continue to track and profile users regardless.

Special category data should be handled even more carefully – the dating app Grindr, for example, was fined over $7m by Norway’s data protection authority for passing user data to advertisers without consent, including highly sensitive information about their sexual orientation. 

Build a competitive advantage 

The companies that adtech businesses work with are increasingly realising the importance of privacy – and they want their partners to do so too. Taking the GDPR seriously is a badge of competence and sets businesses apart from others in this space. Data privacy is also a growing concern among members of the public, particularly after the Facebook and Cambridge Analytica scandal in 2018. A recent poll by KPMG found 86% of respondents see it as an issue, and 78% expressed fears about the amount of data being collected. More than half (51%) are worried about their information being sold and are becoming less willing to share private information. Companies need to be more transparent about who they’re doing business with to ease those fears, and to ensure they’re working with organisations that take privacy as seriously as they do. 

Embrace, rather than fight, regulation

The Belgian Data Protection Authority’s (APD) ruling against IAB Europe this year has put a huge question mark over the practices of the behavioural ad industry. Approximately 800 adtech vendors use the system and may now have to change how they operate after IAB’s Transparency Consent Framework was found to breach 12 articles of the GDPR. The ruling strikes at the heart of the RTB system that has grown to be worth billions of dollars. The ICO has also said that its investigations into the practice will continue.

“Sharing people’s data with potentially hundreds of companies without properly assessing and addressing the risk of these counterparties raises questions around the security and retention of this data,” Simon McDougall, ICO Deputy Commissioner, has said. By working with the regulations, adtechs will be in a much better position to fulfil their information and transparency obligations under the GDPR, rather than fighting a losing battle against both regulators and the wave of popular opinion. 

Bolster security credentials

With each new hacking or data-sharing scandal, the faith consumers have in the system is shaken. Adtech companies need to ensure the data they process is secure from nefarious players. The World Economic Forum has reported the pandemic led to a 50% increase in cyber attacks, with 71% of security professionals reporting a rise in the number of threats. As well as investing in staff training so that teams are putting privacy first, it’s also a good idea to minimise the amount of data held.

An appetite for Big Data has overtaken much of the adtech sector in recent years but that in itself poses a security risk as firms struggle to keep it all safe. And if one company in the supply chain has a data breach that puts customer data at risk, the rest of the participants in the chain need to worry about having to report themselves to the regulator. 

Drive innovation

Adtech has to find new ways to connect the consumer to the marketer, map and simplify data flows, improve its transparency and have a solid legal basis for its processing. That provides opportunities for disruptors to exploit opportunities in the market and the sector is looking for leaders on this issue. Apple and Google have already invested in rolling out features that put more power into the hands of users to give them the choice about ad tracking. Google’s Federated Learning of Cohorts (FLoC), which segments users at a local browser level, delivered 95% of the conversions per dollar spent on cookie-based advertising. The tech giant plans to phase out the use of third party cookies imminently. 

“There is a problem with compliance culture among those companies that live off our personal data,” Vera Jourová, the EU’s commissioner for values and transparency, has said. “Sadly I fear this is not privacy by design. I think it’s high time for those companies to take protection of personal data seriously … It’s time not to hide behind small print but tackle the challenges head on.”

The post Five Reasons Why Ad Tech Businesses Need to Prioritise Privacy appeared first on PerformanceIN.

The post A Deep Dive Into Tracking Changes – What’s New and How Does it Affect You? appeared first on PerformanceIN.

No prizes for guessing who said that and granted, it’s an odd quote to begin any self-respecting marketing thought piece. But it’s about as authoritative as a marketer relying on a single reputation metric (exhibit a: ‘brand trust’) to define a brand strategy. Micro-obsessively pointless. 

At a time when authority across politics, economics and science has decayed under fragmentation (and distortion) of the truth via unreliable messaging, hyperconnected networks and siloed echo chambers to suit a subject’s agenda, we should interrogate whether there is a clear-cut relationship between trust and ‘success’, not least from our perspective as humble marketers contributing to commercial wellbeing.

This is not a plea to abandon trust. Rather a call to acknowledge the complexity of scaling trust with customers in this era of fragmentation (not to mention culture wars) where brand managers must endeavour, unafraid, to build a strategic picture full of nuance. 

Edelman’s 2021 Trust Barometer found that in 18 of 27 surveyed countries, business is the only trusted institution, while there’s a feeling of neutrality towards NGOs, governments, and the media. This could even suggest that amidst the pandemic the global force of capitalism has tipped public trust towards business representing their interests more than even governments. Here in the UK, it’s not clear, as trust in business is 11 points below the global average (of 50) ahead of just South Korea, Japan and Russia. This points to a deeply sceptical, complex macro-economic picture within which brands vie for incremental customer attention, let alone trust. 

Over the course of the pandemic, I’ve worked with several brands aiming to arrange a wide array of marketing metrics into a simpler hierarchy of customer effects mapped around a neatly diagnosed purchase journey or, in the behaviour change world, ‘stages of change’. Regardless of brand or category ‘… is a brand I trust’ is that annoying splinter that fails to dislodge itself from any progressive conversation about what metrics to work from. But remove it and put it in its place, we must. 

There is a fundamental gap between customer responses in surveys and how they think or behave – a cognitive dissonance between an answer they provide and a mindset they hold or action they take. They are the most unreliable of narrators (what fun would this gig be otherwise?) and even if, in the main, they do or do not respond well to a trust-based question this has very little bearing on overall business performance. Argos is the fourth most trusted brand in the UK on Trustpilot, yet its FTSE index is almost 74% worse off than it was five years ago. Meanwhile, Activision Blizzard and Adobe are among the least trusted brands (in heady company with Facebook and Underarmour), yet their indices are comfortably above historic levels taken over the same time period.

Source: London Stock Exchange (Jan 2022)

But beyond the vapidity of share price index, let’s explore the nature of ‘trust’ as it relates to people and brands and illustrate why it is an unnecessary distraction to focus all efforts on, versus embracing a bundle of success metrics. If ever the tyranny of ‘or’ was at play (as opposed to the stately nuance of ‘and’) it is an industry’s collective obsession with trust.

Different types of trust

There are two types of trust that brands (and people) aim to build over time to establish lasting relationships: Number one is cognitive trust. Will this bus (or delivery) arrive on time based on my previous experiences? Will this chocolate taste as good as I always remember it? Is the information imparted by this person likely to be true? Whenever there’s deliberation in a person’s mind about the basic reliability and value of an experience in relation to previous interactions (and that experience is in line with or a net positive with said historical experience), the brand or person is delivering on cognitive trust. It’s a quickfire mental transaction, plain and simple. 

If cognitive trust is the Ying (living in the head), then affective trust is the Yang (a combination of head and heart): is this person or company living up to their values or ethos as they relate to how I feel? A close friend, parent or spouse typically delivers in spades because we humans are social creatures, building our tribes on a cocktail of mutual trust and decency.

Brands, particularly those over-claiming their ‘purpose’ beyond delighting customers and delivering financial stakeholder value, will find this a tougher act to follow because they only really exist in the mind of a target market when a need or want arises. If you want my custom, deliver what I want. Do I really have to engage so much and show my respect because you conduct your business ethically? How do I know that you do what you say and help make society a better place?

The trouble with affective trust is that brands play such a peripheral role in customer attention that trust (in businesses not extracting excess value from the earth or paying enough in corporate taxes, for example) simply requires too much emotional processing to worry about. It’s anything but a quickfire transaction. Which is why ‘brand trust’ can never be trusted as one metric to rule them all. 

Most consumer goods brands on our supermarket shelves represent a consistent produce that buyers trust to be of uniform quality. Service companies on the other hand, have offerings that are subject to variation in quality. Hotel chains like Travelodge, for example, vary widely in quality in different locations. Even John Lewis does. I’ll repeat: This is not an appeal to abandon ‘trust’ as a metric. Rather to treat it with a healthy dose of honest scepticism across brand marketing efforts, for it is not the ‘what-you-see-is-what-you-get’ figure it might appear to be. 

And if trust in brands is declining as it is in the UK (-5 points in the latest Edelman Barometer) does this matter to business as much as we might think? Would it not be worth spending that little bit longer in diagnose mode exploring “trust’s” relationship to other metrics such as spontaneous awareness, consideration, perceptions of brand codes, associations and the revered NPS? Your brand’s respondents might well be a sceptical bunch, but still converting through the funnel with aplomb.

We’ve come full circle: on its own, trust is simply not enough, as we see reflected in the share price indices of Argos, Adobe and Activision where much sorcery is at play. This requires brand managers and their peers to welcome nuance with open arms and identify the combination of metrics that most closely correlate with positive behaviours and attitudes towards their business. There may be three. There may be more. All we can be certain of is that it is never just one. Certainly not brand trust. Or ‘authoritah’.

The post Don’t Obsess Over ‘Brand Trust’: Alone – It’s Just Another Pointless Metric appeared first on PerformanceIN.

The landscape is shifting, with the legacy ways of tracking performance coming to an end. How, as an industry, can we continue to correctly attribute sales? A new, refined strategy is needed, and probabilistic attribution may be able to assist marketers with exactly that.

Probabilistic attribution is a mobile attribution technique which is often used to recognise a mobile, laptop or browser device.

The death of deterministic methods

Apple’s Identifier for Advertisers (IDFA), Google’s Advertising Identifier (GAID) and cookies are what’s known as deterministic methods. These methods use a unique identifier which is associated with a particular device.

Obviously, we all know that an increasing number of users are opting out of tracking across the board, meaning there is an ever-growing amount of anonymous, ‘invisible’ users on the web.

As Nick Yang said in a piece we published in February this year, we are already witnessing the impact the existing restrictions around third party cookie tracking are having on traditional Multi Touch Attribution (MTA).

“All marketing platforms use cookies to record touchpoints and use that data to attribute conversion credit accordingly. So everyone is impacted.”

Nick Yang, Head of Media at 55

How does probabilistic attribution work?

It’s in the name – probabilistic methods work by basing attribution on probability. It relies on Machine Learning (ML) to identify conversions that will probably happen. Probabilistic methods work by collecting behavioural data and trying to match it with other records that already exist.

The technique is regarded as being much less accurate, so is usually only used when deterministic methods are not available. However, marketers may need to get used to using probabilistic attribution as we head into the cookieless future.

What is it used for?

Since deterministic device identifiers are usually only available in mobile app environments, one of the main ways that probabilistic attribution is currently used is in mobile web environments. This could be, for instance, in a web-based campaign targeting mobile devices. Probabilistic attribution can also be used for tracking email campaigns that users may open on a mobile device.

The ultimate goal of probabilistic attribution is to ensure that advertisers can still determine performance and ROI for their campaigns, despite the impending doom of deterministic identifiers.

It’s a good idea to get used to using probabilistic attribution, even if it’s just a test or a tiny part of your tracking for now, to ensure you don’t get left behind.

The post WTF is Probabilistic Attribution? appeared first on PerformanceIN.

The first one is unauthorised recordings of video calls on Zoom, and the second is the scandalous information leakage in the Marriott hotel database that disclosed the passport data of 500 million guests. Both cases prove that even giant corporations can fall prey to privacy breaches and data threats.

Because of this, the topic of data privacy has gone through rapid transformations in a short period. European GDPR, UK GDPR, the CCPA in California, upcoming implementation of the CPRA in California in 2023 and the COPPA proved that the era of data privacy has begun. The ad tech sector, which almost entirely relies on user data, will have to learn how to protect customer data in this new reality. What are those privacy standards and how should ad tech companies adapt to them? This ultimate guide will explain all.

Why compliance is paramount for digital advertising

By the end of 2021, we will have 4.66 billion active internet users in the world, accounting for 60% of the entire global population. Smartphones are used by 9 out of 10 internet users. Two-thirds also report that they frequently utilise laptop and desktop computers for internet browsing. The lockdown caused an even greater increase in online content consumption and shopping. Today, we normally spend 48 hours per week browsing the internet, accounting for 42% of our waking hours.

The average person normally owns different gadgets, each of which explicitly or implicitly tracks information about the owner: gadget usage stats, search engine queries, cookies, etc. Ad tech platforms have mechanisms that allow brands and advertisers to target those users whose interests, lifestyles and preferences correspond to the campaign criteria. Still, growing concerns about digital security pose a great challenge for the advertising sector – they oblige ad tech companies to develop new, safer mechanisms for collecting, storing and processing personal data. Substantial fines for non-compliance are not the only threat that companies need to avoid – prevention of potential damage to reputation should be a major concern for all businesses involved in the advertising industry.

According to the current regulations, what should ad tech companies know to protect customer data? Currently, we can speak about four major international privacy legislation frameworks that have international (extraterritorial) legal force. Let’s review each of them one by one.

So, what regulations should ad tech companies comply with?

●       GDPR. In 2016, the European Parliament and Council of the European Union adopted a General Data Protection Regulation (GDPR). GDPR provides European residents with the right to provide data collection consent or restrict companies from collecting their personal data. GDPR applies to any organisation that deals with the data of EU citizens.

●       CCPA. California law on consumer data protection was created in 2018. Its regulations are quite similar to GDPR but deal with the privacy protection of California consumers. The CCPA applies to for-profit businesses with an annual profit of over $25 million (or if it sells the data of 50,000 or more California residents). With the implementation of CPRA in California as of 2023, there will be major changes in regard to the treatment of personal information of California consumers.

●       COPPA. The Children’s Online Privacy Protection Act, called COPPA, that was signed in 1998, came into force on April 21st 2000 and updated in 2013, has been developed to protect the data privacy rights of US children under 13 years of age. The law applies internationally to every company that deals with data of US children who haven’t reached the age of 13.

Main privacy principles of GDPR

Before a company can collect and process the personal information of European residents, it needs consent. This is the main basis of GDPR. If you compare GDPR with any other privacy regulation, you will find that this personal data definition is broadest and includes any type of info that can be used for user identification, including IP address, operation system, history of browser search or social media activity data.

Under the GDPR, EU citizens have the right to consent or reject the collection of data. Additionally, users can delete and control the personal information that companies collect for business purposes. In general, the regulations give users more freedom and control over the information they share with companies. The following are eight main rights that EU users obtain with GDPR:

• The right to know who is processing their personal data and why

• The right to access their personal information

• The right to correct and update their personal data

• The right to clear data, or the “right to be forgotten”

• The right to restrict or block data processing

• The right to transfer personal data from one service to another

• The right to object to data processing

• The right to personally influence automated data collection and profiling systems

The GDPR approach to personal data protection is based on eight principles that were documented back in 1980:

• Transparency. Personal data must be obtained legally through the transparent and clear mechanism of consent giving.

• Purpose. The purpose of the data collection must be provided at the time of collection, and the data must not be used for anything other than the purposes of the initial one.

• Data minimisation. The collector should justify for what purposes they are collecting user data. It is prohibited to collect more data than is required for a certain goal.

• Accuracy. Personal information must be as accurate, complete and up-to-date as necessary for the intended purposes. If such data is considered inaccurate, it must be erased (at the request of the user).

• Storage restriction. The data should be stored no longer than is necessary to fulfill a certain purpose.

• Integrity and confidentiality. Personal data must be protected from such risks as loss of or unauthorised access, destruction, misuse, modification or disclosure.

• Accountability. The data controller is responsible and must be prepared to demonstrate full compliance with the data protection principles outlined above.

If the violation of fundamental privacy rights are proven, GDPR sets forth fines of up to 10 million euros or up to 2% of the company’s entire turnover of the preceding fiscal year. For especially severe violations, the fines for the companies can reach up to 20 million euros.

Main privacy principles of CCPA

The CCPA defines personal data as information that identifies (relates, describes or characterises – directly or indirectly) a particular consumer: real names or nicknames, postal addresses, social security, driver’s license and passport number, biometric data (height, weight, fingerprints), geolocation, browsing data and so on. Worth pointing out is that cookies are also considered personal data and therefore are subjected to the law.

According to the CCPA, entities that collect, use, process and sell personal information must:

• Provide consumers with information regarding the purposes of data collection prior to collection

• Include in the privacy policy a piece of detailed information about business purposes and categories of personal information that are collected (including how the data will be shared and whether it will be sold or repurposed)

• Provide consumers with the right to access, delete and transfer certain parts of personal information

• Allow consumers to opt-out of selling their data

• Activate the consent process for minors under the age of 16 so that the sale of their personal information cannot take place without their explicit consent

According to the European directive, companies need to obtain user consent to process personal data. Under California law, however, an organisation is only required to process requests from users if they require the aforementioned information. Upon request, the company should satisfy such requests within 45 days. If the user’s data was lost, stolen or disclosed, the company has to pay $100 to $750 to each user who was affected.

Main privacy principles of COPPA

According to the main principles and provisions of COPPA, the operators of websites and internet services have no right to request and store the personal data of children without obtaining the official consent of their parents or guardians. The definition of “personal information” under COPPA has been expanded in the last law revisions. Now, this definition includes full name and contact details, including address, telephone number, email, Skype number, photo, video of the child and recording of the voice. The data contained in the cookies, such as IP address, device ID, as well as geolocation, can also be considered personal data.

The Federal Trade Commission (FTC), which is responsible for law enforcement, distinguishes between sites aimed at children and sites with a “broad audience.” The latter should follow COPPA only when they know that a certain proportion of their visitors haven’t reached 13 years of age.

According to the core principles of the law, the data operators that deal with information of minors should:

• Develop and post a transparent policy regarding procedures of personal data collection for children under the age of 13

• Create a notice for parents and ask for their consent before information may be collected

• Provide the flexibility for the parents to give consent for information collection, yet give them the right to prohibit the sharing of this information with third parties or reselling it

• Give necessary leverages to the parents so that they could manage, edit and delete information

• Give necessary leverages to the parents to prohibit the further collection of the information from children

• Provide the guarantee that collected information will be treated accordingly: secured and confidential

• To store and process such data only for the period necessary for accomplishing a certain purpose. As soon as the purpose of information collection is fulfilled, the data should be erased

• Do not condition the access to website activities on the volumes of data provided (as long as provided data is enough for activity participation)

It’s worth noticing that the law provides several ways for consent obtaining. Still, the majority of sites (such as Facebook and Twitter) prefer to limit the access to users under the age of 13.

This is because the fines per one case of COPPA violation can reach up to $43,792.

 Key differences among the laws

Although the above-mentioned laws may seem similar, they have many drastic differences, and that’s why preparing for them requires an in-deep approach with the involvement of professional lawyers. For instance:

• All laws have similar data disclosure requirements but have different interpretations of personal data (and types of data that are qualified as personal).

• GDPR and COPPA require consent prior to information collection. Under CCPA, the company deals only with satisfying incoming data requests from users (regarding how their data is used)

• The GDPR does not require a specific link to opt-out of personal data sales, while CCPA and COPPA do

• In CCPA and COPPA, nothing is said in particular about the right of rectification. The GDPR grants data subjects the right to edit and complete their personal data

• There is a right to restrict the processing of data in GDPR and COPPA (under certain circumstances). In CCPA, there’s only an option to opt-out of personal information sales. The same applies to the objection of data processing, and the list goes on

How ad tech companies can adjust

It is clear that the future of ad tech (and all other industries) will be defined by transparent technologies. Sure, users might be more willing to agree with personal data collection and processing if data controllers clearly explain every step of the data processing in simple terms. However, compliance to GDPR, CCPA and COPPA constitute so much more than transparent, consent-giving mechanisms. They require compliance on every level of business functioning, including technologies, internal processes and dealing with partners.

In order to meet the requirements, the IAB (international advertising bureau) developed special GDPR and CCPA compliance frameworks and released a guide to navigating COPPA. Google uses a list of rules and regulations to protect personal data, which must be followed by the organisations and partners that work with automated advertising. Apart from these, here are a couple of practices that they deem worth following:

1. Hire lawyers. Make sure privacy practices comply with all current laws. Perform internal audits regarding how those laws can affect your business
2. Create a clear privacy policy that is easy to update. Explain to users what they will receive in exchange for their data and how you will apply this information and protect it. Give people answers to all of the questions regarding their data usage and protection
3. Minimise data collection. Only collect and process information that is necessary for accomplishing certain purposes. As soon as data is no longer needed, delete it for safety reasons
4. Make sure your partners comply. Audit your partners and the technology they use. They must adhere to the principles of confidentiality and take all necessary measures to comply with the laws.
5. Implement a consent management platform when relevant. Make sure that users can control the use of their personal data. The consent request platform allows obtaining user permission directly from the site or app which streamlines personalised ad serving for publishers.

The bottom line

For any business, personal data serves as fuel for developing useful insights about existing and potential customers. However, the new era of privacy brings new challenges to businesses, especially those working in ad tech. On the one hand, the company should still be able to personalise advertising, and on the other hand, it should remain true to the principles of confidentiality and protection of personal data. International privacy frameworks are different and they continue to evolve. In relation to this, it is worth preparing beforehand and investing in mechanisms and procedures to ensure that your organisation is fully compliant.

The post The Ultimate Guide: Data Privacy Laws in Ad Tech appeared first on PerformanceIN.

For brands, it’s never been more important to understand who your audience are today, compared to six months ago, and to establish how they are interacting with different digital channels and publishers. Are they using the same platforms as before? Are they watching videos or listening to podcasts? Where is your audience, not simply in terms of where they live, but also how they move? How many are going out? How many are commuting? How many are visiting public places? Where are the eyeballs I need to reach? 

Media plans typically draw on a range of data sources to learn as much as possible about a brand’s target audience. This could range from mobile location data, which might be based on activity during the previous week, through to census data that might be anything up to a decade old.

Before the pandemic and the lockdowns, a strategic marketing plan could be reasonably expected to remain valid for at least six months to a year. However, post-pandemic, the shelf-life of marketing decisions has shortened significantly. Today, if you are making media plans and targeting customers based on data that’s even a few months old, the chances are you’re basing decisions on information that’s dangerously out-of-date.

Understanding & managing change

Going forward, benefits will be gained from using data assets that are updated daily and have a long window for retrospective analysis. This means organisations can take a view on what has changed since the start of the pandemic and quickly understand how it continues to change as the world opens up again. This analysis helps organisations impacted by a shift in audience or behaviour during COVID and informs their response.

This sort of analysis has been particularly welcomed by businesses that rely on physical customers, such as gyms and rail operators. The image below shows the difference in train operator’s audience between Q1 2020 and Q1 2021. Overall, there has been a drop of more than 50% in audience volume. However, this drop is not consistent across demographic groups or geographic locations. 

The darker locations signify locations with the most dramatic reduction in usage, while the lighter locations are those that have shown the greatest resilience. Using this information, train operators are able to understand who and where they should target their communication aimed at getting passengers back on their network. 

Any one of these insights could have a major impact on the success of a media plan if not successfully identified and acknowledged. This is an illustration of the benefits available to advertisers that stop relying on out-of-date, perishable data to target their campaigns.

Focusing on what matters, not what is easiest to count

Over the next 18 months, agencies and advertisers will need to balance new ways of working, with the need to adapt to a rapidly changing digital landscape. There will also be a focus on accessing, analysing and testing the use of non-personal targeting signals such as context, time and location, as the industry tries to ready itself for further data deprecation and respond to the privacy-first trend more generally. 

The move away from a reliance on third-party cookies will prompt advertisers to take a broader view of how their marketing channels are performing against key metrics. It will also help seek out external data sets that are rapidly updated, but not linked to walled garden platforms.

For performance marketers, leveraging such data assets can provide many benefits. These insights enable them to understand up to the minute consumer behaviour and apply it to their marketing in real time by translating them into efficient campaign optimisation and measurement opportunities. 

Performance marketers can also leverage this data to understand the performance of all media channels and the aggregate impact of different channels in combination. Rather than counting patchy cookie numbers and monitoring click through rates, this data allows marketers to understand their campaign’s impact on key metrics that matter to the business, such as incremental growth and market share gain.

This is a key moment for our industry. It is an opportunity to reduce our reliance on the things that are easiest to count and focus on making decisions that are backed by a holistic analysis and measurement framework and are strategically aligned to business goals. The future of data driven targeting is bright and a new approach can restore trust in marketing and advertising among advertisers and consumers alike.

The post Rethinking Data and Metrics Will be the Key to Post-Pandemic Marketing appeared first on PerformanceIN.

It’s easy to forget that digital marketing, by its very nature, has always operated at the cutting edge of business tech innovation and is constantly changing and evolving, usually for the better. 

This is not the first time the digital marketing industry has faced down a seemingly existential threat. Take the introduction of GDPR, for example. Then, just as it is now, the industry feared the loss of personal data, predicting that the entire ecosystem would collapse in on itself – but it didn’t. Instead, the industry has evolved and adapted to incorporate these privacy frameworks, as well as creating new technologies and generating new expertise in privacy and data ethics. 

Finding the opportunity in the challenge

It’s natural that big changes within an industry are often received with nervousness, fear and panic. Yet the digital marketing industry should have more faith in its robust nature, which inevitably always finds a new solution to every new challenge it faces. 

The restrictions on cookies and IDFA based tracking of consumers should be viewed as an opportunity rather than a threat. If you take a global perspective on this issue, new data regulations and ethical frameworks are all coming to fruition across the globe. The tide is clearly turning in one direction: towards greater respect for consumers’ data privacy. 

The current changes provide a good testing-ground for marketers to experiment and see what strategies will work for them in the future; how to adapt and stay nimble, while keeping an eye on the big players (such as Google, Apple and Facebook) who exert real influence over the evolution of the digital advertising ecosystem. 

Burying your head in the sand about the new restrictions to tracking is not a sustainable approach. There are still a few marketing professionals looking for work arounds, which obviously goes against the spirit of the new regulations and the broader ‘privacy-first’ trend. Marketers would do better to accept the direction of travel and adapt. By embracing the changes we’re seeing and investing wisely in new ways of working today, brands can get an edge on their competitors and future-proof their operations against any further changes to national and international data regulations.

Back to the future?

It’s easy to forget that marketing and advertising existed long before the internet and digital channels. This isn’t to say the marketing industry will simply revert to techniques that were around 30 years ago. Rather, the industry will draw on the best of those techniques in combination with the incredible power of modern AI and analytics tech to produce new insights about consumer behaviour and smarter, more informed creative campaigns. With this, I expect we will see a resurgence in contextual targeting based on platform, location, topic, or regular audience. Alongside this, a wider adoption of conversion modelling with reliance on using additional signals as a privacy-preserving measurement foundation to  inform strategic decisions.   

What’s more, those peddling doomsday scenarios may have underestimated the levels of willingness among consumers to share their data. While many believed that, if given the chance to opt-out of data sharing, 80-to-90% of consumers would ‘go dark’. Yet early indications suggest the figure right now is closer to just 60%. This still leaves brands with 40% of their first-party customer data to analyse, interpret and extrapolate across their wider strategy. 

This first-party data will be the key to campaign success. Marketers must use this data smartly and identify the common traits and characteristics of their ideal customers to help build out predictive modelling techniques. By using these personas and audience segments to design 21^st century data-enabled contextual advertising campaigns, it’s possible to target customers on their preferred channels. Additionally, by continuing to search for new audiences and opportunities to develop first-party data with emerging channels such as podcasts and digital out-of-home, it will still be possible to deliver impactful omni-channel campaigns. 

By backing away from one-to-one hyper-personalisation at scale that the industry has become used to, marketers will be forced to think more creatively about how they engage consumers with brand messaging. Rather than being the ‘end of days’ for digital marketing as we know it, the current disruption should be regarded as a golden opportunity to create a new trusted ecosystem that delivers better experiences for everyone involved in the creation, distribution and consumption of digital advertising. 

The post Why the Loss of Tracking is Not the End of the World for Digital Marketers appeared first on PerformanceIN.