Customer Data Privacy Issues in Digital Marketing

In the era of digital marketing, the issue of personal data protection is particularly acute. For example, the CLOUD Act, adopted in the United States in 2018, jeopardized the confidentiality of information stored by American companies, regardless of their geolocation. This Act shows that the government of the country has become a regulator of digital data exchange, and this cannot fail to affect business.

Let's talk about which laws on protection of confidential data have come into force, and how companies are reacting to this.

The Struggle for Data at the State Level

GDPR in the EU

GDPR provides EU citizens and residents with full control over their personal data. Even if a person's data is located in another country, they can easily control it. In case of violation of the regulation, the EU may impose a fine of up to €20 million or to recover 4% of total revenue for the preceding financial year.

Users complained that the company had no legal right to process their personal data to show ads based on it. Later it turned out that people hadn't given full agreement on the data processing.

In 2020, H&M was fined for violating its employees' privacy. Supervisors of the company collected information about vacations and medical diagnoses of employees on sick leave. Even data from workers' personal conversations was recorded and stored. The collected information was stored on H&M servers, and at least 50 managers had access to it.

In October 2019, a server error made the information publicly available, which caught the attention of regulators.

In 2021, Amazon received a huge fine for collecting and transmitting personal data using cookies. This was not the first company's fine for violating GDPR data protection rules.

The CLOUD Act in the USA

The CLOUD Act came into force on March 23, 2018 and immediately caught public attention. The fact is that the CLOUD Act violates the balance in data protection. How? Let us tell you.

This Act particularly affected the General Data Protection Regulation (GDPR).

The European Data Protection Board (EDPB), an independent European body, concluded that service providers from the USA, also subject to the EU GDPR, cannot legally justify the disclosure and transfer of personal data to the United States on the basis of a warrant or other court order. Personal data can be transferred outside the EU only on the basis of a Mutual Legal Assistance Treaty (MLAT).

Data protection law in China

On August 20, 2021, the Personal Information Protection Law (PIPL) came into force in China.

Network resources are now required to provide users with automated processing options that ensure customer privacy.

The Struggle for Data in the Digital Sphere

In 2020, Google restricted Third-Party Cookies in Chrome via the SiteName directive.

In early February 2020, Google released Chrome 80 that supports blocking third-party cookies (called SameSite cookies). This feature is fully available to all Chrome users until 2022.

Starting from March 24, 2020, Apple blocks the installation of Third-Party Cookies.

On the one hand, this is a big step towards user privacy. On the other hand, without analyzing user online activity, it will be difficult for companies to offer relevant products and services to customers.

Since April 26, 2021, Apple has been requesting tracking permission from customers using iOS 15.

On April 26, 2021, Apple introduced a new version of iOS (14.5) in which it banned iOS apps from direct access to IDFA (The Identifier for Advertisers). Apps are now required to request confirmation, and people will decide for themselves whether to use IDFA or not.

Thus, Apple has broken the current advertising traffic system. If iOS user refuses to use the identifier, it leads to a decrease in the quality of mobile traffic attribution and an increase in the cost of customer acquisition.

The main problem of the system is that developers and advertising systems will not have data at the user level. The data will be only in aggregate form in ads account.

The Global Trend: Privacy First

Big data is popular with organizations because it promises improved operations and new business opportunities.

Customer data gives us:

• new insights;
• improved products;
• understanding of the audience;
• trustworthy communication with customers;
• improved marketing strategies;
• more personalized offers;
• increased conversion and sales.

At the same time, big data is easier to leak, which in turn compromises people's privacy and violates data protection laws.

Today, users are concerned about the safety of their personal information. They are increasingly asking companies questions about data privacy. Companies are responding by blocking access to customer data on their platforms.

With the Privacy First approach, the user's privacy comes first. This means that companies are no longer collecting unnecessary personal data about their customers.

Conclusion

So, as you may have noticed, today the struggle for data has reached the national level: GDPR in the EU, the CLOUD Act in the United States, the Personal Information Protection Law in China, and ecosystems shutdown can completely monopolize the customer data market.

This suggests that in the current situation, there is one right solution: to build an independent system for collecting and managing customer data for direct and secure communication with customers in the digital environment. We'll talk more about it in next week's article.