Branding

How to Craft a Truly Customer-Centric Privacy Policy

Privacy policies have never been a hot topic.

However, recent changes brought about by GDPR in May led to a flood of privacy policy update emails to customers. In turn, the idea of a privacy policy took on a meme level of notoriety, invoking eye rolls and no shortage of jokes.

Smart brands, however, were left wondering how they can use their privacy policies to engage customers instead of alienating them.

Here’s the thing: Your privacy policy is an opportunity for your brand to take a stand on consumer data. Crafting a customer-friendly policy is more than a formality. In the age of customer engagement, it can create a unique selling point for brands.

Taking time to communicate your privacy policy to your customers in an engaging way is a good step on the path to what the Arthur W. Page Society calls “authentic advocacy.”

Understanding GDPR: Changes and Opportunities

Russell Brandom, a reporter for The Verge, highlights the key takeaways from the GDPR changes. They require companies to ask for user consent of data collection more often, to make the fine print of TOS more transparent and to rethink how they approach analytics, logins and advertising. “The most profound changes will take years to play out, potentially reshaping the web as we know it,” Brandom summarizes.

The point of the law was to make companies be clear with consumers about how they are using private data. The result, however, has been a little more ambiguous. Nitasha Tiku has a great write up in Wired on how the purpose of GDPR got flipped on its head. The idea of the law was to minimize the collection of consumer data while clarifying customer consent. Instead, Tiku writes, many companies are covering the changes up:

“Many of the law’s defenders say companies are using these [privacy update] emails as a way to avoid the underlying principles of clear disclosure. In some cases, their requests for consent are unnecessary, spamming you when they already had a legitimate reason to have your info; in other cases, organizations are using GDPR to mask the fact that they never had any right to your data in the first place.”

But the changes introduced by GDPR are not all actions against companies. In some cases, they allow better access to consumers. One requirement is for “data portability,” which Popular Science’s Stan Horaczek says “allows users to take their content with them to another service or save it for posterity.”

These changes did not come out of nowhere. They are largely based on the public’s concern with privacy in the digital age.

As CSO chief editor Michael Nadeau reports, “Lack of trust in how companies treat their personal information has led some consumers to take their own countermeasures.” This includes falsifying data when signing up for services online. “Security concerns, a wish to avoid unwanted marketing, or the risk of having the data resold were among their top concerns,” Nadeau concludes.

This makes it clear that the GDPR changes are not just about legal compliance; they are about redefining how online brands engage with customers — something CloudCherry CEO Vinod Muthukrishnan says is under constant change.

The takeaway here is that companies with the right mindset have an opportunity. They are now in a position to get ahead of GDPR’s changes, and in doing so they can fortify both their brand image and the way they communicate policies and values to customers.

Let’s jump into what this could look like.

clean environment concept - customer-centric privacy policy

Moving Past the Notoriety: Good Privacy Policies for Good Brands

The foundation of this post is that communicating your privacy policy to consumers does not have to be a chore or a nuisance.

“GDPR will helps us all be transparent about where, when and how data is used and who it is communicated to and processed by,” writes Liz Henderson, a management consultant for IBM. “Providing a Privacy Notice is an important part of fair processing aiding the transparency process.”

In other words, a good privacy policy is more than a formality. It is a way for companies to introduce a level of transparency to their interactions with consumers. Used the right way, a great privacy policy addresses consumers’ concerns with digital privacy and acknowledges their desire for a personalized experience.

Just How Much Value Do Consumers Place on Data Privacy?

James Melton at DigitalCommerce360 jokingly notes that digitally savvy consumers are wary of how their information is being used online — but they love special offers and other forms of personalization.

Cognizant brands can strike a balance here in the way they communicate with online customers. The research from SheerID that Melton is pulling from found that 94% of consumers value personalized offers, while 83% were concerned with how the data used to qualify them would be used. The point is consumes place value on data privacy, but don’t mind brands using personal data as long as they’re open about it.

Didier Benkoel-Adechy is a segment marketing specialist at Gemalto. Before the policy changes went into effect, he echoed these sentiments: “Attitudes towards private information such as of how, when and why users are contacted, as well as the sharing of location data, have evolved. People will share this data in exchange for personalized offers that deliver seamless and intuitive services.”

In other words, personalization is at the cross-section of data privacy and customer engagement.

Transparent Personalization

If companies are using data to personalize their interactions with consumers, they don’t have to keep this a secret. In fact, they can use it as a selling point.

At the same time, companies that protect customer data can make it clear the data will not be shared or sold. As Web Marketing Pros lead Peter Roesler puts it, “It’s important to keep in mind that just because technology makes something possible doesn’t mean it’s something a business should do.”

The bottom line is this: A clearly communicated and honest privacy policy is the solution to what analytics firm SAS calls the “privacy personalization paradox.”

So, how do you go about crafting a customer-friendly privacy policy?

The News You Need

Stay in the know and sign up for our monthly newsletter!

Getting to Yes: Formulating a Customer-Friendly Privacy Policy

The goal is to create an accessible and privacy-focused policy. Justin Dallaire of Strategy Online reports that consumers want more user-friendly privacy policies. In fact, two-thirds say they would like to see clear policy information on a vendor’s website.

Given the above discussion of engagement and consumer concerns, this does not come as a surprise. But what about actually formulating the privacy policy?

Writing for the American Marketing Association, Molly Soat notes a good step is to speak like a lay person, not like a lawyer. Make the written policy as conversational as possible. Ben Davis at Econsultancy echoes this sentiment, saying that privacy policies should be concise, intelligible and easily accessible — “written in clear and plain language.” Check out Davis’ article for a fantastic example of a customer-friendly privacy policy message.

In contrast, Shannon Wheatman and Michelle Ghiselli at the International Association of Privacy Professionals (iapp) note that most policies are poorly written and “unlikely to be understood by the average consumer.” Brands can easily stand out from the crowd by drafting a short, conversational and immediately apparent policy for their sites.

The approach is even better if you are transparent — and bold — about the fact that you support data privacy by not sharing your customer’s information with third parties. Just make sure that’s true!

customer - customer-centric privacy policy

Taking the Next Step: Communicating Your Privacy Policy to Your Customers

The first thing to keep in mind in actually communicating your policy is to make its goal of transparency clear. In the Financial Times, Hannah Kuchler and Aliya Ram note that this is something Facebook is attempting with mixed results.

Technology writer Christian Stewart gives an example of what not to do: “So far, the ways Facebook asks for consent aren’t accept or decline. You can either ‘Accept and Continue’ or ‘Manage Data Settings’ – neither of which allows users to directly opt out.”

With this in mind, companies will do well to be explicit about their opt-in and opt-out options.

For example, Alon Alroy of Bizzabo writes at Target Marketing that a good step is to introduce a double opt-in feature for contacts to be added to your CRM. It’s not a legal requirement, but it will go a long way in showing your target audience that you care about their privacy.

The other important element in communicating your privacy policy to customers is to make it accessible. Florian Schaub at The Conversation notes that policies should be accessible, understandable and actionable: “The key to turning privacy notices into something useful for consumers is to rethink their purpose.”

Allen Brandt at iapp gives a great overview of how LinkedIn succeeds in communicating its privacy policy in short blocks. “In addition to incorporating a short video, they broke the information into very small parts and have an icon and a summary next to each section letting the user navigate easier to their area of interest and highlight what is in each section,” Brandt writes.

To the privacy law expert, this is an example of how organizations are “rethinking how to connect with their users and make these required policies part of their branding message and less of just a legal requirement.”

With the right message, companies can engage with customers online while remaining transparent — a fresh approach, indeed, in the digital age.

Images by: bacho12345/©123RF Stock Photo, solerf/©123RF Stock Photo, szefei/©123RF Stock Photo

How Can We Help?













Schedule a demo