Privacy policies have never been a hot topic.
Smart brands, however, were left wondering how they can use their privacy policies to engage customers instead of alienating them.
Understanding GDPR: Changes and Opportunities
Russell Brandom, a reporter for The Verge, highlights the key takeaways from the GDPR changes. They require companies to ask for user consent of data collection more often, to make the fine print of TOS more transparent and to rethink how they approach analytics, logins and advertising. “The most profound changes will take years to play out, potentially reshaping the web as we know it,” Brandom summarizes.
The point of the law was to make companies be clear with consumers about how they are using private data. The result, however, has been a little more ambiguous. Nitasha Tiku has a great write up in Wired on how the purpose of GDPR got flipped on its head. The idea of the law was to minimize the collection of consumer data while clarifying customer consent. Instead, Tiku writes, many companies are covering the changes up:
“Many of the law’s defenders say companies are using these [privacy update] emails as a way to avoid the underlying principles of clear disclosure. In some cases, their requests for consent are unnecessary, spamming you when they already had a legitimate reason to have your info; in other cases, organizations are using GDPR to mask the fact that they never had any right to your data in the first place.”
But the changes introduced by GDPR are not all actions against companies. In some cases, they allow better access to consumers. One requirement is for “data portability,” which Popular Science’s Stan Horaczek says “allows users to take their content with them to another service or save it for posterity.”
These changes did not come out of nowhere. They are largely based on the public’s concern with privacy in the digital age.
As CSO chief editor Michael Nadeau reports, “Lack of trust in how companies treat their personal information has led some consumers to take their own countermeasures.” This includes falsifying data when signing up for services online. “Security concerns, a wish to avoid unwanted marketing, or the risk of having the data resold were among their top concerns,” Nadeau concludes.
This makes it clear that the GDPR changes are not just about legal compliance; they are about redefining how online brands engage with customers — something CloudCherry CEO Vinod Muthukrishnan says is under constant change.
The takeaway here is that companies with the right mindset have an opportunity. They are now in a position to get ahead of GDPR’s changes, and in doing so they can fortify both their brand image and the way they communicate policies and values to customers.
Let’s jump into what this could look like.
Moving Past the Notoriety: Good Privacy Policies for Good Brands
“GDPR will helps us all be transparent about where, when and how data is used and who it is communicated to and processed by,” writes Liz Henderson, a management consultant for IBM. “Providing a Privacy Notice is an important part of fair processing aiding the transparency process.”
Just How Much Value Do Consumers Place on Data Privacy?
James Melton at DigitalCommerce360 jokingly notes that digitally savvy consumers are wary of how their information is being used online — but they love special offers and other forms of personalization.
Cognizant brands can strike a balance here in the way they communicate with online customers. The research from SheerID that Melton is pulling from found that 94% of consumers value personalized offers, while 83% were concerned with how the data used to qualify them would be used. The point is consumes place value on data privacy, but don’t mind brands using personal data as long as they’re open about it.
Didier Benkoel-Adechy is a segment marketing specialist at Gemalto. Before the policy changes went into effect, he echoed these sentiments: “Attitudes towards private information such as of how, when and why users are contacted, as well as the sharing of location data, have evolved. People will share this data in exchange for personalized offers that deliver seamless and intuitive services.”
In other words, personalization is at the cross-section of data privacy and customer engagement.
If companies are using data to personalize their interactions with consumers, they don’t have to keep this a secret. In fact, they can use it as a selling point.
At the same time, companies that protect customer data can make it clear the data will not be shared or sold. As Web Marketing Pros lead Peter Roesler puts it, “It’s important to keep in mind that just because technology makes something possible doesn’t mean it’s something a business should do.”
The goal is to create an accessible and privacy-focused policy. Justin Dallaire of Strategy Online reports that consumers want more user-friendly privacy policies. In fact, two-thirds say they would like to see clear policy information on a vendor’s website.
In contrast, Shannon Wheatman and Michelle Ghiselli at the International Association of Privacy Professionals (iapp) note that most policies are poorly written and “unlikely to be understood by the average consumer.” Brands can easily stand out from the crowd by drafting a short, conversational and immediately apparent policy for their sites.
The approach is even better if you are transparent — and bold — about the fact that you support data privacy by not sharing your customer’s information with third parties. Just make sure that’s true!
The first thing to keep in mind in actually communicating your policy is to make its goal of transparency clear. In the Financial Times, Hannah Kuchler and Aliya Ram note that this is something Facebook is attempting with mixed results.
Technology writer Christian Stewart gives an example of what not to do: “So far, the ways Facebook asks for consent aren’t accept or decline. You can either ‘Accept and Continue’ or ‘Manage Data Settings’ – neither of which allows users to directly opt out.”
With this in mind, companies will do well to be explicit about their opt-in and opt-out options.
For example, Alon Alroy of Bizzabo writes at Target Marketing that a good step is to introduce a double opt-in feature for contacts to be added to your CRM. It’s not a legal requirement, but it will go a long way in showing your target audience that you care about their privacy.
To the privacy law expert, this is an example of how organizations are “rethinking how to connect with their users and make these required policies part of their branding message and less of just a legal requirement.”
With the right message, companies can engage with customers online while remaining transparent — a fresh approach, indeed, in the digital age.
Images by: bacho12345/©123RF Stock Photo, solerf/©123RF Stock Photo, szefei/©123RF Stock Photo