Wednesday, September 23, 2020

The Challenges and Opportunities New Data Privacy Laws Present to Digital Marketers

New digital privacy laws, such as the GDPR in Europe and CCPA in California, are fundamentally transforming marketing and advertising. Oracle’s Dan Feuer, Director of CX Strategic ISV Partnerships, recently spoke with Sourcepoint CEO, Ben Barokas, about the data challenges marketers now face due to these regulations. 

What have been the most significant compliance challenges for marketers so far? 

One of the most fundamental challenges has been that the new privacy laws require a new way of interacting with the consumer. For example, engaging consumers about data usage can prove to be rather difficult; you try to strike a balance between complying with the law and staying true to your brand experience. Marketers must provide consumers with a high degree of transparency and control over their data, but in a way that minimizes friction as much as possible.

This is inherently challenging due to both the complexity of martech architecture and the consumer education its complexity requires. Under GDPR, for example, the consumer must provide “informed consent” to the collection and sharing of their data. Once the consumer has provided their informed consent, marketers must ensure seamless and secure data flow, to maintain compliance and chain of custody. Conversely, under CCPA (California Consumer Privacy Act), marketers isolate consumer data where consumers have opted-out. In either regime, to avoid regulatory action marketers need insight and assurance that the proper process will be followed as their consumer data moves through the ecosystem.       

Advertisers complying with GDPR and CPPA are also responsible for ensuring compliance between their first-party data and their inventory sources. The very nature of compliance requires a high degree of communication and coordination within the ecosystem. Companies must offer consumer data access and deletion request and delivery experiences that are thorough, secure, and low friction. For many, incorporating these new practices into existing marketing programs has been a tricky path to navigate.

What has been the impact on advertisers?

In the EEA (European Economic Area), under GDPR, brands must obtain consent to collect and use data for retargeting. In the US, we haven’t seen full regulatory enforcement yet, but under CCPA, advertisers must adhere to consumer opt-out preferences. As Congress works to craft a federal data privacy law, some large brands have come under fire from Congress about their disclosures. The potential impact on brand equity is significant because data ethics is a big component of brand safety. Advertisers are ultimately responsible for ensuring that they’re using compliant data and inventory sources.

We know that privacy laws are rapidly evolving—how does a marketer or advertiser even comply today but remain agile enough for the future?

Rapid is a bit of an understatement. Over 70% of countries around the world have data privacy legislation in place or are in the midst of drafting new laws. Acceptable data practices developed two years ago have already become antiquated., but we may have entered an era where data privacy is considered a fundamental human right.  In survey after survey, many consumers say they are concerned about their data privacy and believe that companies and regulators need to be doing more to protect it.

Most businesses experience an initial period of adjustment as they learn to navigate varying guidance from different regional Data Protection Authorities (DPAs). And we tend to see companies embracing a proactive approach to compliance.  My team and I tell today’s marketers and advertisers to design for privacy—and ensure that they can execute against their organization’s data privacy standards whenever and wherever they’re interacting with consumers.

How are Sourcepoint and Oracle helping marketers and advertisers build trust with consumers? 

Here at Sourcepoint, we focus on empowering companies to engage consumers in dialogue about how their data is used. Our consent management platform (CMP) captures consumer privacy preferences on multiple channels—web, mobile, OTT, audio—and then syndicates those preferences throughout your marketing tech stack and the digital advertising ecosystem. Activating that data with Oracle CX builds trust because the experiences are tailored for the consumer with the consumer’s permission. Our research has shown that when consumers are provided with explicit choices, they are more responsive to your message. Furthermore, our platform’s consumer-facing messaging is fully customizable, allowing you to provide transparency and control that feels like an extension of your brand.

Our goal is to help advertisers stay abreast of changing regulatory guidance and how the industry is reacting to it. We conduct audits and perform benchmarking to help advertisers understand the degree of compliance exhibited by inventory sources, so you can ensure your message appears only on channels that meet your standards.

Many businesses are just starting their privacy journey—what can they do to get ahead? 

When building out a privacy program, my advice is to remember that it’s never just about complying with privacy laws. Checkbox compliance is a thing of the past. Today’s businesses strive to be proactive and design for privacy—and ensure that they can execute against their organization’s data privacy standards whenever and wherever they’re interacting with consumers.

Every company has their unique needs and challenges, of course, but an important first step is to prepare a cross-functional team to create a compliance workflow. Privacy touches on so many different aspects of a company—tech, legal, ad ops, CX, marketing—that it’s important to bring everyone together right away to ensure a smooth implementation. Your team will need to figure out whether to take a global approach to data privacy or to focus on specific regions.

Regardless of whether you’re taking a global approach or not, it’s critical to prioritize reviewing the vendors you’re working with. This is often the biggest source of risk for organizations. Talk to stakeholders to gain a complete understanding of which third parties are most important. This will influence your view of your organization’s data usage.

Lastly, a common thread in privacy laws is the principle of data minimization: only collect the data that you need. So, understanding what data is really needed—and by whom and for what—should really be at the core of any privacy program.

What’s the next frontier in privacy that companies should be paying attention to?

OTT (over-the-top) streaming video—or video content delivered via the internet, bypassing the traditional linear TV delivery mechanisms like cable, broadcast and satellite—is currently a clear area of exposure. Consumption on OTT has increased faster than audiences can be monetized, but these relationships are endangered if brands continue to use consumer data without the permission of their audience. We believe regulatory scrutiny is imminent, especially given the incredible rise in OTT consumption that we’ve seen as a result of the COVID-19 pandemic. I believe that the companies who take the lead in providing transparency and control now will have minimal impact on their business model down the line. 

The potential for personalization on OTT is powerful, but the ability to deliver a true cross-channel experience depends on consent—and being able to effectively tie that consent to identity.

What does the future of marketing and advertising look like from your perspective?

The future of marketing and advertising will depend on the responsible usage of data. It’s contingent upon all the different ecosystem players working together to evaluate what’s important to their business, what’s important to regulators, and most importantly, what’s important to consumers.

We should approach our relationship with the consumer from an opt-in or permission mentality. Not only because it’s the most ethical approach to using consumer data—or required by law—but because offering choice drives performance. Ad spend is maximized when consumers agree to receive your message. It’s as simple as that.

Furthermore, the brands who ensure that data is protected throughout the ecosystem in accordance with the highest standards will be repaid with consumer trust, higher purchase intent, and brand favorability.


The quality of data and how you use it make a huge difference when it comes to a marketing campaign’s results. To learn more::



from Oracle Blogs | Oracle Marketing Cloud