Privacy laws

1. Privacy laws

Data privacy and laws such as "GDPR" have shaped the way businesses handle data. It is paramount for Marketing Analysts to understand and protect customer privacy.

2. Privacy landscape

There are many laws around the world trying to protect personal data in different ways. These laws usually require deleting user data on request, masking user identifiers, and limiting data use for marketing purposes. Frequently, this leads to reduced data volume and granularity, and losing the ability to join all customer data. While we don't need to become lawyers by the end of this course, Marketing Analysts must understand the basics of data privacy and proactively flag potential privacy risks in data.

3. Personally Identifiable Information (PII)

Another term that might sound familiar is Personally Identifiable Information, also called "PII." PII is any information that can identify an individual. Some PII is obvious: someone's name and address can identify a person uniquely. With digital tracking, PII expands to include IP addresses, website logins, and other data that digitally identifies a person. Unfortunately, privacy laws interpret PII differently, but with practice, Marketing Analysts can become skilled at anticipating which data could be considered PII.

4. Advertising tracking

How do we gather data that could be considered PII? Online channel tracking relies on cookies: small files that store browsing behavior. Offline channels only use cookies with digital tactics (like streaming radio).

5. Cookie implications

There are two main types of cookies; first-party cookies are used by individual websites to store visiting customer data. Third-party cookies collect data across many domains for advertisers who want to display relevant ads. Privacy laws impact all types of cookies, but third-party more than first-party. This is because third-party cookies track the customer broadly, which leads to uses that the customer did not agree to. Marketing Analysts must keep this in mind and be aware of which type of cookies capture marketing data.

6. General Data Protection Regulation (GDPR)

Let's talk about GDPR! GDPR was the first privacy law enacted at scale to limit the use of PII. It applies to users living in the European Union. We are probably used to "tracking consent" banners now - it was GDPR that started that standard. GDPR requires companies to disclose data collection, and customers must opt-in to tracking. The GDPR definition of PII includes names, addresses, photos, and IP addresses. GDPR violations are severe: companies can be fined up to 4% of revenue. Analysts must flag potential GDPR misuse of PII to keep customer data safe.

7. Privacy risk formula

There is an easy way to narrow down which data will be restricted or hidden to meet privacy law requirements. If we consider the channel, geography, browser or operating system, and any potential PII, we can see which laws apply. For example, if we have a paid search campaign targeting users in California, we will have to consider California's privacy laws. Other factors to consider are that Apple devices on the iOS14 operating system are moving to opt-in tracking, and in the future, Google Chrome will block third-party cookies. This will limit the ability to target customers using Chrome. If we use this formula to anticipate privacy implications, we can safely analyze and report on marketing data!

8. Let's practice!

Let's test out how well we can identify privacy risks!