The Interactive Advertising Bureau has just gone on the record in favor of Federal privacy regulations, and with the looming ePrivacy Regulation and the California Consumer Privacy Act, it’s clear that scrutiny around data usage and privacy is only getting louder.
It’s not just the looming ePrivacy Regulation or the California Consumer Privacy Act — the digital ad industry is facing a whole new paradigm around the collection and management of customer data, one that’s forcing platforms and publishers to put
privacy first when it comes to product development.
But as the following best practices will show, compliance doesn’t necessarily mean less effective advertising. In fact, there’s ample opportunity for companies to drive growth and innovation while staying on the “right” side of the privacy equation.
Educate and Evangelize Throughout Your Organization
Building ad products in the age of “Privacy 3.0” starts with identifying the various business risks (or opportunities) that could come from launching a potential new feature. And your team can only make effective risk assessments if they understand the kinds of
behaviors the various regulations are trying to prevent (or encourage).
Data and privacy regulations vary by myriad factors — including region, country, service-provider type, and more — and while you can’t expect your product and engineering teams to become compliance experts, there should at least be a baseline understanding of how to be compliant, and what happens to companies that aren’t.
It’s worth doing a few cross-department or company-wide town halls to educate your entire organization on what the privacy regulations mean and why they’re important. Having a senior product evangelist co-present the information alongside legal can also help make these seemingly abstract regulations more real, by making an explicit connection to how they impact the features and services your team can offer.
Instill a Mindset of “Privacy by Design”
For most companies in our space, instilling a mindset of “privacy by design” requires a bit of an adjustment. That’s because the new regulations have pushed what were previously back-end processes — such as data collection, management and protection
— to the forefront of the user experience.
So when it comes to developing new data-driven products or services, starting with a clear understanding of what the desired user experience will be for opting-in, out, or otherwise managing privacy is key. One solution might be to work a privacy checklist into the product development cycle.
The idea is to prompt product managers, engineers and even the sales team to discuss questions such as — “How will this affect users in the EU?” and “Does this new integration require passing data to another partner?” at every phase.
Be Vigilant About Your Partners’ Adherence to Privacy Standards
The rush to become “privacy-compliant” has created room for opportunistic companies to profit from touting solutions that may not actually help publishers or ad platforms adhere to the laws.
This is why it’s important for publishers, platforms and advertisers alike to work with partners and vendors that are in support of a unified framework like the IAB’s consent framework, and to stay up-to-date on the various elements for compliance if you’ve
elected to build your own solutions in-house.
From internal CMS systems that allow user comments to third-party verification and viewability monitors, to the DSPs, SSPs and exchanges in between, there are so many different pipes that customer data can flow through and so many opportunities for the
“wrong” things to be done with that data.
Working with sanctioned partners means that at a minimum, they’re adhering to the safeguards that the industry has deemed mandatory. And while it may not be as easy as flipping a switch, these trusted partners should be able to help stop tracking, targeting or otherwise using data if a customer does opt out.
Know That Compliance Won’t Get Easier — But the Benefits Will Be Better
The dust is still settling in terms of GDPR’s global impact on the revenue and ad performance, but we’re already gearing up for adherence to the ePrivacy Regulation. This new set of laws takes GDPR and adds an additional layer of clarification — but also more hoops to jump through, particularly as it pertains to cookies, email and text messages.
Meanwhile, the California Consumer Privacy Act doesn’t go into effect until 2020, but it’s one of the most well-articulated privacy regulations in the history of the US. And after years of arguing for industry self-regulation, the IAB has just gone on the record in favor
of “sensible” privacy regulations from Congress.
All this is to say that the days of building ad products and services that capitalize on user data without consent — or at the very least, offering anything of value in return — are fading quickly.
Advertisers, publishers and platforms that move to create experiences that treat customer privacy and data as the valuable resources they are will start to see competitive advantages, as their reputations, products and businesses will be seen in a much more favorable light.