30-second summary:
- More consumers are spending time online during the pandemic, increasing shopping activity and subsequently their online data presence.
- Data privacy is becoming increasingly important to consumers, playing a big role in a positive customer experience.
- Privacy regulations are becoming more convoluted due to external forces like state-by-state policies and COVID-19.
- Marketers must proactively integrate consumer privacy into their data practices to maintain customer trust.
It’s no secret social distancing has people spending more time streaming, gaming, and online shopping. In fact, more than a third of consumers say they expect to spend more on online marketplaces because of COVID-19.
They also have more time – and for various financial reasons, more inclination—to reevaluate their household budgets and research the costs of major-life purchases (MLPs), like mortgage and refinancing rates, automobiles, and insurance. And as more people shop online, particularly in categories that involve lead generation, privacy becomes increasingly more important to the customer experience.
A 2019 survey showed nearly a third of respondents say they would cut engagement with a company over improper data sharing.
Increased connectivity has also ushered in new waves of regulations, like the European Union’s (EU) General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
A convoluted “Privacy Policy and Terms of Agreement” checkbox might not be enough. Compliance isn’t easy or cheap, but it’s an integral part of a wider company strategy.
Mishandling data does not (Read more...) cost a company directly in the form of penalties and fines, it can also harm its reputation in the short and long-term.
Now more than ever companies should be reevaluating their plans for data protection and incorporating the importance of consumer privacy protections into the DNA of their organizations.
What will consumer data privacy look like in a post-COVID world?
Current state of regulations
Privacy regulations aren’t a new concept; they date back all the way to the 1970s with the Fair Credit Reporting Act and have grown to include the Telephone Consumer Privacy Act of 1991, the EU’s General Data Privacy Regulation (GDPR), Children’s Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA) and, more recently, the COVID-19 Consumer Data Protection Act of 2020.
We saw very real consequences for companies that failed to comply with the EU’s GDPR; in 2018, British Airways was fined over $200 million for noncompliance. In the U.S., the CCPA was introduced in 2018 and enacted July 1, 2020.
However few companies are ready to take on this regulation. This was true in 2019, and with marketers facing unprecedented circumstances due to COVID-19, likely remains true for many organizations today.
Other states, including Washington, Florida, Nebraska and New York, are trying to implement regulations similar to the CCPA. But new and segmented privacy regulations are proving to be a challenge for companies that conduct business in multiple states.
According to the Braze Data Privacy Report, 40% of marketing executives say that lack of legal clarity is a barrier to implementing stricter privacy practices at their organizations. Other barriers included complexity, cost, and time required for implementation.
This challenge has only grown in the midst of pandemic.
Added complexity with COVID-19
Consumers are caught between a rock and a hard place. While many accept that they must rely on technology during COVID-19 that will inevitably collect their data—like Zoom and Microsoft—many are also aware of the vulnerable position data sharing puts them in.
Consumers will only become more concerned about their privacy rights in the months and years ahead, and they will come to expect safety, consent options, as well as value in return when sharing their data.
Regulation implementation barriers will likely become more challenging as external factors like COVID-19 continue to shape the data privacy landscape.
For example, many EU companies say they are experiencing “blurred lines” when it comes to “emergency data laws” in GDPR, similar to the U.S., where merchants are confused as to what data they can access and how.
Meanwhile, some businesses have started developing solutions that collect consumer data to track the pandemic’s spread.
Companies should be bracing for the recently introduced COVID-19 Consumer Data Protection Act of 2020 which “prohibits covered entities from collecting, processing, or transferring an individual’s personally identifiable information for the purpose of contact tracing with respect to COVID-19 (i.e., coronavirus disease 2019) without first obtaining the individual’s affirmative consent to use such information,” setting the stage for future emergency situations, and affect future privacy regulations.
Marketing in a privacy-first world
As discussed earlier, CCPA’s popularity has influenced other states to follow suit.
In addition, Sen. Kirsten Gillibrand (D-NY) proposed the creation of a Data Protection Agency (DPA) to handle all customer complaints in regards to data misuse and regulate big data companies like Google and Facebook.
First and foremost, marketers must be proactive about data privacy. The model customer experience always puts the customer first. This is still true but marketers must change their approach to accommodate consumer privacy concerns.
As consumers develop a more sophisticated understanding of data and all that it entails, privacy concerns and customer experience will become one in the same.
When it comes to best practices in data use, the first step is to examine the source:
- If it’s first-party data, do your customers understand what their data is being used for?
- If it’s third-party data provided by a lead generator, has it been collected in a compliant matter? Some marketers are still surprised to find out that in a lawsuit you will be held accountable, not the vendor.
- Are you keeping records that prove you’ve received permission from a customer to use their data? If you’re working with a data vendor, have you vetted their record-keeping process?
It’s also vital to reevaluate your compliance plan. If you don’t have an in-house compliance staff, consider having some sort of solution in place.
Jornaya expanded their TCPA Guardian Solution with First Party Privacy Guardian, which provides additional data compliance benefits for hundreds of marketers.
The solution is designed to cover current regulations like the TCPA and CCPA with plans to accommodate future state and federal regulations that might follow.
Trust at the center of CX
Before COVID-19, if someone were truly concerned about their data being misused they had the option to avoid it by limiting their digital interactions.
In the light of pandemic, that choice is eroding faster as the world’s digital reliance becomes less of a preference and more of a requirement of modern day life. Staying connected in an isolated world means countless data collectors will have access to more and more information.
Meanwhile, consumers are becoming more sophisticated in regards to data privacy It’s reported 85% of consumers will take their business elsewhere if they feel a company isn’t handling their data appropriately.
Noncompliance can not only lead to fines and legal ramifications, but it can also ruin trust between a brand and its consumers.
During a time when people have no choice but to use IoT devices and share their information, it’s a competitive advantage for companies to ensure they are using ethical data practices and providing exceptional consumer experiences.
The best way to do that is to know exactly where your data is coming from and how it’s being used and have a plan in place for addressing new regulations as they become law, while always providing the consumer with value in your interactions.