Finding the E-Privacy Middle Ground: Address Customers’ Concerns While Still Gaining Valuable Tracking Data
The enactment of e-privacy legislation in the European Union (E.U.) is right around the corner. For many U.S. companies that sell products online in both continents, the new rules must be followed by their E.U. operations. For U.S.-only businesses, however, the Obama administration is tightening its focus on e-privacy, and the E.U. laws offer a precedent for how to meet customers’ desires here at home. Despite the fact that there are different legislative/regulatory regimes in the E.U. and U.S., the practical solutions are really quite similar: "Do-Not-Track," tag management, consent mechanisms, ad choices, industry self-regulation and end-user education are all part of the mix.
The E.U. legislation isn't a simple textbook law to follow. The law is complex and has many sides to it that can cause confusion around how it should be implemented. However, in the medium term, while effective policing of the legislation is being worked out, browser Do-Not-Track will play a large part in the solution. In the immediate term, given the lack of clear guidance from regulators, any legitimately reasonable presentation of cookie information and an opt-out mechanism is a good way to show necessary good intentions to regulators should they ask.
To help marketers get started, while giving U.S.-only companies some guidance on how to bring e-privacy into their online marketing strategies, below is a guide to several online industry self-regulation best practice initiatives and key steps online marketers can take to appease customers.
1. Conduct a cookie audit. Engage the right internal (technology, marketing, business, legal) and external (lawyer, cookie audit specialist, privacy/compliance consultant) teams and start by assessing exactly what vendors, tags and cookies are deployed across website pages, how they work and why they're there. Next, perform a risk assessment to determine how "intrusive" each is as well as its value to the organization (see below).
2. Conduct a risk assessment. Understand what the tracked data is used for, from "highly intrusive" to "minimally intrusive" to "strictly necessary," and be able to justify any activities that are deemed "strictly necessary." For those that are "highly intrusive," you'll need to make adjustments to give customers the option to not have that information tracked if they so desire.
3. Apply visitors’ opt-out requests to online tag/cookie activities. Prominently display the relevant cookie information and choices to your customers. This could be a floating footer or button or a link located in the header, while the actual opt-out controls could be located on a privacy page or preference center. Whichever way, make sure visitors are clearly able to navigate to such controls and make it easy for them to see and make their selections. Having this information on your website will give your customers great confidence that you take their privacy concerns seriously.
4. Gain full control over all third-party tags. The easiest way to harness all your marketing tags is through a tag management system. Ideally, a tag management system will enable your site visitors to actively opt out of being tracked by certain types of tags, while allowing you to decide for each partner or vendor tag whether they're of a type that the opt out should be applied to.
For example, a marketer may decide to activate the opt out for third-party behavioral targeting tags and cease to deliver those particular tags to opted-out visitors, but continue serving tags for their first-party site analytics system. This allows the retailer to still gain some tracking data that will be useful to their marketing efforts. Again, intentions to uphold visitors’ requests should regulators come calling will be considered a step in the right direction.
From where I sit, companies doing business online have an obligation to meet do-not-track and user privacy standards. It's about following new laws coming into effect, but more than that, it's good for establishing customer loyalty. If customers know you understand and are responding to their privacy concerns — particularly if your competitors aren't — they're more likely to do be a frequent, repeat buyer.