Get monthly notifications
Privacy, GDPR and Schrems II for Marketers
In this article, we would like to share with you the key information within privacy for marketers, share sources for further investigation and give you a simple tool that you can use to guide your team on the next steps.
Privacy and Why it's More Complex Than Ever
Today, when we write this article GDPR and rulings regarding Schrems II, are coming out from different countries in Europe. You can check the reference list at the end of this article to find all 101 complaints sent in regarding privacy violations for companies in Europe. So with more rulings coming out we expect best practices will change.
For example, the Danish Data Protection Agency press release from September 2022 stating that Universal Analytics is not compliant due to data transfer to US. They have also identified issues with the use of Google Analytics 4. Read the appendix section for details about their statements.
The Swedish authority for privacy protection IMY released there announcement "Four companies must stop using Google Analytics
So how do tech companies communicate regarding privacy?
Here is a statement from Apple, a brand that wants to position itself as a leader in privacy:
“Privacy is a fundamental human right. At Apple, it’s also one of our core values. Your devices are important to so many parts of your life. What you share from those experiences, and who you share it with, should be up to you. We design Apple products to protect your privacy and give you control over your information. It’s not always easy. But that’s the kind of innovation we believe in.”
-Apple's General Stand on Privacy March 2022
“Some websites allow hundreds of different data collection companies to watch you, build a profile of you, and serve you ads as you browse the web. Intelligent Tracking Prevention in Safari uses on-device machine learning to help block those trackers. And you can get a snapshot of all the cross-site trackers Safari is blocking by visiting your Privacy Report in the Safari toolbar.”
-Safari Privacy features as described by Apple in March 2022
Read more about Apple's efforts on Privacy first and how it's built into their products
Stream our online course together with Voyado: How to solve Privacy for Marketers & eCommerce
Table of Contents
Strive for better privacy policy standards
Stronger Privacy Measures Lead to Higher Growth
Build direct relationships with your customers
Technology to collect first-party data from your customer relationships
Store first-party data, CRM, Marketing Automation or CDP
- CDP
Measure Conversions More Accurately With First-Party Data
Unlock Insights Through Machine Learning
The Future of Privacy and Rise of Privacy-first Browsers
- Brave
References Resources and Templates
- Data Act, European Commission
- EDPB, European Data Protection Board
- Ico. Information Commissioner Office UK
- Podcasts
How to collect data
In order to respect the privacy of your customers, you must understand the correct ways to collect data. Let’s look at various ways to collect data safely, making sure that you’re respecting the privacy of your users.
Strive for better privacy policy standards
Brands can't transform other aspects of their business without setting a strong privacy policy in place where their customers feel that the brand respects their personal data and will make sure that it's safe.
81% of consumers say that the potential risks they face because of data collection outweigh the benefits, according to a study by Pew Research Centre.
Stronger privacy measures lead to higher growth
A common misconception among today’s marketers is that being privacy-centric makes it difficult for businesses to grow. This is far from the truth, in fact, making sure that your customers’ privacy is respected goes a long way in the growth of your business. Brands that have taken the matter of privacy seriously have shown a higher growth as compared to the brands that haven't. This highlights the fact that privacy is not only good for customers but also for brands. Let us show you how you can use privacy to your advantage and grow your business while keeping your customer secure and loyal to your brand.
Build direct relationships with your customers
The ability to build direct relationships with customers is a common thread that runs through all great brands. Brands should focus on building relationships with their customers by giving them what they’re looking for - the right value. People are way more likely to engage with a brand when they find value in their relationship with it.
If you’re starting from scratch, you must start by placing a cookie consent banner on your website. Make it clear, transparent and easy for the user to understand the value of sharing your data. Build trust and work on the details in the consent banner.
Below is a cookie consent banner from Swedish Fintech Klarna, 11 April 2022. Notice how it clearly states the value for the user if opted in.
You can read the full Klarna's Privacy Policy here.
Read the full guidelines from ico. - What is Valid Consent?
Max Schrem and Noyb have filed 226 complaints regarding GDPR complaints with 18 authorities against websites that use the popular cookie banner software (“OneTrust”) with deceptive settings. OneTrust also changed the standard settings to be more GDPR compliant. However, there are still many websites that do not comply. Read the full list of 226 complaints here
Informing your customers of the value they will get by sharing their data and how your brand will use their data is the most important part of building trust. It’s found that customers are happy to share their personal data when they know how the brand will use it. This is the best approach to consent, period.
Brands should be more focused on going beyond expectations than doing just the bare minimum for the sake of legal obligations. This will be highly advantageous for brands in the long run making them more successful.
Strengthen your customer relationships with the right value exchange. Here are a few different ways to offer value to your users in exchange for permission to use their personal information.
- Recommend content or a product based on the way your users interact with your website or app.
- Give your users a good reason, like convenience, to share their contact information with you. Users are more likely to share their contact information if they’re being notified regarding their favourite product getting back in stock.
- You can offer a deal or coupon when people agree to provide their contact information to receive your marketing communications.
- A golden way to take things to the next level is by inviting people to register for your loyalty program where they can receive rewards or exclusive benefits.
- Early access to new drops in your future collection. Many DTC (direct-to-consumer) brands have a high pace of releasing new parts of their assortment resulting in the most wanted products being sold out within minutes.
Here is a great example from IKEA of what they use data for and why you should opt in:
Barbara Martin Coppola, Chief Digital Officer for IKEA talks about privacy and the importance of:
-Breaking down your privacy policy in the simplest way possible
-Putting customers in control of their privacy
-Realising that it’s only the right thing to do
Once you’ve determined how to use customer information to deliver better experiences, it’s important to explain to users what data is being collected, what value they’ll get by granting data permissions and how they’re in control.
Collecting data is an important step but handling it responsibly and being transparent is just as important. Once you’ve decided how to use the gathered customer information to deliver better experiences, it’s time to explain to your customers what data is being collected and how they’re in full control of the data they’ve shared with you. It’s also important to remind them of the value they’ll get by granting data permissions.
Here are the 3 M’s marketers should keep in mind while communicating with their customers:
Make it Memorable: It’s found that people who consciously agree to share their data are more open to ads presented to them and find them more relevant. This highlights the importance of a crystal clear, jargon-free privacy policy. Your goal as a marketer should be to save your customers from unnecessary confusion and help them understand your privacy policy as best as you can.
Template for Privacy Policy to ensure compliance with GDPR, Reference EU GDPR
Make it Meaningful: 9 out of 10 adults in the world say that they’re more likely to shop with brands that provide offers and recommendations relevant to them. This shows the importance of knowing your customers through their data and providing them with offers and recommendations for relevant products and services. This adds value to their experience and makes them more comfortable sharing their data with you.
Make it Manageable: People are 3 times more likely to react well to advertising when they feel in control of their data. So, the best thing you can do is to give your users full control of settings and features so they can decide how their information is used and when it’s deleted. Once a user has made a choice, it absolutely must be honoured.
Technology to collect first-party data from your customer relationships
Now that you’ve established a direct relationship with your customers by providing value, all you need is a few tools to generate insightful and actionable first-party data from your customer relationships wherever a customer interacts with your website, app or directly with your offline store. Let’s check out the tools that will help you collect and make the most of first-party data.
Collect first-party data from site visitors: A robust tagging infrastructure will help you make the most of the data consumers share with you when they engage with your website. You can use sitewide tagging solutions that can also set first-party cookies for measuring conversions. You can execute this type of tagging with either:
Setup of tags
- Google’s global site tag in Google Tag Manager. Then use this in Google Ads, Display & Video 360, Search Ads 360 and Campaign Manager 360 to optimise your marketing mix.
- Google Tag Manager for all Google and non-Google tags
- Server-side tagging is available through Google Tag Manager and Tag Manager 360 so you can place third-party tags in a secure cloud server.
Read more about how to set up Server-Side Tagging in GTM
These types of tagging solutions allow you to respect the consent choices of consumers. For example, advertisers operating in the European Economic Area and the U.K. can use
Consent Mode to adjust how the global site tag and Google Tag Manager operate based on user consent choices for ads cookies or analytics cookies. If users don’t consent to cookies, Consent Mode will use conversion modelling instead to fill gaps when conversions cannot be linked to ad interactions.
Collect first-party data from app users: Add a Software Development Kit (SDK) to your mobile app. SDK is designed to help you collect information from the actions people take when they download and engage with your mobile app. You can do this with the Google Analytics for Firebase SDK which is available for both Android and iOS apps.
Collect first-party data from customers: Invest in a Customer Relationship Management (CRM) tool to gather and organise the information that’s shared by people during offline interactions like store visits or phone calls. You can link this offline data with Meta as well as Google’s advertising and measurement tools like Google Ads, Google Analytics, Campaign Manager 360, and Search Ads 360.
Read more about Privacy control in Google Analytics 4
Store first-party data, CRM, Marketing Automation or CDP
CRM System
Customer relationship management (CRM) is a technology for managing all your company’s relationships and interactions with customers and potential customers. Simply put, it improves business relationships. A CRM system keeps brands in touch with their customers and improves profitability.
Marketing Automation
Marketing automation is a great way to effectively market on multiple online channels and automate recurring tasks. There are some great software and platforms like Klaviyo that help marketers and brands get ahead in the area of marketing automation. Here are some benefits of implementing marketing automation:
- Higher customer lifetime value
- Complete customer profile
- Real-time segmentation
- Accurate omnichannel attribution
CDP
Collecting first-party data is crucial for all marketers in order to deliver a personalised experience to their customers and display relevant ads. So you have obtained the necessary consent and are set to collect first-party data. But how do you store and manage this first-party data? What you need is a Customer Data Platform (CDP) which is designed to collect, segment and organise customer first-party data from various sources and combine it all to create a unified view of each customer. Here are some benefits of using a CDP:
- Eliminate silos
- Concise customer profiles
- Direct data collection
- Unified cross-channel marketing
Like with every software in your technology stack it's key to understand how to set them up in a privacy-safe way and to align with your legal team. Here are three examples of CRM, Marketing Automation and CDP. Click on each resource to learn how to use them in a privacy-safe way.
Hubspot, CRM system
Klaviyo, Marketing Automation
Voyado, CDP
Measure conversions more accurately with first-party data
Once you’ve established a first-party data foundation from practices like sitewide tagging, it can
enable your measurement solutions to work together and provide you with the most comprehensive reporting possible. For example, enhanced conversions allow site tags to use consented, user-provided data to give you a more accurate view of how people convert after engaging with your ads. This also expands your retargeting audience size.
Measure conversions and fill out the blank spots. The use of conversion API has increased dramatically. Still, you are passing personal data. So be careful and align with your legal team.
TikTok Advanced Matching and Events API (TikTok Pixel)
The TikTok Events API is a Server-to-Server (S2S) integration that allows you to share website and app visitor events directly to TikTok. Data that is shared via the Events API is processed similarly to information shared via the TikTok Pixel and TikTok SDK business tools. You can leverage events data to power solutions like dynamic product ads, custom targeting, campaign optimization and attribution. It’s best for larger eCommerce and non-eCommerce brands that have a dedicated development team to support integration.
Advanced Matching, More data from your first-party data collected. You can upload phone numbers or Email addresses from your opt-in customersMETA Pixel
When you use the Conversions API along with our other Meta Business Tools, you can gain additional insights into the people who interact with your business. One of the best practices is to use the Conversions API in addition to the Meta Pixel to help maximise the effectiveness of your website events.
Google Ads Measurement
Enhanced conversion is a feature that can improve the accuracy of your conversion measurement and unlock more powerful bidding. It supplements your existing conversion tags by sending hashed first-party conversion data from your website to Google in a privacy-safe way. The feature uses a secure one-way hashing algorithm called SHA256 on your first-party customer data, such as email addresses, before sending it to Google.
Unlock insights through Machine Learning
Google Analytics 4, the future of measurement
Okay, so you’ve set the tools in place to gauge and measure conversions. Are you missing something? Yes, you also need to consider the gaps that occur in the customer journey when people move across devices, from online to offline, browser restrictions, and different consent choices. This is where machine learning can greatly help fill measurement gaps.
Conversion modeling, for example, continues to be a key feature in Google’s measurement solutions. How does it work? Modelling uses observable signals to help paint a more complete picture of your performance in a privacy-safe way. Modeling can also set your campaigns up for success by enabling products like Smart Bidding in Google Ads to work better because of access to more complete information - all with user privacy at the forefront.
Google Analytics automatically enriches your data by bringing Google machine-learning expertise to bear on your dataset to predict the future behaviour of your users. With predictive metrics, you learn more about your customers just by collecting structured event data.
Once you implement predictive metrics, you can answer questions like - “Will this user convert?” Read more about Google Analytics 4 capabilities to predict conversion, revenue or churn in this post here.
Modeled conversion is a way to fill the gaps that can't be measured so that you have access to more data for your bidding algorithm in Google Ads. Read all about it here.
A common question regarding measurement and Google Analytics 4 is how IP addresses are tracked and if the data is sent to the US. The short answer is that they are not.
When collecting data, Google Analytics 4 does not log or store IP addresses.
- Analytics drops any IP addresses that it collects from EU users before logging that data via EU domains and servers.
In addition, Analytics provides controls to:
- Disable collection of Google signals data on a per-region basis
- Disable the collection of granular location and device data on a per-region basis
Google Analytics 4 does not log or store individual IP addresses.
Analytics does provide coarse geo-location data by deriving the following metadata from IP addresses: City (and the derived latitude, and longitude of the city), Continent, Country, Region, and Subcontinent (and ID-based counterparts). Read more about EU-focused data and privacy
Future of privacy and the rise of privacy-first browsers
By now, you must have gotten a decent idea of the integral role of privacy. But what does the future hold for privacy in this rapidly evolving market?
- Google’s announcement of ending support for third-party cookies by the fall of 2023.
- Universal Google Analytics will stop collecting data by 1 July 2023
- The new legislation will be coming out from the 101 Privacy Complains sent in by Max Schrems and the organisation Noby
It is clear how big companies like Google and Apple are driving change, initiating dialogue around the importance of privacy and finding ways to respect the privacy of the users. This has resulted in the rise of privacy-first browsers - a much-needed shift. Let’s look at a few browsers that have privacy as their top priority.
Brave
Brave is by far, one of the best privacy-first browsers at the moment. It has the strongest privacy protections which block trackers, cross-site cookie tracking, fingerprinting, etc. Brave claims to safeguard its users’ data by not collecting it in the first place. Try out the browser here.
Duck Duck Go
Even though this isn’t a browser, we decided to keep it on the list for how this small yet impressive extension keeps privacy as its number one priority. This extension offers a safer browsing experience on your not-so-safe browser.
Found back in 2008, the DuckDuckGo Privacy Browser mobile app and Privacy Essentials desktop extension both come with a tracker blocker, encryption enforcer and private search engine. This gives its users all the key privacy protection tools to search and browse privately, curbing the constant monitoring of internet activity by companies. Click here to try it out.
Google Chrome
The most popular web browser of our age is claiming to have evolved into a responsible, privacy-first browser. Google Chrome is widely used as the main browser for Windows (PC) and Android (Mobile) with a total of 3.2 billion users. Chrome is expected to put more focus on keeping privacy as its number one priority in the near future.
References Resources and Templates
Data Act, European Commission
23 Feb 2022, Data Act: Commission proposes measures for a fair and innovative data economy
“Today is an important step in unlocking a wealth of industrial data in Europe, benefiting businesses, consumers, public services and society as a whole. So far, only a small part of industrial data is used and the potential for growth and innovation is enormous. The Data Act will ensure that industrial data is shared, stored and processed in full respect of European rules. It will form the cornerstone of a strong, innovative and sovereign European digital economy.”
-Thierry Breton, Commissioner for Internal Market
GDPR, European Commission
Official source of information from the European Commission.
Find out what your organisation must do to comply with EU data protection rules and learn how you can help citizens exercise their rights under the regulation
- Rules for business and organisations, Official documentation from European Commission
- Template for Privacy Policy to ensure compliance with GDPR, Reference EU GDPR
- Template Data Processing Agreement
- Template Right to Erasure Request Form (Template)
Glossary for GDPR
https://www.hubspot.com/data-privacy/gdpr-glossary
EDPB, European Data Protection Board
The European Data Protection Board (EDPB) is an independent European body, which contributes to the consistent application of data protection rules throughout the European Union, and promotes cooperation between the EU’s data protection authorities. The EDPB is established by the General Data Protection Regulation (GDPR)
Stay up to date with the latest publications from EDPB
The Article 29 Working Party (Art. 29 WP) is the independent European working party that dealt with issues relating to the protection of privacy and personal data until 25 May 2018 (entry into application of the GDPR)
Article 29 Working Party, All archived news here.
Ico. Information Commissioner Office UK
The UK’s independent authority is set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
What is valid consent? Read all the details here.
Schrems II
Maximilian Schrems is an Austrian lawyer, who became known for campaigns against Facebook for its privacy violations, including violations of European privacy laws and the alleged transfer of personal data to the US National Security Agency (NSA) as part of the NSA's PRISM program.
In 2021, Schrems II – the landmark data privacy verdict issued in July 2020 – continues to prevent businesses from carrying out basic data transfers to non-EU countries.
Read more about Schrems II here.
Max Schrem, rulings in Europe and the 101 complaints filed by Noyb
- The Austrian DPA's ruling on Google Analytics (Translated to English PDF)
- Some deeper insights into the Austrian DPA's ruling
- The French DPA's ruling on Google Analytics
- The 101 complaints filed by "None of Your Business"
The Danish Data Protection Agency, Datatilsynet
Read the full statements about the use of Google Analytics in the links below. They cover both Universal Analytics and Google Analytics 4. If the setup for Google Analytics or Google Analytics 4 is done in a way that doesn't use any personal data. Datatilsynet has no issue with the use of any of the methods. This requires deep technical understanding and customised setup.
- The Danish Data Protection Agency press release on Universal Analytics from 21 Sep 2022, On the basis of this review, the Danish Data Protection Agency concludes that the tool cannot, without more, be used lawfully
- Data Tilsynets Q&A section for Google Analytics
Quote from the Q&A section on Google Analytics, Datatilsynet 22 Oct 2022
"But Google Analytics 4 does not collect IP addresses. Isn’t that enough?"
It appears from Google’s own documentation that the collection of data via Google Analytics is done via regional data centres. Google will use the IP address of the website visitor to determine the location of the nearest data centre. For visitors accessing the website of a Danish organisation, this is likely to mean that visitors connect to a European server before the data is sent to Google in the USA. However, in practice, it may also mean that visitors who access a Danish organisation’s website from other countries, e.g. from Asia, are never connected to a European server, but are connected directly to a Google server in the USA if this server is closest to the visitor’s location. In other words, the IP address of the visitor may be transferred to the United States before it can be anonymised.
For Google Analytics 4, it is apparent from Google’s documentation that IP addresses are used to determine the approximate location of the visitor, after which the address is discarded before the data is logged to a server. As with Universal Analytics, the same issue is also relevant for Google Analytics 4, as – depending on the location of the data subject – there can be direct connection to, among others, American servers before the address is discarded.
The French Data protection Agency CNIL guide for setting up Universal Analytics in a safe way avoiding personal data transfer to US. Important notice is that Google Analytics 4 should have another approach.
Sweden -Integritetsskydds Myndigheten IMY
3 July 2023
Companies must stop using Google Analytics
IMY has audited how four companies transfer personal data to the US via Google Analytics, which is a tool for measuring and analysing traffic on websites. The companies audited are CDON, Coop, Dagens Industri and Tele2. The audits concerns a version of Google Analytics from 14th of August 2020.
META
Read more about Conversion API and what signals and data META are using to optimize ads targeting.
META Conversion API and Privacy White paper 2022
Help with the EU user consent policy
The policy reflects certain requirements of two European privacy laws: the General Data Protection Regulation (GDPR) and the ePrivacy Directive, as well as any equivalent UK laws. The ePrivacy Directive should not be confused with the proposed ePrivacy Regulation, currently under discussion. These laws apply to end users in the European Economic Area (EEA) and the UK. The EEA comprises the EU Member States and Iceland, Liechtenstein, and Norway.
The original version of this policy was introduced in 2015 and was updated on 25 May 2018 when the General Data Protection Regulation (GDPR) came into force.
Podcasts
Aurélie Pols on Google Analytics Rulings by European DPA's
Interview with Aurélie Pols, a Data Protection Officer with a background in Digital Analytics who knows all about the GDPR and its impact on Digital Marketing
Simo Ahava on Taking Control with Server-Side Tag Manager
Interview Simo Ahava, one of the most renowned Google Tag Manager specialist
Featured Articles
The Full Funnel Approach and Pinterest
Today, we're going to delve into the significance of working with a full-funnel strategy and understanding why a comprehensive media mix is crucial. We'll also explore an example of how this approach and including Pinterest in the media mix led to a significant decrease in the cost of sales for Houdini.
Master Text Overlays: Boost Ad Engagement
In recent years, capturing the attention of your target audience has become more challenging than ever. Businesses and marketers are constantly on the lookout for innovative ways to stand out in the crowded advertising landscape.
One effective technique to draw attention to your ad's message is through the use of text overlays on image and video ads. In this blog, we will explore the best practices for incorporating text overlays, ensuring your message is impactful without compromising the visual appeal of your ads.
Similar Articles
Protect Your Facebook Business Account from Phishing: Expert Tips by Keywordio
Hello everyone, Johan here from Keywordio. Today, I want to share crucial insights into phishing—what it is and how you can safeguard your Facebook business account from this prevalent threat.
Exploring the Future of TikTok: Insights from the 2024 Trend Report
Introduction
I'm excited to delve into TikTok's comprehensive "What's Next 2024 Trend Report." This report is a treasure trove for anyone in digital marketing, offering deep insights into the future of content, storytelling, and consumer engagement on TikTok.
E-Commerce Excellence: Meta's Advantage+ Shopping Campaigns Redefined
Welcome to the dynamic world of e-commerce, where Meta's Advantage+ shopping is reshaping how businesses connect with customers. In this blog post, we'll explore the key features of this innovative tool.
Introducing TikTok Shop
Today, I bring to your attention a revolutionary update from TikTok, a platform where over 150 million Americans seek daily doses of inspiration and entertainment. With a plethora of trends, fashion hacks, beauty nuggets, and a smattering of recipes, TikTok has emerged as a modern-day oracle for curious minds. The excitement in the air thickens as we unveil TikTok Shop to the US, an avant-garde conduit for folks to spot and snag their adored items seamlessly.
The Full Funnel Approach and Pinterest
Today, we're going to delve into the significance of working with a full-funnel strategy and understanding why a comprehensive media mix is crucial. We'll also explore an example of how this approach and including Pinterest in the media mix led to a significant decrease in the cost of sales for Houdini.
Master Text Overlays: Boost Ad Engagement
In recent years, capturing the attention of your target audience has become more challenging than ever. Businesses and marketers are constantly on the lookout for innovative ways to stand out in the crowded advertising landscape.
One effective technique to draw attention to your ad's message is through the use of text overlays on image and video ads. In this blog, we will explore the best practices for incorporating text overlays, ensuring your message is impactful without compromising the visual appeal of your ads.
The Next Big Thing: 5 Digital Marketing Trends to Watch for in 2023
Digital marketing is a constantly evolving field, shaped by emerging technologies, changing consumer behaviors, and the dynamic nature of the online landscape. Staying on top of the latest trends is crucial for businesses and marketers to effectively engage with their target audience and drive growth. In this introduction, we will explore some of the key digital marketing trends that have emerged in recent times.
The Power of Branding on Meta
Are you ready to unlock unparalleled opportunities and take your online business to new heights? In a rapidly evolving digital landscape, Meta continues to revolutionize the way marketers and entrepreneurs create an impact on buyers.
Today, we will talk about the immense potential of branding on Meta's platforms, Facebook and Instagram based on our Meta Branding (Online Course). Brace yourself for insights that will empower you to establish a strong brand identity, harness consumer trends, and optimize your advertising strategies like never before! Ready to spearhead your business to success? by understanding the potential of branding on Meta and how you can tap into it. Excited? So are we - let's get into it!
A Sneak Peek into Pinterest's 2023 Product Updates!
Pinterest is improving its Ads Manager to provide a seamless experience for advertisers. New features will be released throughout 2023 to optimize advertising strategies. Pinterest aims to offer powerful tools and insights for better campaign results. Get a sneak peek into the exciting updates coming to Ads Manager this year.