Privacy is Transforming Marketing (Don't Be That Creepy Marketer)
Did you know that people's privacy expectations have changed, and it affects how marketing is perceived? Marketers should learn privacy and data protection concepts or risk being creepy and sometimes unlawful. Let me explain further.
Changes in Privacy Perceptions
However, what a few years ago was experienced as an efficient persuasion that led to a purchase, today can be seen as a creepy chase that led to an 'unsubscribe'. Marketers are being forced to adapt.
Privacy expectations have changed in the last few years, especially after the General Data Protection Regulation (GDPR) and, a bit later, the California Consumer Privacy Act (CCPA), and the tsunami of changes they brought.
For example, a 2020 McKinsey survey revealed that:
"about half of the consumer respondents said they are more likely to trust a company that asks only for information relevant to its products or that limits the amount of personal information requested.
Showing that a company's data practices are an important factor when assessing the amount of consumer trust. And marketers know very well how important is the trust factor when building a brand and effectively finalizing sales.
Below are additional data practices that were positively associated with trust in this survey of 1,000 North American consumers:
An additional factor that can be pointed out is the larger availability of privacy tools in the market, which help users to have a more privacy-preserving behavior. Tools such as "web browsers with built-in cookie blockers, ad-blocking software (used on more than 600 million devices around the world), and incognito browsers (used by more than 40 percent of internet users globally)" are widely spread, as the survey highlighted.
Rules on User Consent
An important legal aspect that has forced marketers to change their usual practices was the new definition and the conditions for user consent brought by the GDPR.
In certain situations - very common in commercial contexts - consent from the user is necessary to collect his or her personal data. Article 4(11) of the GDPR defines consent, stating that:
"‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her"
With this definition, the GDPR wiped out "Opt Out." Consent now has to be "Opt In," meaning that the user has to actively tick the box to share his personal data. All those behavioral psychology-based tactics frequently deployed by marketers to make users do not realize that they were consenting to some data sharing are now simply banned. Marketers need to find other ways to be persuasive without breaking the law.
For those creative minds that enjoy being rebels, GDPR fines can be up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher.
The image below shows the largest GDPR fines as of 2022 - they are not very cheap. Therefore the whole organization - also the marketing department - should be up to date with data protection rules and best practices.
Marketers and Dark Patterns
Another important topic that has gained popularity in the last years are dark patterns in privacy: "deceptive design practices used by websites and apps to collect more or more sensitive personal data from you". Or, in marketing terms, when a marketer wants to exploit cognitive biases to collect more user data than necessary (or more than the user wants to share).
Marketers are psychology masters and are frequently tempted to use psychological tactics to obtain more conversions. Many of these tactics are design tricks - dark patterns - that make users share more data than they intended.
In this context, lawmakers the Unites States and in the European Union are already taking measures to outlaw dark patterns, the rest of the world will likely follow suit, which means that marketers should be aware and stop using them.
The opposite of dark pattern in privacy is Privacy Enhancing Design, which is one of the frameworks I propose in my PhD (and wrote about it in a few articles in this newsletter).
A privacy-enhancing UX design practice is a UX practice that acknowledges cognitive biases and human errors, respects user autonomy and prioritizes choices that preserve user privacy
In order to promote transparency, privacy, user autonomy and respect choice, marketers and UX designers should team up and rethink how they persuade people without risking an enormous fine.
Marketing Practices Under the Data Protection Radar
Marketing practices such as:
❌ unsolicited emails & SMSs
❌ not obtaining informed consent
❌ inappropriate data sharing or selling
❌ dark patterns that make people share more data or buy things by mistake
❌ privacy invasive defaults
❌ using cognitive biases to make people have risky privacy behavior
...are not tolerated anymore.
Some of them are already unlawful in many countries, others, such as dark patterns, will hopefully be outlawed around the globe soon.
And what's "in" when it comes to marketer's privacy practices?
✅ helping people get educated about a topic
✅ using design to improve accessibility
✅ using design to help people navigate their choices
✅ helping people exercise their autonomy
✅ facilitating informed choice
✅ allowing people to leave whenever they want
✅ allowing people to have a private experience at your website or app
✅ having at least a basic understanding about what is privacy and how it is applied in practice in the digital sphere.
To sum up, don't be that creepy marketer! By reading this article and becoming aware of legal changes and the importance of respecting privacy, you have already taken the first step.
Privacy is expanding and slowly affecting many more fields outside of the legal realm - so everyone must be educated about privacy and data protection, not only specialized lawyers.
See you next week. All the best, Luiza Jarovsky