How Do You Market Online In An Increasingly Security Focused World?
Digital marketing and data. A match made in heaven. Like two peas in a pod. For as long as there has been such a thing as digital marketing, data – and, specifically, data about people, about web users, about customers – has been at the very heart of it.
Everyone involved in digital marketing knows just how valuable the trail of data web users leave behind them is. Collected and analysed, it paints a rich tapestry of people’s online behaviour, what their preferences are, what their pain points are. These insights can then be used for everything from targeted advertising to optimising CRM to personalising shopping journeys to developing new products and services.
The value of personal data is summed up by nothing better than the fact that digital advertising – driven by data-led targeting – is now a $300bn global industry.
But all is not well in the once stable relationship between digital marketing and data. Over the past few years, a consensus has grown that marketers might be just a little too familiar with what people do online. According to one poll, 83% of internet users worldwide are concerned about how internet use impacts their privacy.
The strength of consumer feeling on this matter has had a dramatic effect on the digital landscape. Privacy and security are now treated as high priorities. What once amounted to a free market in the exchange and use of personal data is now being strictly curbed by regulations like the Europe-wide GDPR, which places a legal duty on businesses and organisations to keep personal data secure and to be completely transparent about its use.
Sensing the direction of travel, several digital giants have taken steps to clamp down on the way that personal data is collected and shared across the internet. For example, third-party cookies, for so long a staple of how digital advertising companies tracked user activity and targeted ads, are on the verge of disappearing completely after Apple’s Safari browser and Firefox stopped supporting them. Chrome will follow suit in 2023, while Google has also launched a new version of Google Analytics (GA4) in part to wean it off reliance on cookie-based tracking.
All of the above creates major challenges and obstacles for a digital marketing industry that has for so long generated most of its value from identifying and then targeting potential customers. What is more, consumers to a certain extent want to be able to have their cake and eat it. People continue to expect personalisation as standard, but without giving up control of their personal data.
When on the face of things, mounting security and privacy regulations so cl early get in the way of marketer’s ability to collect data on and therefore understand their customers, how is this possible?
At Key Element, we believe there are three key steps to delivering high-value, responsive, efficiently targeted campaigns in a privacy-first environment, where access to data is not what it used to be. It starts with having clarity about what data you need and how it is used, then putting in place a secure and robust infrastructure that ensures data is protected as a first priority, and finally pivoting to new ways of using data which generate the same value without needing to delve so deeply into people’s personal data.
Mapping out your personal data
The GDPR, which is now widely viewed as setting the standard on data security and privacy regulation worldwide, places a number of obligations on companies that make use of personal data, as well as spelling out the rights of individuals in relation to their own data. The so-called principles of the GDPR demand that organisations both actively minimise the data they collect and limit the uses they put it to. It also makes it abundantly clear that businesses are accountable for guaranteeing these principles are met. On the other hand, the GDPR enshrines the rights of individuals to know exactly what data is held on them and how it is used. This includes the right to ask for their data to be erased, which companies must comply with.
None of these obligations can be complied with if an organisation itself is not 100% clear on what data it holds, where it is kept, and what it is used for. This might seem fundamental, but the truth is that the data sets held by any single organisation can be huge, complex, highly fragmented and locked away in departmental and technological silos.
If you take digital marketing alone, if you think about all the different channels and touch-points where data on your digital interactions with customers is collected, plus all the different campaigns and third-party tools used to support them, gaining clear sight of data use even within a single area of the business presents obvious challenges.
Chief among these challenges is the fact that digital marketers these days rely so heavily on third-party platforms – digital ad services, analytics, email marketing services, lead capture tools, CRM, content management systems and many more. Every plug in, every tool is another potential vulnerability, a place where data can go missing or be used inappropriately. And the GDPR makes clear that organisations are fully responsible and accountable for their data supply chain, even (or perhaps especially) when data is shared externally.
That’s why data mapping is such an important first step in creating a privacy-first, security-first approach to digital marketing. For compliance purposes but also to fulfil their obligations to customers, businesses need to be fully on top of their data use. Data mapping involves identifying and categorising the data it holds, where and how it is collected, why and how it is used, and how it is shared, stored and protected.
The purpose of data mapping can be broken down into several strands:
- Data mapping underpins risk management and compliance in relation to privacy and data security, helping an organisation identify where vulnerabilities lie and taking steps to address them.
- It serves to break down silos and improve collaboration on data use, so all stakeholders can be sure they are singing from the same hymn sheet. This includes bringing data handling practices in line with external as well as internal partners.
- It provides a template for safe, compliant data use in the future, by showing where use of personal data is necessary and justifiable, and tracking the flow of data through an organisation so you can identify the point at which it is no longer required and ensure it is therefore disposed of appropriately.
For digital marketers working within a complex ecosystem of digital channels and tools, data mapping is particularly important for rationalising data flows and therefore being able to take steps to guarantee privacy and data security at every step. It is likely to lead to smaller, more manageable data loads more closely aligned to what is necessary for the business, which in turn lends itself to a greater level of control and less risk.
Data mapping also ties in closely with understanding how and where your customers interact with you online. So customer journey mapping supports the dual purpose of gaining better insight into your relationships with customers, and how you can better protect their privacy. Speak to the Key Element team for further details about how we can support you with data and customer journey mapping and analysis.
Securing data at every step
Once you have a clear understanding of data use across your operations, the next step is making sure it is demonstrably secure at all times, both in use and at rest.
This in part takes the form of drawing up and implementing privacy and safe use policies. These include resources used internally (or with external suppliers) that set out an agreed, shared basis for how privacy and security will be achieved. But they also include guarantees given to customers and users. An example anyone who runs a website in Europe will be familiar with is the requirement under the GDPR to display an opt-in for cookies along with an explanation of what the data gathered will be used for.
Privacy policies are all about intentions. But actually delivering on those intentions is a different matter, one that is more about the technical side of digital security than communication with partners and customers. This even leads some to argue that data privacy and data security represent separate tasks for companies – privacy is a “front end process” concerned with customer consent and compliance, while security is “a baprocess that requires significant coordination between systems, technology and infrastructure to honor that consent.”
Marketers are well placed to handle the policy side of things. Communication is their area of expertise, after all. But delivering the security to back up those privacy promises is a technical area. It isn’t just the risk of losing or misusing people’s personal data that digital marketers have to deal with. Hacking and cyber attacks pose a major threat, with cyber criminals just as aware of the value of personal data as any marketer.
Data security is a specialised area that connects cyber security to platform development. It focuses specifically on the storage and communication infrastructure, on making sure that the way data is held and shared across an organisation is free from vulnerabilities that criminals could exploit.
As it’s no longer desirable to have data locked away in different silos – not least because it gets in the way of having full sight of data use and therefore creates the conditions for vulnerabilities to be overlooked – modern security-first infrastructures separate back-end elements like databases and server storage from front-end applications and user interfaces.
This allows you to build a single data architecture for all of your digital channels and assets, giving you full insight and control in one place. Front-end services and tools are then connected via APIs. This not only increases the speed and agility with which you can roll out new features for users (because you don’t have to do any back-end development), it also means that any attack or breach on the client side doesn’t leave your full repository of data exposed. APIs act as a gateway to traffic and are relatively easy to protect.
If you’d like to know more about security-first web infrastructure, speak to our development team.
Changing the way data is used
Finally, even with robust insight into exactly how personal data is used across an organisation and a thorough approach to basecurity, there’s no avoiding the fact that certain practices that have been standard in digital marketing for many years are no longer compatible with a privacy-first approach.
That in a nutshell is why we are witnessing the end of third-party cookies. By and large, consumers understand that when they visit a website on a regular basis, it makes sense for that site to gather a certain amount of data about them. Whether it’s remembering log-in details or making recommendations based on previous purchase history, tracking by first-person cookies provides benefits to the customer experience. It delivers the kind of personalisation consumers look for.
But what people generally don’t like the idea of is unknown quantities of their data being collected and passed around between unknown parties. Which is why third-party cookies are in the firing line.
But with them, so is a function that is arguably even more integral to digital marketing – analytics. Analytics is what turns raw numbers into meaningful intelligence. Like refining crude oil, it’s what turns data into a valuable commodity. But conventional analytics is also a hungry beast. The rule of thumb is, the more you put in, the more you get out. As far as customer-focused analytics goes – understanding who your customers are, what motivates them, what their spending habits and preferences are, how you can encourage them to spend more – that means feeding the algorithms more and more personal data to get a more accurate, more refined output.
Marketers understand the implications that the privacy agenda has for this approach. According to Gartner, nearly three quarters of marketing analytics specialists fear the impact privacy is having on their ability to deliver valuable, actionable information.
Yet we are seeing solutions emerge that promise rich data-led marketing intelligence without such heavy reliance on swathes of personal data.
For one, the privacy agenda has pushed the world’s biggest web analytics platform into making notable changes. With a 30% share of market, Google Analytics is a standard tool for digital marketers across the globe. The fact that GA4 has introduced ‘cookieless tracking’ – which is more accurately described as third party cookieless tracking – hands marketers an easy win on improving their own privacy credentials while still retaining the benefits of in-depth analytical insights.
GA4 is one example of how analytics techniques are evolving to do more with less data, especially with the application of machine learning techniques. Modern AI-powered analytical algorithms can be programmed to ‘fill in the gaps’ in data sets by learning patterns from large scale exposure, reducing the need to collect so many details at an individual level.
Key to the development of privacy-first analytics is the emergence of innovative new approaches to attribution modelling. Attribution models are important to digital marketers because they tell you which campaigns are leading to click-throughs and conversions. But this has typically relied on cookies which track clicks at the user level, raising privacy concerns.
Apple’s Privacy Preserving Ad Click Attribution model allows marketers to gather data on the success of campaigns on Apple devices without having access to user data at an individual level. Google’s Modelled Conversions approach in Google Ads follows the GA4 approach of using data about known customer journeys to fill in gaps when the full details of individual journeys cannot be collected.
Looking forward, the hope is that these developments can coalesce into a single privacy-first standardised approach to modelling across the web that will give marketers ready access to the kind of rich insights they need to drive value from campaigns.
Ultimately, data is a critical resource that cannot be separated from the value digital marketing brings to a business. The privacy agenda is changing the way we look at and use personal data, which requires some changes in how digital marketers operate.
However, technological solutions are emerging which allow marketers to continue to gather the insights and intelligence they need to build effective, targeted campaigns, while complying with strict privacy and data security standards and maintaining the trust of consumers.
Matthew Cowell
