Data is a catch-22 for marketers

As marketers, we juggle a range of activities in our daily working lives. Research, strategy, brand advertising, tactical activations, PR and communications, amongst others. All take up their own portion of time. As we enter a new decade, we must also be mindful of the increasing complexity and challenges posed by our use of data.

In the past, this would have connoted images of big data, programmatic ads, retargeting and the ability to know ever more about consumers. However, the past two years have shown that our profession must pay equal attention to data protection and consumer privacy. In this article, I outline the range of the issues that marketers must monitor, and consider some of the ethical concerns around ad tech.

Brand reputation and financial impact

At the core are two key concerns. The financial impact of GDPR non-compliance and the effect on brand reputation and consumer trust that results from data breaches.

We are now seeing the first large fines levied under GDPR. In July, the UK Information Commissioner’s Office (ICO) stated its intention to fine British Airways £183 million for a 2018 data breach that affected more than half a million customers. It also intends to fine Marriott International £99 million for a cyber-security incident that affected more than 300 million guest records.

Regulators are focusing on the Ad Tech sector

Two of Europe’s largest data protection supervisory authorities – the ICO in Britain and the CNIL in France – issued reports last summer placing a priority focus on the Ad Tech sector. The ICO in particular did not pull its punches. It highlighted issues around transparency, a lack of clarity in privacy notices, and the scale of data creation and sharing. The report referenced a ‘lack of maturity’ amongst some participants in what is a very complex marketplace.

Experts such as Dr Johnny Ryan and Dr Augustine Fou make the case that online advertising is riven with ad fraud. A recent report by cyber-security firm Cheq backs this up. It described researchers as ‘stunned by the scale of fraud in online advertising’, which is forecast to cost advertisers $32 billion globally by 2022.

Dr Ryan has also focused significant attention on programmatic and real-time buying (RTB) – two fundamental components of many brands’ digital marketing activities. He has instigated a series of GDPR complaints against the Interactive Advertising Bureau (IAB) and Google’s online advertising auctions system.

Brexit poses data protection risks

At the same time, there is the ongoing issue of Brexit. Many marketers use UK suppliers for services such as customer relationship management and e-direct marketing or have consumer data flows in place between offices in Britain and Ireland. Brexit will affect all of these activities. The UK will become a ‘third country’ in the eyes of the EU as soon as it leaves the European Union. Marketers in these businesses will have to renegotiate supplier contracts, update privacy notices and undertake data audits to ensure they remain compliant.

The ePrivacy Regulation and Cookies

Marketers must also keep track of the broader regulatory environment. As part of the EU’s commitment to a digital single market, it originally planned to introduce an update to the ePrivacy Directive alongside GDPR. This is known popularly as the cookie directive. However, the proposed ePrivacy Regulation (ePR) has been affected by divergent views amongst EU member states. Subject to continual redrafts, it is unclear at this point when ePR will come into force.

In its absence, data protection authorities in a number of EU countries have issued guidance to marketers. Two recent examples are in France and Britain. It does not help that these guidelines include a number of differences. For example, on whether analytics cookies can be considered essential on websites – the French authority views this as possible in some cases, whereas the UK commission is unequivocally of the view they are non-essential. This has the effect of creating a patchwork of local differences across the EU – exactly what the digital single market was intended to remove.

Marketers cannot ignore the issue

What does this mean for marketers? Firstly, marketing professionals must commit to a thorough understanding of data protection and privacy. Rather than a once-off training session, this needs to be continual given ongoing legislative changes. Secondly, the sector must examine the fundamental trade-off involved in Ad Tech and the tracking that underpins these platforms. The technology provides substantial benefits in its ability to reach and target a vast range of audiences, at a very granular level. Yet the potential for reputational and consumer trust issues is substantial and involves questions of ethics and data law compliance. Consumers are becoming more aware of their data rights, whilst cyber-experts repeatedly highlight issues around fraud, GDPR compliance and a lack of transparency. Marketers need to have a real conversation on the cost-benefits involved.

Steven Roberts is head of marketing at Griffith College. A certified data protection officer and Fellow of the Chartered Institute of Marketing, he writes on data protection, strategy and marketing. He is a non-executive director on the board of The Discovery Programme.

This article originally appeared in Marketing Magazine, www.marketing.ie.