Privacy protection is on regulators' minds: Legislators in Europe gave us the General Data Protection Regulation to protect consumer privacy, and in the United States, the California Consumer Protection Act followed. Fifteen other states have either passed or proposed privacy laws on top of that, and California passed a second law that will expand CCPA in 2023.
Consumers, too, signal they want privacy, when given the opportunity. One example is how approximately eight out of 10 U.S. iOS users turn off cross-app tracking since Apple enabled it in iOS a year ago. Google plans to follow suit for Android in the coming years, once it figures out a replacement that will "reduce the potential for covert data collection," which seems like a vague but welcome development for those of us who don't particularly like our data to be covertly collected. Third-party cookies are deprecated in Safari, and Chrome will likely follow suit next year.
The people -- and regulators -- have spoken. They want to preserve what's left of our privacy. So why is executing data privacy so difficult in an age when the only thing that often differentiates two competing companies is a good, bad or ugly digital experience?
Obfuscation of cookie policies the U.S. norm
You'll also likely run into the "baffle 'em with bull" strategy. It works like this: "Hey, here's a panel of switches. Do you want to turn off tracking cookies, analytics cookies, session cookies, performance cookies, strictly necessary cookies, functionality cookies and advertising targeting cookies?" In some cases, you'll have to read up on the hair-splitting differences between them.
While it's possible to understand what each of those cookies do, technically, the nuances of how they affect privacy in the context of each individual site might not be clear, even to a marketing pro. So what chance does my 87-year-old mom, who is not a marketer, have to figure this out? Zero. Most of us, worn down, just swallow hard, hit "accept all" and move on with our lives. Privacy be damned.
Apple's iOS "yes/no" cross-app tracking pop-up is a great example of proactive privacy protection. Apathy sets in when it's harder than that to assert one's preferences, said Liz Miller, analyst at Constellation Research.
"People are questioning everything and doing nothing -- that's the bigger issue," Miller said. "Everyone loves to have the conversation, 'It's my privacy; it's my data.' Then what do they do? They see the quiz on Facebook about 'What's my cat's stripper name?' They don't read the fine print, they just click 'accept' and 'submit.' We talk a really big game about how we demand privacy. But the quiz still wins."
Liz MillerAnalyst, Constellation Research
Marketing emails run amok, too
Then there's the privacy-killing marketing email.
Some marketers tease us about the possibility of opting out. The other day, I decided to do something about two daily unsolicited "updates" I'd tolerated for months from two different organizations.
I clicked on the respective "unsubscribe" buttons. One took me to a page where they wanted me to enter my email and make up a password in order "to manage my email preferences." The other appeared to be a variation on that, but it wasn't in English so I couldn't be sure. I x-ed out of the tab and gave up.
"Marketers have jumped through hoops to find ways to confuse consumers into not clicking what they're supposed to click," Miller said. "It's super shady. It is unethical to the nth degree. But sadly, it's allowable."
This all feels very Web 1.0, circa 2002. The internet of blinking text, HTML frames, ads, clickbait and cascading pop-ups/pop-unders made browsing the web a malicious minefield just to get to a page of decent cat GIFs.
So many brand marketing organizations -- and the cloud vendors that support their tech stacks -- talk a good game about frictionless experiences, personalized marketing, and how they earn the right to customer data by hewing to customer-centric principles such as honoring privacy. But personalization efforts don't necessarily pay off. In general, marketers still have not seen good returns on personalization technology investments, so they fall back on the time-tested email blasts of yore, which Miller called a "losing numbers game" of minimal responses compared to the volume sent out.
Enough. It's time to use plain language and remove barriers to privacy. Stop asking customers to log in to unsubscribe from a recurring marketing email they didn't opt into in the first place. It's disingenuous for a company to say, "We value your privacy" or "We are customer-first!" and then make it difficult-to-impossible for customers to express their privacy preferences.
Opportunities for smart marketers
Marketers who want to use the technology for good without frustrating their current -- and future -- customers can clearly explain the pros and cons of cookies in plain language. An example might be, "You can turn off this class of cookies, but we will forget what you left in the shopping cart when you click away."
There is some evidence that marketing emails are much more effective when they contain benefits, such as discount codes that don't instantly expire. Miller sees email as a long-term engagement tool. For many consumers, Miller said, email is the digital replacement for the paper coupon-clipper's accordion file.
Cookies, too, get a bad rap. It's the third-party cookies that follow people from site to site and report back to ad networks about people's "interests" -- accurate or not -- that make us think browser cookies are nasty little pests. It feels like all cookies are villains when you search for something personal, possibly embarrassing, and ads for it follow you across your various devices for weeks.
If first-party cookies went away, our online life would look a lot different, and frankly, we wouldn't like it much. These little gems remember the things in shopping carts we forage on e-commerce sites. They remember your preferred language for a site. They can be wonderful tokens that help remember your password so you don't have to reenter it every time you visit a site.
Smart marketers who are truly customer-centric, who practice what they preach about their company's privacy priorities, will figure this out. This goes for companies that target any of us, but double for those who market to Gen Z. These youngsters, raised on touchscreens, think differently about the companies they interact with. Gen Z isn't taking any of the chicanery the rest of us tolerate when it comes to data privacy. Gen Z holds companies accountable to the values they profess. (They just might save us all.)
Marketers who figure this out will gain the advantages over their rivals. Marketers who don't risk being left behind, their sites relegated to the internet junkyard, tucked between Friendster and GeoCities.
Don Fluckinger covers enterprise content management, CRM, marketing automation, e-commerce, customer service and enabling technologies for TechTarget.