Customer Analytics and Data Privacy Laws: On a Collision Course?

If you think back to your time in physics class, you may remember what is known as Newton's law of action and reaction. Stated simply: With any interaction, a collision results in a force being applied to the two colliding objects.

Though the law of action and reaction applies to physical forces, one could argue (physics majors may cringe) that something similar is occurring within marketing departments worldwide: The need to gain better insights on customers is colliding head-on with data privacy laws.

The chief marketing officer today has one main overriding mandate, to better understand customer behaviors and motivations with the goal of tailoring propositions, engagements, and interactions that most effectively reach their customers. All, of course, with the expectation of future revenue.

That lofty goal requires companies to store customer data, to have a customer intelligence platform to manage the customer life cycle, and to use analytics to help predict customer behavior. The companies that don't use data, and the insights that come from it, could soon join the Blockbusters of the world: replaced by competitors that saw the value in knowing more about their customers and, in turn, providing a service or offering that was more appealing based on data analysis.

Specific tasks like collecting data at the individual customer level on Web metrics (time on page, bounce rate, view rate, etc.) has helped marketers understand the "who" and "why" of customers and their navigational behaviors. That kind of insight has helped them more effectively model, report, and, ultimately, target customer offers. And that's just one example of customer analytics that companies can perform.

As a result, CMOs know more about their customers today and their future buying behavior than ever before.

Enter the Age of Data Privacy

All great, right? Well, not if you ask the customer.

Driven by privacy laws around the world such as the General Data Protection Regulation and what consumers consider to be the "creepy factor" regarding companies' knowing too much about them, CMOs worldwide are taking a much-needed step back.

That step back centers on determining how exactly they can still perform customer analytics but still respect their customers' wishes and follow the law. Such thoughts could not come any sooner, either, considering the very public data privacy fines dropped on Google ($57 million) and Facebook ($5 billion).

With the growing need for companies to use data and customer analytics to drive their business, two camps have emerged: one that considers data privacy laws and fines as a new cost of doing business, and those in the majority who see a better way.

The Better Way: Customer Analytics and Privacy Merge—Not Collide

Much has been written in the last year about how consumers should be the "owners of their data." Essentially, that means they, not the companies that process their data, should have the ultimate say as to how the data is handled and by whom. That more than anything else, has been the blueprint for how forward-thinking companies deal with privacy concerns and still manage to have an effective customer intelligence program.

But what does "ownership" really mean? It is a broad term that can mean many things to many people. In terms of data privacy, it can be broken down into three main thoughts.

1. Pulling Back the Covers and Allowing Customers to Know What You Know

There needs to be an easy and accessible way for individuals to know the data companies hold on them, how decisions are made with that data, and who that data is being shared with or sold to beyond the company.

Customers may not always like what they see, but such openness will build trust. Facebook took a big step in this direction when it announced its privacy tool for browsing history.

2. Providing Opt-In Options, Not Opt-Out

Known as permission-based or explicit consent, opt-in provides individuals "ownership" in the sense that they have more control over how their data is processed. As written within GDPR, "consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her."

Once again, it comes down to building trust. When a company gives persons opt-in ability, it is making them aware and empowered to take control of their privacy. Which also makes for better marketing: People who are open to sharing and having their data processed by a company are indicating their interest in a company offering and are more likely to turn into revenue-producing customers.

3. Giving Individuals the 'Right to Be Forgotten'

Another key component of GDPR is the ability of individuals to have their personal data erased: "The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay."

Though most privacy laws around the world have not gone as far as GDPR regarding data deletion rights, companies should nonetheless consider it an option they provide. Nothing provides the sense of data ownership more than the right to have it erased. Plus, it provides a direct benefit to marketing departments: The ability to know who doesn't want to be your customer.

In sales and marketing, companies are always looking to find out who are the "yes," "maybe," and "no" customers. Those who request that their data be deleted are providing a gift to companies: more time and effort to pursue the "maybe" and "yes" customers.

The "right to be forgotten" should be seen as a win/win for all involved.

The Path Forward

Combining a customer intelligence program with data privacy has become more than just a goal: Many companies in every industry have made it part of their core way of doing business. However, that didn't come without challenges. The ways that first adopters have overcome the challenges have become best-practices for others embarking on reconciling data collection and use with customer privacy.

Among the main best-practices are these:

Neither Marketing nor IT alone should oversee data privacy; it must involve every department that works with personal data.
A culture of data privacy must be established. Every employee must understand his or her role in securing the data privacy of their customers, and how to best accomplish that role. Data privacy is not just about technology.
Companies must evaluate their current data governance structure and make all data privacy endeavors part of data governance rather than having separate data governance and privacy programs.
All technology considerations of a customer intelligence platform must include—at a minimum—data access, data quality, data governance, and auditing capabilities.

CMOs' desire and capability to know more about their customers will only continue to grow. However, knowing more about customers must involve companies' understanding their customers' privacy wishes—and the consequences if they fail to grant those wishes.

Customer analytics and data privacy need not be two opposing forces colliding and careening in opposite directions. Customer analytics benefits from data privacy; customers benefit from programs that offer them the best data experience.