Paid Media & Privacy: What’s Changing & What It Means for Marketers

Privacy. This is a word that’s likely to elicit different reactions from consumers versus those of us who work in marketing.

For marketers who live in Europe, the last eight years or so have been spent trying to wrap our heads around different pieces of privacy-focused legislation and how to best be compliant.

Our cousins in America have watched this process with feelings ranging from relief, to bemusement, to mild envy.

For all the change we’ve seen so far, 2020 is going to be the year where we see the biggest shifts yet.

It’s likely to have a profound impact on anyone who works in marketing, but particularly for those of us who work in paid media – regardless of which side of the Atlantic you live on.

So what’s going on?

Let’s take a quick look at what’s covered by GDPR and the upcoming e-Privacy Regulation, which affect Europe, but also take a look at the California Consumer Privacy Act and how this is likely to affect our industry.

Europe

The General Data Protection Regulation (GDPR) came into force in May 2018. In a nutshell, it covers how we collect, store and use personal data.

If you’re a company based within the European Economic Area (covers slightly more countries than are in the European Union), or you’re based outside and the EEA and ever process the personal data of someone who lives in the EEA, then it applies to you.

It covers personally identifiable information – anything that relates to an identifiable individual and could be used to trace or distinguish them – such as:

Name.
Social security number.
Date and place of birth.
Biometric data.
Education history.
Anything financial, medical or employment-based.

In the EU, it also includes your IP address.

As scary as GDPR been, there’s something even scarier on the horizon – the E-Privacy Regulation (ePR).

ePR is significantly more impactful when it comes to digital.

The last time regulation specific to the Internet was put in place, was 2003 and the online world has changed so much in the last 17 years.

ePR will apply to your business if you use online tracking tech, engage in electronic direct marketing, or provide online communication services.

It also expands the definition of PII to include anything that can identify an entity online – including cookies and metadata.

CCPA

The good news for those State-side is that the California Consumer Privacy Act (CCPA) is much closer in scope to GDPR than it is ePR (lotta Rs in that sentence) when it comes to what it counts as personal data.

It applies to your business if you’re based in California and meet at least one of the following:

Has annual gross revenues in excess of $25 million.
Buys or sells the personal information of 50,000 or more consumers or households.
Or earns more than half of its annual revenue from selling consumers’ personal information.

If you’re one of the companies covered, here are some of the things you’ll have to do to comply (I cheated and copy-pasted this for legal ease!):

Implement processes to obtain parental or guardian consent for minors under 13 years and the affirmative consent of minors between 13 and 16 years to data sharing for purposes

“Do Not Sell My Personal Information” link on the home page of the website of the business, that will direct users to a web page enabling them, or someone they authorize, to opt out of the sale of the resident’s personal information

Designate methods for submitting data access requests, including, at a minimum, a toll-free telephone number

Update privacy policies with newly required information, including a description of California residents’ rights

Avoid requesting opt-in consent for 12 months after a California resident opts out

So, it’s similar to GDPR, but also more specific when it comes to handling the sale of data.

Check and see if it will apply to you and what work you’d need to do in order to become compliant.

What Does This Mean?

Ultimately, the key thing that both of these pieces of legislation covers are ways that we track users which aren’t personally identifiable.

GDPR in Europe generally applied to information that could be used to pinpoint someone based on their real-life identity – so anything that would help a company keep track of me, Arianne Donoghue.

What it didn’t cover, and is now going to be covered, is anything that tracks me as an entity online.

To many data and tracking services, I won’t be known by my real identity – but they’ll have a user ID that identifies this 35-44-year-old woman who lives in the north of England, loves cats, and spends far too long browsing Wholesome Memes on Reddit.

They’ll know almost everything about me – except who I actually am, but they don’t need to.

If you have a Google account it’s always worth taking a look at the Ads Preferences and information Google has stored on you. It highlights how well services are able to profile us without knowing who we are. – Read more

The 8 BEST Advertising Platforms for 2024

James Ketchell March 7, 2024

Sometimes, the allure of the new can sweep us off our feet. In the realm of advertising, this chase for the next big platform, the next untapped audience, it’s akin to a modern-day gold rush. We’re miners, sifting through the digital silt, hoping to find those glittering nuggets of audience

Best Digital Agency for Franchises: Top Picks for Boosting Your Business

Jamie Brown February 4, 2024

Digital marketing has become an essential aspect of modern business, and franchises are no exception. With the rise of e-commerce and online shopping, franchises must have a robust online presence to remain competitive. However, creating and maintaining a digital marketing strategy can be challenging, especially for franchise owners who have

5 Reasons Facebook Boosted Posts Are The Wrong Choice for Franchise Owners

Sarah Ketchell January 23, 2024

Franchise owners often find themselves struggling to reach their target audience on social media platforms. With the rise of Facebook as a marketing tool, many have turned to boosted posts as a means of increasing their reach and engagement. However, this may not be the best option for franchise owners

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.