• Privacy

Redefining the Marketer’s Relationship with Data in the Privacy Age


During the December 2021 Spokes Technology Privacy Conference which brings together leading evangelists, practitioners, technologists, legal experts, and policymakers, a long-simmering (and impossible to ignore) question was asked: What now is marketing’s relationship with data?

Digital Ad spend in the U.S. is $153B ($455B worldwide). U.S. spend alone is projected to reach $460B by 2024. Todd Ruback, Director U.S. Privacy at Promontory (an IBM Company) notes that more than 20M people work in digital marketing worldwide. For the adtech/martech ecosystem this is no small question.

Ruback, Anne Cheung, the Senior Global Privacy Counsel at Interpublic Group (IPG), and WireWheel Senior Product Manager Jeff Wheeler discussed redefining the marketer’s relationship with data in the privacy age. The session was moderated by WireWheel CMO, Camille Landau.

We really need to have a privacy reset

We’re at a point where our former view, which was a strict compliance lens to privacy, is going to have to change. It’s not just what the law says and what we have to do.

It’s a combination of that with what should we do.

—Ann Cheung, IPG

Noting a 20-year career in privacy, Ruback says he has never “before seen the coming together of so many elements creating a perfect storm.

“From a privacy professional’s perspective this has always been important, but now, within the context of digital marketing and adtech at the intersection of privacy, we are seeing an absolute flurry of regulatory activity; enforcement actions; guidance sending industry signals; class-action suits; and a whole body of emerging data protection laws. None of which are prescriptive, but all of which say, if you are going to engage in online tracking for the purposes of digital advertising, Then you just need to do it right…it needs to be thought through.”

Ultimately, says Wheeler, despite the many failed attempts at state privacy laws we have seen, “I think it shows that we’ve moved, especially in the adtech industry away from self-regulation.”

Given this, what should digital marketers be thinking about? “Do I apply different rules in California and Colorado and Virginia versus New York, or do I apply a principals-based [approach]: do what the law requires but also have [a set of principles] that drive the way I operate?” asks Cheung.

As these laws aren’t prescriptive and give rise “to very different interpretations of the same exact provision of the law…” she suggests focusing on the fundamentals. “Those principles that guide how you operate. We’re at a point where we really need to sort of have a privacy reset.”

Top-of-mind concerns for digital marketers

Cheung notes that some IPG clients are “very privacy-focused, have a first-party relationship with their customers, and want to preserve trust. There are also organizations that, whether they’re regulated or non-regulated entities, are moving away from just a privacy compliance approach.

“The types of questions they have are ‘what are your agencies doing to get ready for what’s going to come in 2023? How do I reconcile that?’”

Ruback, noting the rising number of privacy laws, crackdowns, and policy shifts by big platforms like Google’s sandbox initiative and Apple’s more to an opt-in approach, notes it hits directly at the way the adtech/martech ecosystem is architected and monetizes.

CPOs and GCs are coming to us all the time and asking what are our regulatory compliance obligations so we can comply….And by the way, we don’t want to do anything to endanger the golden goose. Our company derives a lot of money from digital advertising: specifically behavioral advertising. ‘So how do we do it the right way and not only preserve that revenue but grow the revenue?’

—Todd Ruback, Promontory

“In Europe, they’re looking beyond cookie banners or what’s the bare minimum,” says Wheeler. They’re focused on  “the better experiences they can achieve. It’s blatantly obvious to most that the end consumer really dislikes the cookie banner. It’s a bad experience and UX designers hate it.”

“So, especially in Europe, we get a lot of questions about the better choices and decisions that can be made with those types of experiences….To show my user that I’m trying to be more thoughtful.”

Citing the need to shift away from the opaque adtech architecture towards good privacy governance to both preserve and grow the revenue from digital advertising, Ruback says “It all starts with rethinking data strategy.”

“Part of that is looking at the digital supply chain to get clarity as to what’s going on in this opaque ecosystem. How do we know what third parties are on our websites and what they’re collecting? Why are they using it? Maybe they’re authorized, but a vast number of them are unknown to the website operator: How do we control that?”

“This shift is taking place within organizations on a cross-functional basis with CMOs, tech, tech OPS, privacy, legal, and a few other functions. And what we will be seeing is the semblance of best governance practices emerging in this space.”

Positioning for the future

“So many are trying to apply privacy requirements into the existing infrastructure. Understanding what that infrastructure is doing and identifying potential partners that can help elevate the way you govern [is essential]” highlights Cheung. “Making sure that their systems can do that is going to be very important for organizations. And that requires funding and time.”

The business side has to do that. The marketing operations, engineering, and IT teams have to be involved in those discussions. There needs to be a sponsor on the business side that’s championing change within organizations. That’s going to drive the processes and operational procedures that are necessary to carry out the compliance: and not just what I have to do, but what else should I do.

You have to have some sort of framework around how you’re going to apply this.

—Anne Cheung, IPG

The critical starting point to all this says Cheung is data inventorying: “How did the data come into your organization? How do you use it? Do you use it? When will it be deleted? Who is it shared with?”

Importantly, “It’s not the legal team that needs to know those answers. It’s our marketers that need to know” and be able to  “articulate to consumers how that information is used.”

What questions should organizations ask themselves

“It goes back to this idea of digital governance and knowing who you’re working with,” says Wheeler. More often than not we find that organizations do not know everyone that’s on their site.

When you take enterprise customers that have websites that are being touched by multiple organizations and various groups within their own company – adding and removing tags and scripts – more often than not, something gets forgotten, added, or piggybacked.

And this creates a lot of uncertainty. For example, the CCPA introduced “do not sell,” Do you also know that you’re sharing this data with these third parties, or others within the same company? Many didn’t.

—Jeff Wheeler

“Plan for what you don’t know,” offers Wheeler.

Ruback lays out some critical requirements:

  1. The ability to articulate [the requirements from different laws] and translate that into what you need from a budget and resource perspective in order to operationalize compliance;
  2. A shift towards more rigorous data governance;
  3. Understanding that data is also risk and the consequent requirement to deploy controls; and
  4. Recognizing that consumers, regardless of the data protection laws, are being empowered with control over their data.

“Technology is a huge piece of this,” says Ruback, “whether it’s through WireWheel’s platform or other providers. But we’re also seeing marketing and other groups starting to look at other data types that they can use to preserve and grow their digital advertising revenue, such as zero-party data.

“But again, it starts with a recognition that we have a regulatory obligation to empower the individual with control over their data [and asking] how do we do that?”

How close are we to achieving all this?

What began as a reaction to regulatory edict has for many become a proactive approach to privacy. Mere compliance is being replaced by efforts to introduce privacy principlesframeworksengineeringoperations, and governance. How close are we to that desired state?

“I’m very bullish on the industry, opines Ruback. “The industry has always shown that it is resilient and innovative. It’s too much of a powerful economic engine. And it’s too important to not get right.”

What I see peering over their horizon is an evolution where companies will evolve their data strategy and optimize the data that they collect to optimize their digital advertising spend while at the same time reaching out to their customers and saying we want to do it the right way….You’re the boss. You exercise control.

—Todd Ruback, Promontory

So how close are we?

“It really depends on what the organization puts into this,” offers Cheung. It requires “investment in technology that can scale to make it happen.

“The question is, are the technology solutions coming out going to actually address that? Are we going to be able to push that preference through all the downstream partners that data currently travel to? How can we, in an easy way, talk about this ecosystem without scaring consumers, be fair to them, and talk to them about how this actually works?

I think it’s a long road ahead, but I also think that the conversation is robust at the moment. Some organizations may not [technologically] be ready for that…[but] should look at how to be incrementally better and then continue to progress on that path.

There needs to be work that goes into this and the digital advertising ecosystem is way too fast to be able to say that, yes, this technology, this one solution, is going to solve for that.

I don’t think that’s a reality we’re at yet.

—Anne Cheung, IPG

Learn from marketing and privacy experts how changing privacy laws in CA, VA and CO are causing marketers to rethink how they get permission to use personal data and how they manage it.