Marketing and data go hand in hand and every action is informed or measured through data. Businesses want to know who opened what marcoms; who visited what pages; or who bought product x and product y to allow them to make future marketing more effective. They want more intelligent sales data and a better understanding of their core shopper demographics and purchasing habits so that they can ensure they are getting the right messages to them. The right data allows targeting, it allows better and more effective marketing spend and that should drive obvious return on investment through sales or another tangible metric.
Given the high profile, and expensive, consequences of getting it wrong, understanding the art of the possible and deep collaboration between legal, marketing, sales and other teams developing campaigns is essential. This is particularly important where the data and insights you covert require someone to transact in respect of their privacy. This is illustrated by one of the most prominent themes from 2021, the meteoric rise of cookie-related claims.
Consumer businesses wish to provide a positive and engaging experience to customers and prospective customers through their marketing and legal requirements can often seem like they conflict with or block those marketing objectives. However, if navigated effectively, quality marketing can generate tangible data and insights whilst simultaneously meeting the requirements of PEC and the GDPR. We have set out three key points to consider when tackling this issue:
- Understand the customer journey, end to end. To consider the specific, immediate marketing activity in question can often create a fragmented approach to the customer journey. Make sure the specific mechanism operates in a user-friendly way and doesn't unnecessarily add steps to the process, which could negatively impact the customer experience. We often see well-intended processes not delivering the expected results due to a disconnect between the marketing and technical teams rushing to deploy a new tool and the legal/privacy teams only being able to provide fragmented advice on how to meet the legal requirements. A good example of this is in relation to the presentation of privacy information on mobile applications.
- Consent has a high bar, make sure you meet all the conditions. The GDPR and relevant regulatory guidance set out the various elements of obtaining valid consent. However, it is still an area where we are frequently seeing issues, which can have significant implications on business objectives. For example, a large customer marketing database that relies on processing on the basis of consent, may not be used if it is determined that such consent was not validly obtained.
Cookies (and other tracking technologies)
Given the public-facing nature of cookies, plus the fact that online tools are readily available to scan websites for cookies, it is very easy for an individual to check if an organisation is compliant with cookie laws. There has also been an increase in public awareness of cookie laws, as a result of media coverage of high-profile cases, regulatory action and government soundbites in respect of the legislation. This has contributed to the contentious environment we are seeing, with high levels of adverse scrutiny i.e. the large uptick in claims by individuals and increased interest from data regulators. There is also a fast growing market of claimant law firms looking for the next big thing, seizing on this area and commoditising these claims. They are seeking to obtain compensation using the same precedent claim letters again and again. Given some of these scrutineers are privacy activists, companies should take care when handling such claims, they have a habit of multiplying. That multiplication is not going to stop any time soon.
We recognise that cookie banners can be annoying, but will not be going away until there is a significant change in law, therefore it is important for companies using cookies to ensure they do so in a compliant way, or be prepared to face claims or potential enforcement action.