'Most Innovative Startup 2020' by RSA - Watch the videoLearn More
Published on June 3, 2021 AUTHOR PRIVACY RESEARCH TEAM
We have stepped into an era where everything is digital. From the clothes that we buy to the image we put up of ourselves, our qualifications and even the food that we eat, everything has gone digital. According to a study by HootSuite and We Are Social, people spend an average of 6 hours and 42 minutes on the internet every day. To put this in perspective of marketing, you have your customer sit right in front of you for 6 hours every day, ready to take up any information you offer them. This is where marketing departments have to gear up and utilize the maximum potential via digital marketing. We can see it in action as currently, $384.96 billion are being spent on digital marketing globally and this number is expected to go up by 15% at the end of 2023.
All this spending is done due to the data being extracted from the consumers and then using that data to make educated marketing decisions. Data-driven marketing can help marketers reach the right people through the right channels, while easily monitoring performance.
It all seems like happy days for digital marketers with the abundance of data they have on the consumer because of the digital era, but there are some things marketers need to be careful of. With the recent rise in data privacy regulations, consent and cookie management has started to play a huge role in marketing activities. Marketers have to ask for consent before using a consumer's information for marketing decisions which has given more control to the consumer. Marketers can tackle this barrier with ease with a proper cookie and consent management system, making data processing a legal exercise and avoiding fines. Let’s talk about cookies, consent and how a management system can help organizations streamline this process.
We have all heard of cookies and these small pieces of data that are used to identify and track a user's web browsing. Once this data is collected, it can be analyzed by advertisers or marketers to personalize the customer's experience. Up until the last 20 years,, organizations had free reign and could collect any and all consumer data without any checks and balances. It wasn't until privacy regulations such as the CCPA and GDPR came into play that organizations were being held accountable for the data they collected. Under most global privacy regulations such as the GDPR, an organization must obtain freely-given consent from consumers before the use of their personal information. The CCPA, on the other hand, does not require organizations to collect consent from consumers before the collection and use of their personal information.
A CCPA compliant cookie notice must include the following:
Under the CCPA, organizations that collect personal information from users must inform users at or before the point of collection, about the categories of personal information collected and the purpose for which the personal information will be used.
Under the CCPA, organizations must allow users to opt-out of the sale of their personal information by displaying a clear message and prominent link titled “Do Not Sell My Personal Information” enabling users to opt-out of the sale of their information.
Where an organization has actual knowledge that the consumer or a website user is less than 16 years of age, it must rely on explicit opt-in consent for the sale of their personal information. Organizations must obtain consent from users if they are at least 13 years of age and less than 16 years of age and from parents or guardians of users where they are less than 13 years of age.
With the need for data protection in mind, our experts at Securiti have compiled 8 privacy tips for marketers to successfully collect personal data for marketing purposes in a privacy complaint and conscious manner. These tips will enable website publishers, ad-tech companies, independent advertisers and marketers to advertise their products without compromising an individual’s privacy and avoid any potential legal consequences.
Identify all consumer touchpoints to effectively capture and track consumer consent and revocation of consent for respective data processing activities. It is important to have visibility of consent activity across your organization and business units to adequately monitor and honor consumer preferences for marketing purposes.
In order to streamline the process of consent management, organizations must first gain knowledge of where the consumers’ data is stored. Without knowing where consumer data is stored, it would be difficult to honor consumer consent preferences across various first and third party systems.
In today’s privacy-conscious world, most jurisdictions have either opt-in or opt-out consent regimes, where the former requires organizations to obtain explicit prior consent from consumers before the collection of personal data and the latter requires organizations to only allow consumers to opt-out of the collection of personal data. In either case, an organization must not drop any non-essential cookies or other tracking technologies that it intends to process without displaying an adequate notice to the consumer.
Consents are often stored in siloed databases. It’s important to build scalable workflows to ensure consent is synced across various systems, so a consumer’s latest, up-to-date consent is honored.
Organizations must obtain explicit consumer consent even in an opt-out consent regime where the purpose of data processing is different from what was previously disclosed to the consumer. Without allowing consumers to provide specific consent for specific processing purposes, organizations would not be able to ensure granularity.
Organizations must not rely on the use of any deceptive consent collection method, such as pre-ticked boxes, cookie walls, and unclear consent banners. Such misleading consent mechanisms allow organizations to transfer consumers’ data without obtaining their valid consent, which is not only in violation of applicable legal requirements but also against ethical privacy practices.
Organizations must maintain comprehensive consent records containing identities of consumers, categories of consented personal data including processing purposes, consent status, consent date, location code, third parties, the information provided to consumers at the time of obtaining their consent, and information of the session in which consent was expressed. Maintaining such updated and comprehensive consent records enable organizations to demonstrate compliance with the applicable consent requirements.
Securiti Universal Consent Management Solution captures consent and automates revocation fulfilment in a manner that enables marketers to adequately advertise their products as well as protect the privacy of a consumer.
Securiti’s Cookie Consent Management Solution enables organizations to build cookie consent notices in accordance with the applicable legal requirements with cookie auto-blocking, periodic scanning, and preference center features.
Ask for a demo today to understand how Securiti can help marketers to comply with the applicable legal requirements and a whole host of global data privacy laws such as GDPR and CCPA, with ease.