How to be more sophisticated in your privacy messaging

Beyond the challenges in safely managing your customer data, it is essential to differentiate between first-party data and first-party cookies.

Privacy protection tips

Privacy and data security are among the top challenges facing comms pros in the months ahead.

Privacy ranks as one of the main factors in corporate reputation, as shown in research from Weber Shandwick:


So, how can communicators become better messengers on privacy and help their colleagues clearly communicate on this crucial issue?

Andrew Bates, enterprise data strategy director for AARP, shared some tips in his presentation for Ragan’s Social Media Virtual Conference on Sept. 10.

One of the most important lessons for external communicators—and anyone who touches customer data—is that the internet is changing, Bates argued. Organizations that scramble to respond to each new development in a piecemeal fashion will always be trying to catch up. Whether facing Google’s plans to stop using cookies, Apple’s new privacy rules for apps on its mobile phones or other data-sensitive changes on the horizon, Bates says the approach should be proactive.

Getting the language right

One of the big ways comms pros can help their organizations is to set some definitions for terms used to describe the changes occurring with the internet and customer data.

Bates offered some helpful definitions:

  • Data
    • First-party data is your data you have collected about your customers.
    • Second-party data is data of partner organizations that might collaborate with you and share an email list or other information.
    • Third-party data would be an email list or contact database that people buy from a vendor. For this kind of data, companies should be asking if the data was sourced ethically, Bates says.
  • Cookies
    • First-party cookies, the trackers that users agree to when they visit a website, are not going away, says Bates. However, they can be affected by new laws such as the GDPR. For an example of a proactive pop-up that asks for user consent to track visitors with cookies, Bates points to Lego’s website.
    • Third-party cookies, trackers created by a website or domain that is not the website you are visiting as a user, are the tools that Google has vowed to discontinue, despite an ambiguous timeline. With 70% of market share through its browser google Chrome, Google’s move to retire third-party cookies is a significant loss for advertisers.

Making sure you check the boxes

How can you make sure you are prepared for the future of privacy and are compliant with increasingly stringent laws? Bates offers an “all-in-one compliance checklist”:

  • Policies and governance. Do you have a data policy in place for the organization?
  • Cookie consent framework. Does your website get consent from visitors to use first-party cookies?
  • Targeting and tracking considerations. How are you adapting your tracking and targeting with upcoming internet changes?
  • Audience data strategy. How are you going to use the data collected?
  • Privacy requests and preferences. Is there a place for visitors and customers to request more privacy or opt-out of tracking completely?
  • Compliance and oversight. How are you making sure your organization is following its own rules?

Another tip from Bates: With new laws often requiring more transparency on user information and tracking, you can start now to offer ways for consumers to reach out about their data. Create a path where people can ask about what data you have collected on them and a place for them to ask for those records to be deleted.

Also consider how misinformation might be driving consumer behavior when it comes to user data. Bates says that AARP’s call center and social media response teams have benefited from extra training on how to walk consumers through how their data is collected and used by the organization.

Privacy makes engaging through social media more difficult

Bates has six recommendations to wean your organization form its dependence on third-party data.

1. Embrace the 1st and 2nd party data renaissance. For organizations that have good email lists and recurring customer lists, you’re already ahead, Bates says. Lookalike audiences can be based on the audiences you already have, but do it cautiously and with consent.

2. Use native targeting tools. Focus on affinities and demographics to try to predict audiences, Bates advises.

3. Evaluate marketing over long periods of time. This is hard for the C-suite to really get a hold of, Bates warns, since they have become accustomed to the immediate feedback offered by today’s digital tracking tools. Explain your current limitations, and establish why you can’t show the same results.

4. Stay in compliance. Years ago, one of the scariest things you did was to get flagged by a spam trap on email, Bates says. With the new data laws, compliance will be much more serious. “You could be held liable in a civil suit,” Bates says. “You could be subject to fines from federal authorities.” In particular, beware the risks associated with in-between actors, including the social platforms of advertising networks who could put your data at risk

5. Contextual marketing is back and stronger than ever. Make sure you measure and test and then measure again, Bates says.

Solutions to the data puzzle

If you have a wealth of customer data already, you can explore alternatives that will keep you compliant with safe clean rooms, Bates says.

You can put your data into a “privacy clean room” where you de-identify and anonymize your data, and then onboard those “clean” records into marketing environments that can help you home in on audiences while staying compliant.

However, Bates notes that these practices are not necessarily cheap, and they do come with a risk. If you do pass your data through vendors to anonymize and process the information, Bates warns to make sure you put in your contract that they will purge your data once they are done.

COMMENT Daily Headlines

Sign up to receive the latest articles from directly in your inbox.