In this week’s member-guest post, we hear from Igor Gubin, Region Manager, Europe at Admitad Affiliate Network, as he shares his ideas on the measures e-commerce professionals should take to comply with privacy regulations and what needs to happen once cookies are dropped.
In the last few years, consumer data has enjoyed raging interest from both businesses and governments. The policy for collecting, storing, and analysing data for marketing has become tougher, and — even though not completely aligned among the parties — now holds all of them accountable. Very soon, we will have to confront ePrivacy regulation, a brand-new set of rules to make daily routine harder for anyone promoting and selling digitally.
Tracking user activity still remains crucial for advertisers, publishers, online entrepreneurs, and other marketers. Without it, running a data-driven business in online sales and traffic monetisation is next to impossible. Surely, such monitoring has to be fully compliant with every legislation. Nobody likes to get fined.
Though GDPR and ePrivacy are broadly discussed, only a few know — and even fewer can tell — what to do. What measures should e-commerce professionals take to comply? What are we going to do once cookie dropping and storage get regulated beyond recognition? I would be happy to share a few ideas. But before I do that, here are some alarming statistics.
State of affairs
London Economy researchers believe that after e-Privacy regulation (EPR) is adopted, European entrepreneurs may lose up to 30% of their income, and non-compliance fines will amount up to 4% of the companies’ annual revenue. No surprise that business owners are not particularly happy with the prospect. This is why implementation is taking so long — to date, the estimated time of the regulation’s arrival is around 2022.
Major companies are also concerned about data security and try to keep up with the shifting laws. Google, for instance, announced the company’s intention to get rid of third-party cookies in Chrome by 2023. This means marketers will no longer be able to collect user data as easily as before. Consequently, it will be more difficult to segment the audiences and personalise ads.
However, Google states that it’s going to assist marketers. The company is working on some new APIs that will help optimise advertising campaigns in a new way. Those are compound techniques, but should you find yourself deeply interested, you can read about them here. One of them is FLoC, the technology that some experts believe will ensure as accurate targeting performance as cookies do.
(Meanwhile, other popular browsers — Firefox and Safari — have stopped using third-party cookies to track user activity long ago.)
Apple doesn’t trail along and has already announced changes in the new respective versions of the iOS and macOS, as well as dropping the IDFA (Identificator For Advertisers). All this will also affect digital marketing.
How to handle the GDPR?
But let us go back to GDPR. Don’t be confused with this seemingly intricate acronym. The regulation is very straightforward at its core and not to be disregarded.
Collect data properly, i.e., warn users that you are doing that. They have to give you a clear confirmation (by checking a box, clicking “OK” in the notification, or otherwise) that they have read and agreed to your policy of data collection and processing.
Do not “pre-check” the consent box: the user must do it on their own.
Here’s what it may look like:
Source: Formstack
We at Admitad Affiliate recommend using double opt-in, just in case. Double opt-in is a two-stage confirmation of a user’s intention to interact with you. For instance, after a user subscribes to your email newsletter in a special form (like in the image above), you send them another message with a request to give their consent once again. By doing this, you guard yourself against any claims or proceedings.
Register and keep the user’s consent in any form
Now, let’s talk about storing data. In a perfect case, you need to have a procedure governing how you store user data, defining how you prevent unauthorised access to personal data. In your Privacy Policy, stipulate who can access the data in question and what you do to keep them secure. Those are technically sophisticated solutions, so you may want to seek help from competent people and trusted software. For example, select a paid cloud storage or google some “turnkey data storage solutions.”
You need to introduce a user to the data collection, protection, and storage mechanisms that you employ. The Privacy Policy must be accessible for all visitors to your website. Abidance by these rules will make your subscriber base more specific and bring more trust to your relations. Down the road, you will have no regulation-related worries.
However, you won’t be able to make do with these measures only once the EPR comes into full effect.
How to handle the ePrivacy Regulation
Everyone engaged in selling and promoting products and services online is going to face some problems associated with the implementation of the ePrivacy Regulation. To extinguish your early panic, we want to assure you that there are some solutions that will still be able to manage user data and use them for marketing purposes.
One of the most straightforward solutions is first-party data or first-party cookies. That is data that a marketer, advertiser, or publisher has collected during a user’s direct interaction with, say, a website. Such data may be collected when a user leaves reviews or makes purchases. Those are data from CRM systems, subscription forms, and social media profiles—in one word, information a user voluntarily provides.
You as a marketer can collect first-party data on your own, without relying on third parties, in compliance with the GDPR.
Users’ identification
First-party cookies are collected by deploying a pixel on the publisher’s website; such a pixel collects and records information about audience behavior. Such data can be collected every time a user visits the website or clicks on its link, views products, or fills out a form.
Another option is fingerprinting, a technology that helps create a probability identifier. It blends together a series of signals that help define a unique user and assign them a hashed identifier. Such signals can be devices, operating systems, browsers, IP addresses, time zones, and language settings.
Contextual marketing
Contextual advertising does not exploit any kinds of cookies. Instead, it uses keywords and phrases on a web page—avoiding any dependence on user data. According to a GumGum report, relevant ads ensure 43% higher engagement. Data suggest that clients do remember contextual ads 2.2 times better than other types of ads.
Chrome can track a user’s behavioural patterns when viewing web pages and then “put” the user in an audience, or “cohort” as they put it, based on such habits. As a result, advertisers will target cohorts rather than particular personalities.
Another solution that may help cope with the EPR restrictions is Soft Opt-in. For instance, you have a base of users who gave their consent to receiving commercial and marketing offerings from you. They are already your clients, and they interact with you.
Once the ePrivacy Regulation comes into effect, you will not have to request their consent to interaction one more time. You will just have to send such users a notification informing them that they continue to cooperate with you and, thus, receive from you marketing messages relevant to the data you have already collected.
Lawyers define such a method of dealing with the EPR as “probable.” But we can finally see whether it works when all the EPR provisions are fully firmed up and approved, given that they do not forbid Soft Opt-In in the first place.
No need to hit the panic button. And remember that some users will still accept cookies and allow marketing interaction. You can increase the share of such loyal users: for that, prepare a proper privacy policy and tell your users why you need their cookies, why it is important to your company, and why it is important to them.
Here’s a great popup on Evian’s website that transparently explains to a visitor that cookies are collected for the purposes of analytics, personalisation of offerings, and showing relevant ads and information:
Building trust-based relations with users is the evergreen marketing strategy. When people realise that you treat their data with care, they are ready to provide you with all the necessary details. But don’t abuse user loyalty—and only collect data you really need.
Moreover, software vendors will develop new solutions that will help identify and segment users without cookies. We at Admitad are already working on this. Stay tuned!
