Marketing used to be a relatively straightforward profession. Not easy, nor simple, yet there was some clarity as to the boundaries of the role! This applied particularly to communications. Before the rise of online and digital, our communication channels were relatively few. In recent decades, and especially in the past five to ten years, there has been a rapid expansion in the options available to marketing professionals, especially in the area of data privacy.
The introduction of the EU’s General Data Protection Regulation (GDPR) on 25th May 2018 was in many ways a response to this technological expansion. European lawmakers sought to provide a set of principles that would protect citizens’ data. The GDPR has since set the tone for other regions in the world to consider their own approach to regulation of data.
“Embracing data compliance is a continuous voyage. Our foremost task is laying a solid foundation by mastering the fundamentals.”- Srideep Sen.
As some of the heaviest users of personal data within our firms, it is incumbent on us marketers to ensure we have a solid understanding of data protection best practice. In particular, we need to get the basics right. In this short article, I will identify some of the key areas marketing leaders and their teams should be mindful of right now.
A Rapidly Changing Privacy Ecosystem:
The GDPR has sparked a host of similar legislation around the globe, with new laws in countries such as China, Singapore, and South Africa. The California Consumer Privacy Act (CCPA) is the best known of a range of local and state laws in the USA. This has contributed to a more complex international data privacy ecosystem.
In the UK, the British government is considering a revision of UK GDPR with a new data bill currently in development (as of September 2023). Businesses trading with the UK will need to monitor this development closely, particularly if it affects the adequacy decision between the EU and UK. In Europe, a host of adjacent EU legislation is in the process of being introduced. This includes:
- The Digital Markets Act (DMA)
- The Digital Services Act (DSA) which was invoked for the first time in December in an investigation against certain social platforms.
- An AI Regulation. The latter is particularly pressing at a time of rapid expansion in the range and use of AI technologies such as Open AI’s ChatGPT.
Discussions are also ongoing to overhaul the current E-Privacy Directive, which is widely viewed as no longer fit for purpose. All of this legislation has the potential to impact the data processing activities of marketers operating within the European Union.
Data protection must be included from the start:
According to Chiefmartech.com, there are more than 11,000 marketing technology platforms; a figure that grows by the year. Many of these technologies use personal data to more effectively reach and target various consumer audiences across social media. Marketers contemplating a new platform, or indeed any new strategies involving the use of personal data, should ensure data privacy is considered at the outset. The GDPR’s principle of data protection by design and default is key here. One of the best ways to comply with this principle is by undertaking what is known as a Data Protection Impact Assessment (DPIA).
This involves a two-step process. First, a pre-DPIA is undertaken, whereby a series of high-level questions are asked to assess if the project has the potential to pose significant privacy risks. If such risks are identified, then a full DPIA must be completed. At this point detailed analysis of the project takes place, including consultation with key stakeholders. Such an approach allows for a recalibration of a project if the privacy risks are too high, or the adoption of mitigating actions to reduce the risk level.
AI and Data Privacy:
Artificial Intelligence (AI) platforms are becoming increasingly popular with marketers, powering activities such as automated website chatbots. The introduction of ChatGPT and other large language models (LLMs) provides significant potential for marketers to increase their productivity. For example, generating blogs and articles as part of a content marketing strategy.
Marketers considering such technology must be aware of the data protection risks. Transparency is a key principle underpinning the GDPR. Marketers using AI tools that process personal data must be able to explain in clear and simple terms how this data is being used. This is a considerable challenge as it is not often easy to identify exactly how data is being processed by AI technology.
In addition, Article 22 of GDPR gives individuals the right to object to automated decisions that may have a legal effect. For example, ‘automatic refusal of an online credit application or e-recruiting practices without any human intervention. In these instances, they have the right to obtain human intervention as part of the decision-making process.
In conclusion, the landscape of data privacy in 2024 is complex and ever-evolving. With the rapid advancement of technology and the increasing global focus on individual privacy rights, marketers must remain vigilant and proactive in ensuring the safety and security of personal data. By staying informed about the latest regulations, conducting thorough assessments of new technologies, and prioritising transparency in data usage, marketers can play a crucial role in safeguarding personal data in today’s digital age. Only through a concerted effort to prioritise data protection can we ensure that personal data remains safe and secure in 2024 and beyond.
