Privacy by Design

The Industry Transition to a PbD Sales Approach

Due to the melding of big data and marketing, regulators will expect marketers to incorporate Privacy by Design (“PbD”) into their products and operations; most notably in the design and operations of digital marketing experiences across devices (or device itself, such as exercise timers), and through consumer targeting with increasingly rich and precise data sources (i.e. individual grocery store loyalty program information matched with online audience defined as ‘moms’ by zip code). As the consumer journey becomes more integrated, expect increased coordination and vision from the technology, marketing and governance parts of the organization to build a PbD approach to sales.

Privacy by Design is an approach to operationalizing privacy best practices by embedding it into the design specifications of technologies, business practices, and physical infrastructures. Privacy by Design was developed by the Information and Privacy Commissioner of Ontario, Canada, Dr. Ann Cavoukian, and advances the view that the future of privacy cannot be assured solely by compliance with legislation and regulatory frameworks; rather, privacy assurance must become an organization’s default mode of operation. Ideally, it means building in privacy up front – right into the design specifications and architecture of new systems and processes, however these concepts can be applied to existing operations as well. Privacy by Design is accepted by most data protection regulators globally as a best practice.
Going forward, it is increasingly likely that regulators will expect marketers to incorporate Privacy by Design into their products and operations. In this document, we have included a brief guide to PbD’s main concepts by highlighting its seven principles.

Proactive: The active prevention of privacy violations from occurring at the individual user level. Active prevention may include policies, laws, processes and frameworks within a company, governmental institution, or civic organization that protect a person’s personal information.

Real-Life Example: Global financial institutions now have marketing compliance teams to review all marketing strategies and creative.

By Default: User automatically has maximum amount of privacy. For example, on social profile pages, users may have default ‘private’ settings instead of public settings.

Real-Life Example:  Marketers that own applications and pages in Facebook are required follow the Facebook privacy guidelines for tracking.

Embedded: Privacy is built into the processes and technology systems of a firm or government.  This is a highly individualized practice by industry and national culture.  For example, personally identifiable information might be immediately de-identified and only the de-identified data is used from that point forward or a search provider might decide to encrypt all keywords in a URL string.

Real-Life Example: A major retail firm with an e-commerce store creates internal data policy for managing and using customer loyalty information.

Positive-Sum: Privacy by Design encourages regulators, businesses, consumer groups and individuals to conjure solutions where all stakeholders win instead of creating a false dichotomy between business innovation and user rights.

Real-Life Example: The Obama Administration proposed a multi-stakeholder model, executed by the Federal Trade Commission (FTC) on matters of children’s privacy and mobile applications.

Life-Cycle Protection:  The management of data during the entire time a firm or government institution has the data incorporates privacy.  For example, a firm might provide an opt-out process for a user to stop data collection, but the data would also need to be deleted and stopped from further use.

Real-Life Example: A national electronics company decides to create their own retargeting cookie pool based on users visiting their ecommerce site. If a user requested to stop being tracked, they would need to be removed from the entire marketing journey verses an opt-out cookie for a particular campaign.

Visibility/Transparency: Being transparent in policies, processes and procedures to all stakeholders – providers, technologists, regulators, users, consumers, alike.  An example is having a user friendly opt-out cookie process on a website.

Real-Life Example: BlueKai, a data management platform (DMP), with a cookie pool of the vast majority of US adults, has the ability for a user to go to their website to see how that user’s data is used (and opt out of) in BlueKai’s audience marketing segments.

Respect for Users: Inform users what the firm’s data collection, processing and monetization practices are, in an easily understandable fashion, on a prolonged basis.  For example, if a mobile coupon application decides to collect precise geo-location in order to provide targeted restaurant lunch deals months after the application is downloaded, the company notifies users of the policy change. Just remember, inform the user what the firm is doing.

Real-Life Example:  The Safari browser default to prevent advertisement tracker may be considered by many users as respect; as is the encryption of organic searches by Google. Consumers might want greater transparency into the use of loyalty program data, especially related to intimate situations such as pregnancy, for marketing purposes (i.e. Target use of ‘big data’ for marketing to pregnant women stirred some concern).

The Data Policy team centralizes and manages local and global media data to allow for brand ingestation.  They help marketers make the right data choices for clients at any stage of their business lifecycle.

Leave a Reply

Your email address will not be published. Required fields are marked *