Executive Summary

Data-driven marketing remains key for customer experience initiatives, but those efforts are being shaped—and limited—by consumer privacy concerns.

How big a deal is digital privacy to consumers?

Most say it’s a big deal, thanks to heightened media coverage of data breaches and misuse as well as the continued rollout of privacy regulations worldwide (including the US). But it’s still a handful of individuals who are willing to do something about it.

How has the EU’s General Data Protection Regulation (GDPR) affected digital marketing?

It forced companies to place greater emphasis on data hygiene and security. Today, most companies have slightly smaller customer databases. And marketers are choosier about who to partner with to reach those customers with digital advertising.

Are these effects specific to GDPR?

Not necessarily. Upcoming regulation such as the California Consumer Privacy Act (CCPA) may force similar change.

Are marketers prepared for the CCPA, and will its arrival be preempted by federal regulation?

The bulk of companies for which CCPA applies believe they will be ready by 2020 when it takes effect. However, CCPA compliance does not come without strains to finances and resources, and most fear having to repeat this state-level process 49 times. While most within the industry would welcome federal regulation, many do not anticipate it will come prior to January 1, 2020.

Will browser privacy settings and other privacy changes further affect the digital marketing ecosystem?

Yes. Marketers must count on further crackdown on third-party cookies and tracking, which will continue to make identification, targeting and measurement more difficult (and therefore drive some even further into walled gardens). It’s still too early to assess the full impact of such changes on the digital marketing landscape.

WHAT’S IN THIS REPORT? This report reviews consumer attitudes toward digital privacy. It discusses how the GDPR has affected digital marketing and explores the added effects of future regulation and consumer privacy changes.

KEY STAT: Digital privacy is a big deal. An October 2018 poll conducted by cybersecurity services firm Symantec found 83% of internet users worldwide were concerned about their privacy.

The Focus of this Report is Data Privacy, Not Security

What’s the Difference Between Data Privacy and Data Security?

While data privacy and security are closely related (and often conflated) there are important differences. Privacy is about controlling the flow of personal information. and the right to control how ones’ information is shared with others via digital channels.

Data security takes the concept of privacy a step further by focusing on the safety of that information. Again, for consumers, these are often one and the same: Information must be kept safe and secure as a means of controlling its flow. Security is necessary to maintain privacy, but for companies, data security is much broader: It is about keeping customer data safe, but it’s also about keeping company intellectual property, employee information and many other data sets secure.

How do privacy and security relate to digital marketing? While consumer expectations may be overarching, handling data privacy and security are often two distinct tasks for companies. The former is typically a more front-end process and involves the consumer consenting to sharing their information. The latter is a back-end process that requires significant coordination between systems, technology and infrastructure to honor that consent and keep the data secure from outside parties accessing it illegally. While legislation such as GDPR requires companies to manage data privacy and security, much of the digital marketing discussion today focuses on data privacy, specifically managing what consumers consent to share and for what purposes.

As a result, digital privacy will be the primary focus of this report.