Navigating the Privacy Paradigm with First-Party Data
With more than 15 years of experience, Matthew is passionate about helping European brands drive immediate marketing ROI and future-proof against market changes whilst creating incredible value for Amperity customers and businesses.
Europe’s ethical, political and technological data revolution is plunging brands into the depths of a new privacy paradigm. Google is phasing out third-party cookies and the General Data Protection Regulation (GDPR) is cracking the whip on big tech companies. And major changes to consumer tracking and consent-first policies have led to the degradation of the third-party ecosystem that has powered media buying for twenty years. Already, 64% of advertisers have shared that Apple’s App Tracking Transparency (ATT), which requires user permission to track their behaviours, is hurting their results.
If brands were looking for a sign to build up their first-party data strategies, this is it. However, should they need further convincing, a recent study reveals that 85% of respondents are concerned about the privacy and security of their online data, but half are prepared to overlook those concerns in favour of a better user experience. Even more, almost 70% of Britons would choose to work with businesses that offered a more secure approach to protecting personal data.
By shifting to a first-party data strategy, brands are better positioned to analyse how consumers interact with them. This, in turn, helps them provide truly personalised experiences that help retain existing customers, create new customer relationships and ultimately, drive revenue growth.
Before looking at how brands can best navigate this new paradigm, let’s first dive into Europe’s current state of privacy.
State of consumer privacy in Europe
A recent report concludes that there’s “a need to increase individuals’ control over how their personal data is used for digital advertising, including how they avoid unwanted targeting.” This strongly points to a gap in European Union (EU) regulations, which, as a nation with some of the strongest data privacy laws in the world, should already be protecting consumers. Yet, evidence supports otherwise.
The European Commission has responded to this criticism, by taking responsibility and committing to dial up its monitoring of how data protection authorities at the EU Member State level enforce data protection rules. It plans to implement regular checks on “large scale” GDPR cases six times per year.
Big tech companies like Google, Amazon and Meta have seen fines from the GDPR but never for the maximum amount – up to €20 million, or in the case of an undertaking, up to 4% of a company’s total global turnover of the preceding fiscal year, whichever is higher. Amazon, for example, was once fined roughly €586 million, representing 2.4% of its global revenue in 2021.
Google and meta also faced fines at the onset of 2022 due to non-compliance with cookie legislation, forced to pay €150 million and €60 million, respectively. The French Data Protection Authority’s (CNIL) investigation concluded that while both websites have a button for the immediate acceptance of cookies, the process for refusal is longer, requiring several clicks — a practice that constitutes a breach of applicable data protection legislation as it discourages users from rejecting cookies.
In contrast, with fines now being issued regularly and more frequently than in previous years, small- and medium-sized enterprises (SMEs) in Europe can’t afford to be hit with these fines. They need to act fast, collecting, processing and using customer data in a GDPR-compliant way.
GDPR customer data challenges
For most brands, customer data is scattered across many disconnected systems. This problem is exacerbated by the fact that the sheer volume of customer data being generated is exploding because of better instrumentation, improved technology infrastructure and a desire to know and shape customer journeys.
Under GDPR, if a customer were to ask for a data audit – what data you have about them, how it is being used and who it is being shared with – most brands are in for a long and painful manual process, with any errors or delays during this process resulting in costly fines and customer dissatisfaction. This process involves working with each distinct system and its owners to find and extract the relevant records.
At the same time, without access to a unified view of the customer that includes contact preferences, marketers and analysts feel constrained in delivering the personalised experiences and interactions that consumers have increasingly come to expect. As an example, if a particular customer has opted out of email communication with the brand, marketers need access to a unified view of the customer that provides information on their social and app presence so they can be reached on those channels.
Traditional mechanisms of customer data unification tend to fall short because of two key reasons: the challenges with manual data cleaning and schema mapping and customer identity resolution. Fortunately, there’s a better way.
Unify customer data to ease GDPR-compliance journey
An intelligent customer data platform (CDP) like Amperity can help tremendously by providing a complete, unified database containing all of a brand’s customer data. A CDP stitches together all of a brand’s disparate data sources, forms complete customer profiles and makes those profiles available for easy exploration in real-time. It also identifies unknown data elements and sources containing data that otherwise may have gone unreported.
This means that if a brand is asked to perform a data audit for an individual or a group of people, staff can rapidly pull together all the relevant information from a single, highly-accessible system. In addition, a CDP refreshes constantly as source data changes, populating the latest suppressions and unsubscribes across all relevant customer touchpoints. This further ensures consistent compliance with GDPR-related requests and activities.
While compliance is important, many marketers are concerned that complying with GDPR will compromise their ability to form deep and meaningful connections with customers. With a CDP, making the most of your customer data while complying with both the contractual and technical challenges posed by GDPR becomes simple.
Five ways European brands can prepare for the new privacy paradigm while making the most of their data:
1. Build a robust, first-party data foundation: Savvy marketers in Europe aren’t waiting until the last cookie crumbles to get their house in order. They’re adopting robust first-party data strategies that help them understand customers better and personalise their marketing messages in ways that are also good for the bottom line – using first-party data, companies are seeing up to a 5X return on ad spend in paid channels. And recent research shows that brands using first-party data in key marketing functions achieved a 2.9X revenue lift and a 1.5X increase in cost savings.
Customer metrics drive business metrics. To thrive, businesses must become increasingly reliant on first-party data to power their strategies. This will help ensure they hold onto customers and remain a step ahead of their ever-evolving purchasing habits.
2. Leverage innovative technology: Traditionally, businesses justified technology by building business cases around ‘offensive’ metrics, such as increase in engagement, volume of conversions, increase in average order value and loyalty. Today things are changing, and business cases must also be built around ‘defensive metrics’ like operational improvements, privacy breaches or customers wanting their data erased – all costly exercises if processes aren’t centralised.
The right CDP can help. For example, using a patented machine learning, AI-driven approach, Amperity’s first-party data ID resolution is purpose-built to create unparalleled customer profiles, giving teams the data they need to delight customers and fuel growth.
3. Be transparent about data collection and use
One of the biggest concerns consumers have around data privacy is lack of transparency. Many consumers are not aware of the data that is being collected about them, how it is being used, or who it is being shared with. To build trust with consumers, brands and organisations must be transparent about their data collection and use practices.
This includes providing clear and concise privacy policies, using plain language to describe data practices and giving consumers control over their data through opt-in and opt-out options.
4. Embrace data ethics and responsibility
Data ethics and responsibility are becoming increasingly important issues for brands. As data becomes more central to business operations, brands must ensure that they are using data in an ethical and responsible way.
Brands should conduct regular audits of their data practices to ensure that they are collecting data in a transparent and ethical way. Brands should also ensure that they are protecting customer data from unauthorised access and security breaches.
5. Offer value in exchange for data
European consumers are more willing to share their data if they receive something of value in return. Brands and organisations can incentivise data sharing by offering personalised experiences, exclusive content or discounts and promotions. However, it is important to be transparent about what data is being collected and how it is being used in these situations.
Navigating the new privacy paradigm
The new privacy paradigm presents both challenges and opportunities for brands and organisations. While the phasing out of third-party cookies may make it more difficult to target and measure ads, it also presents an opportunity to build stronger relationships with consumers through first-party data.
However, to succeed in this new privacy-first world, European brands and organisations must prioritise first-party data strategies, leverage new technology, be transparent about data practices and use data for good. By doing so, they can build trust with consumers and navigate the shifting norms around data privacy.
