Data collection and analysis are key driving forces behind many business decisions. The “big data” trend has maintained strong momentum; companies have been gathering everything they can and then breaking it down to understand behaviors and trends.
In B2B marketing technology, specifically for websites and web-based tools, there have always been challenges that complicate our ability to collect meaningful data — and the landscape is becoming more difficult to navigate. With that said, I’d like to highlight some of the major data changes and related legalities that could potentially put your company at risk for litigation.
General Data Protection Regulation (GDPR)
Hopefully, you’re all familiar with GDPR, because it has been enforceable since May 2018. While it only applies to businesses that either physically operate in the EU or target users in that region, many global companies have made the necessary changes to comply. The GDPR’s primary focus is to require businesses to:
- The user must then acknowledge (willfully by clicking a button or checkbox) that they are consenting to these practices. This is usually first done immediately upon reaching the website via a pop-up of some kind, and also anytime any personal information is being submitted, such as through a contact form.
This is an over-simplification of something that really winds up requiring assistance from programmers, marketers, legal personnel, and more. For full details of what the GDPR requires, I recommend reading the official checklist. If you’re not compliant, it’s worth getting the ball in motion. You can be fined up to €20M or 4% of your previous year’s revenue (of course, whichever is larger). Even Google got dinged €57M in 2019.
California Consumer Privacy Act (CCPA)
While the CCPA was signed into law in June 2018 and wasn’t enforceable until Jan. 1 of this year, it managed to slip under the radar to a very large degree. Its requirements are vaguely stated and may not be totally clear until some lawsuits come to play to give us some precedent and clear up any confusion. However, they do motivate us to pay attention — with fines of $100 to $750 per record, up to a maximum fine of up to $7,500 per total incident. What we do know is that its requirements can mostly be broken down into three parts:
Who is covered?
- There is a systematic approach for making this determination. A business must:
- Do business in California
- Collect personal information, directly or via a third party
- Meet one of the following criteria:
- Gross revenue is $25M of more
- Process personal information (the 11 applicable categories are defined here) on 50,000 or more consumers
- Derive 50% or more of annual revenue from selling consumers’ personal information
- Provide “Notice at Collection"
- This basically means a company must disclose what personal information is collected, in each of the 11 categories declared as such, and explain how this data is used. Per the law, this must happen prior to any personal information being collected. It differs from the GDPR in that you are not required to collect user consent to collect personal data. However, it does come with a GDPR-like clause that requires businesses to delete an individual’s personal information if requested. Lastly, it also has stricter requirements for allowing consumers to opt out of data selling.
- Provide “Reasonable Safeguards"
- This portion of the CCPA requires a business to protect personal information in a manner that makes them liable for statutory damages if a breach occurs and it is deemed the stolen data was not protected in a “reasonable” manner. What constitutes “reasonable” protection? Good question. The CCPA is quite unclear about this, so it is likely going to rely on legal precedent to be established before anyone really knows.
Are you curious to learn more about how the GDPR and CCPA relate? I recommend reading this comparison.
Chrome, i.e., the Cookie Monster
On Jan. 14, Chrome announced updates to an existing privacy plan. They now intend to make cookies obsolete by 2022.
Google Chrome authoritatively has the largest global market share of any browser, so even in the unlikely event that other major browsers don’t follow along, this will be a huge hit to data collection as we know it. We’re going to be left with very limited data when it comes to our ability to track long-term usage by computer, which has typically been done with cookies.
We’ll have to come up with other ways to collect data at a user level, with their consent, as was started by GDPR such as gated content or log-in tracking.
We have two years to make some changes — and they will be both conceptually and technically substantial. Hopefully, our beloved third-party partners have time to come up with some clever ways to keep feeding us our daily dose of information, but I’d be hesitant to rely solely on them.
Challenges Maintaining Accurate Data Analytics
- Are you separating your internal employees from the rest of the world? If not, how do you know how your intended audience is using your web properties (as opposed to someone from your sales team who frequents the website to stay sharp on your product and service offerings)?
- Are you actively monitoring and removing suspected bot/spam traffic from your reports? Bot traffic tends to greatly inflate metrics and cause high bounce rates.
- Do you have a reliable means of monitoring what literature and resources are being viewed and downloaded? In many cases, downloads require custom event triggers to pass over those user clicks. Without them, you are left to guess based on page views alone.
- Are you relying solely on something like Google Analytics, or do you have other tools to track user behaviors? For example, if you haven’t seen your website on a heatmapping tool, it can change your life — or at least your perspective on how people use your website.
The Future of Data
Buckle up! It’s going to be a wild ride.
As a career B2B-focused marketing technology professional, I am a data junkie. I absolutely love it! GDPR was a wake-up call, but it’s proving to be the tip of the iceberg in the data world.
This legal movement is aimed at protecting us as individuals, and there is no arguing that as a good thing. However, for those of us who are responsible for collecting, analyzing or otherwise using data, these changes add a new tier of complexity to what was already a difficult day’s work. It takes creativity to collect audience data, and then to segment and target them properly.
What Should You Be Doing Right Now?
At this point, you should cover your legal bases, especially if you’re not already complying to the laws that could affect your business. Next, make the most out of the data that is already available and develop lead generation tactics to collect information in exchange for content or valuable insights from your business. Moving forward, the landscape shows every sign of continuing to change, so do what you can to stay on top of it. A key part of this is to look for ways to open communication channels with as many users as you can.
If you want to talk about ways to get the most out of your data or be more attractive to your prospects and customers, let’s talk.