Making sense of GDPR: data transparency, privacy and the future of digital marketing.
With the “pace of privacy” accelerating, and a global conversation centered on individual data rights continuing to grow, Monotype is working to ensure we are best prepared to help our clients navigate the new normal. In this guide, learn about our approach to privacy regulations and how brands can use them to their advantage.
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation that expands requirements for how personal data privacy is handled, with enhanced rights for data subjects (any person whose personal data is being collected, held or processed), stricter penalties for noncompliance, and an enforceable obligation to report breaches. When it began being enforced in May 2018, GDPR marked a fundamental shift in the way brands and customers interact. Businesses are now obligated to provide EU citizens with complete transparency over where and how their personal data is being utilized.
While these new regulations pose a challenge to brands and marketers, they come amidst a larger global conversation surrounding data privacy. With platforms such as Facebook and Instagram adapting to provide greater protection to users, change is inevitable. As organizations evolve their marketing practices to comply with GDPR, we believe both consumers and brands will have a more authentic and positive experience.
The pace of privacy
GDPR and similar regulations represent a crossroads of sorts for society. We are grappling with profound concerns about privacy protection and data security, and at the same time conducting more and more of daily life online and on the go, from banking and grocery shopping to booking travel and buying furniture. The numbers tell the story: mobile data traffic is projected to increase sevenfold by 20211, and ecommerce is expected to account for 17%2 of all retail sales by 2022.
A spate of high profile security breaches and instances of unethical data sharing shows that more consumer protections are needed. In general, consumers don’t mind sharing their data, but want assurances their data won’t be exploited. That leaves governments, businesses, and individuals searching for an agreeable middle ground where privacy is protected and data are secure but commerce can operate effectively.
At Monotype, we expect this search for balance to be a defining trend of the next several years, and believe we are uniquely positioned to help brands navigate those challenges.
Enter the regulations
GDPR is the first major step in what will likely be a series of regulations aimed at striking that balance.
The regulation gives individuals control over which businesses can use their data and how, and in certain instances requires companies to obtain consent from consumers to use that data in marketing and other business functions.
The regulation applies to all EU citizens, so even non-EU companies must comply if they interact with individuals in the EU.
In addition to GDPR, the California Consumer Privacy Act (CaCPA) will have an impact on brands and consumers alike.The CaCPA is a similar set of regulations slated to take effect in 2020. CCPA gives consumers the right to know what personal information about them is being collected, how it’s being used, and to prevent that information from being sold.
These regulations will likely influence the way other states think about consumer privacy and how businesses market to all U.S. customers in the near future.
One of the primary challenges of GDPR is that it affects several fundamental elements of social media marketing.
Facebook, notably, rolled out new privacy settings just days before GDPR enforcement began. The company invited its users to reevaluate their privacy settings, including the data they’ll share with potential advertisers and other personal information that could offer insights into their preferences. This obviously limits the ability of brands to market on Facebook.
At the same time, Instagram updated its API and stopped allowing brands to collect content programmatically using hashtags. Instead, brands are required to use @ mentions and photo tags to collect information at scale.
In the previous version of Instagram’s API, virtually any hashtag could be commented on by not just approved partners like Olapic, but also by bots, spam accounts, and more—causing Instagram to seek a more permanent solution to solve its spam issue.
Hashtags today are ubiquitous to signal that a consumer wants to enter into dialogue with a brand. More often, hashtags (yes, even branded ones) are leveraged by users as a way to increase the discovery and engagement of their own content. In short, it was time for a better approach, anyway.
Our response - why privacy change is a good thing for the long haul
While these changes resulted in some short-term disruption (primarily to our Olapic products and customers), we see them as an opportunity for our customers to build even more meaningful engagement with their customers over the long term.
Perhaps the best summation of this was captured in a recent article in The Drum, L’Oréal’s Chief Digital Officer Lubomira Rochet said, “....if your relationship with people isn’t based on consent it’s detrimental to your [brand’s] image.”
For Olapic, the new Instagram API was not a vast departure from our current model. We have always recommended that our clients work directly with consumers to obtain rights to visual content.
With an @mention, a consumer makes a direct call out to a brand that can either be in the post description or the comment section. Instagram believes that direct mentions of a brand within an Instagram post offer a stronger indication that a user is attempting to initiate a conversation.
We agree, and our data3 backs it up:
- Brands were 10 times more likely to use User Generated Content (UGC) they collected from an @ mention;
- There is a 12 percent higher chance a user would approve a brand’s rights request if they included an @mention in their original content; and
- Travel UGC saw a 57 percent higher chance of a user approving a brand’s rights request when they included a mention.
We worked closely with customers to determine short-term solutions to the API change and GDPR issues in general. We added the ability to collect data by @ mention, and also developed workarounds so customers could continue collecting hashtag content as they shift their marketing strategy to @mention. We have also updated features in Olapic’s Content Engine to ensure our customers are:
Obtaining rights before activating content
We have also updated features in Olapic's Content Engine to give our customers the tools they need to address data privacy requirements.
Additionally, we continue to work closely with Instagram to provide feedback and suggestions to continue to improve the workflow between Instagram and Olapic solutions.
The modern consumer-brand relationship
GDPR and the broader discussion of privacy and data security hinges on one simple issue: Individuals should be able to maintain a greater sense of personal privacy and determine when and how their data is utilized. Of course, while emerging regulations are more broadly applied, they also have specific implications for how consumers and brands build relationships with one another.
Consumers want a balance of ease and independence.They want brands to be available everywhere all the time with prompt, personalized and intuitive service, but also want to maintain boundaries against what feels like excessive or invasive access to or use of their personal data and time.
“While GDPR may have been a driving force behind this privacy sea change, the need to evolve the consumer-brand relationship to be authentic and transparent has been at the forefront of our technology and the way we work with brands from the start,” said Brett Zucker, Monotype CMO. “We hear from customers that they need to be efficient on the operations side and create campaigns that reach a broad, global customer base without incurring unreasonable costs. Brands want to respect those boundaries but also want to use data to create personalized experiences and an upleveled degree of service. GDPR is a piece of that puzzle.”
At Monotype, we understand both sides of the privacy conversation, and steer our customers toward some guiding principles and best practices that we believe are most valuable to brands, and how we do business ourselves.
Make it human: At its core, GDPR requires brands to stop thinking of consumers as vast assortments of data, and instead think of them as individuals. The policy gives individuals more control over their data and encourages brands to adopt a more personalized approach. This aligns neatly with what customers already want and allows brands to reach customers with greater precision and effectiveness.
Be proactive: Data that is given is better than data that is gathered. Focus on gaining permissions from your users up front to facilitate smoother interaction going forward. Develop a clear, concise, reversible permissions process that allows users to set their own boundaries.
Emphasize the @ mention: Use Instagram stories, emails and post-purchase instructions to tell people they should use @ mentions for a chance to be featured by the brand; highlight your @ mention on all your visual properties, including your social media profiles, homepage, mobile app, and printed materials.
Take the lead: Tell the world you take privacy and data security seriously! Highlight your partnerships with companies focused on protecting users’ data, and share your stories of developing authentic, transparent relationships with your customers in the post-GDPR world.
We also believe that steps like this, and a proactive approach to data transparency and privacy overall, will lead a healthier connection between brand and consumer, and result in some of the following positive changes:
Relationships will be more authentic: The focus on proactive, transparent interactions will reduce the friction that could develop under the old model of data collection. Customers who willingly and knowingly share data are by nature more enthusiastic and engaged, and more likely to respond to outreach from the brands they follow.
Content will be better: As a result, content will be richer and more personalized, and brands can expect a more robust contribution of user-generated content.
The quality of followers will be better: While increased focus on privacy and permissions may result in a reduced number of followers, those who choose to engage with brands are likely to be more enthusiastic, loyal, and eager to interact. And as brands (and consumers) know, quality is far more valuable than quantity.
Brands and consumers alike have been navigating uncharted waters for years, with both sides struggling to keep pace with the meteoric growth of digital commerce and communication. Perhaps it’s helpful, then, to think of GDPR as a kind of map, a way to understand each sides’ responsibilities, concerns and hopes for the modern marketplace.
At Monotype, our goal is to empower brands with the tools and knowledge they need to deliver the experiences and security their customers demand. Like the brands we serve, GDPR served as a catalyst to rethink the way we communicate with our customers. That experience informs our products and our perspective, and we’re excited to share both in the exciting months and years ahead.
3 Based on our internal estimates