CMOs are on their toes and not conducting ‘business as usual’ as data privacy regulators get more assertive

By Seb Joseph

CMOs are a bundle of nerves these days. Blame data privacy regulators for some of it. Sure, the threat of a global recession keeps marketers awake at night, but being named and shamed in headlines of The New York Times for data privacy breaches is the stuff of nightmares.

But until recently, those nightmares never materialized. After all, it was the platforms and ad tech vendors that were in headlines for data snafus, not advertisers.

Time, as ever, makes fools of everyone. In this instance, gradually then suddenly.

Before September, avoiding data privacy breaches was just another priority among others on a long list for marketers. Now, it’s a matter of urgency. In September alone, prominent advertisers Zillow, Expedia, Chewy.com and Lowe’s were hit with lawsuits for allegedly breaching privacy violations in the U.S.

If there was ever any doubt that lawsuits would come for advertisers that played fast and loose with people’s data, it’s fading quickly. Take Sephora, which agreed to pay $1.2 million in fines for selling customers’ data without their knowledge.

That fine, in particular, seemed to prompt internal legal counsels to probe senior marketers on whether their use of data exposed them to something similar, as reported by the Wall Street Journal. The subsequent burst of activity, from data privacy policy updates to renewed data ethic frameworks, is hardly surprising. It’s more like a rising tide. Sources told Digiday that marketers see these latest revisions to data privacy plans as less a matter of completing compliance check boxes, more one of fiduciary responsibility. They really don’t want to be in the headlines.

“Over the two months or so we’ve seen a lot more inbound interest from enterprise organizations looking to update their technology stacks in advance of the changes to data privacy laws in the U.S.,” said Brian Kane, chief operating officer at consent management platform Sourcepoint.

Companies like Sourcepoint were always going to see a swell in demand with or without the Sephora fine. They have vital interpretations and perspectives of big, imminent changes to data privacy regulation. Indeed, its going to look different at the turn of the year. This is when the California Privacy Rights Act — a beefed up version of the California Consumer Privacy Act — takes effect. And when this happens so too will the abolishment of the 30-day cure period given to businesses accused of violating the law. No cure period means the California Attorney General’s office can go straight to enforcement action. The Sephora fine was a reminder to marketers of what that means.

“The reality of a CEO calling you about a call they just received from a regulator is now very real for marketers,” said Ian Cohen, CEO of data privacy tech company LOKKER. “The idea that just because you can collect a bunch of data doesn’t mean you should is rigning true with a lot more marketers now. It’s not business as usual for a lot of marketers now.”

To be fair, marketers have always taken privacy seriously. …read more

Source:: Digiday