I Accept Doesn’t Mean I Do
Just in time for Data Privacy Week, The New York Times was out recently with a great piece on the woeful ineffectiveness of cookie banners.
In the wake of GDPR, these annoying banners have littered websites in the name of consumer privacy protection. Consumers have largely become conditioned to mindlessly click “I accept” to access the content they want. And in the process, they continue to give “consent” where they really have no such intentions.
In fact, experts suspect these banners have had a detrimental effect on privacy awareness as consumers have become resigned to just giving away data and rights as just another cost of using the internet.
“Accept” and “Opt-in” are two different things
Fact is, there’s a heck of a lot of fine print hidden in cookie banners. The problem has worsened as companies have sprouted up to “optimize” these banners to maximize acceptance, regardless of consumer intent.
Efforts are underway to improve transparency within the process. But, why? Why are we trying to save the cookie at all? Why do we keep defaulting to the lowest common denominator of consumer targeting and tracking? Especially when we know consumers are being taken advantage of and frankly, exploited, in the wild world of cookies.
At BRIDGE, we maintain the perspective that habitually clicking “I accept” on vague cookie banners is not the same as proactively “opting in” to third-party engagement.
Opt-in campaigns do reduce the number of consumers you can welcome into your audience. But so what? If these people don’t want to be in your audience, why would you try to trick them into joining? Why fly in the face of privacy trends and, increasingly, laws just to make a buck?
The risks are increasingly far outweighing the benefits of constantly trying to skirt cookie rules in the name of cheap data.
Not to mention, continuing to play in this seedy world means potentially coming into contact with sensitive user info that can cause trouble down the line if not handled properly.
There’s a better way.
Empowering consumers with clear consent
In past posts, we’ve talked extensively about the power of personally identifiable information (PII)-level data to better align with privacy norms, respect consumers, and create more engaging campaigns.
But in (belated) honor of Data Privacy Week, I want to highlight what BRIDGE believes to be best practices for accepting and maintaining consumer data:
- “Opt-out” is default status. Consumers don’t enter our audience unless they’ve given express permission. In our view, there is no such thing as “add them now and we’ll figure out permission later.”
- Don’t accept sensitive PII data. Credit card details, SSNs, health-related info? No thanks. None of this personal and ultra-private info is necessary to run a highly-effective campaign. Collecting it unnecessarily means asking for trouble, as news headlines about hacks and breaches constantly remind us.
- Encryption is everything. Info that is collected, even if not particularly sensitive, deserves to be treated with the utmost care and respect. That means encrypting data in motion and at rest and restricting access unless a specific encryption key is presented.
- Act fast when opt-out requests come in. If we get an opt-out request from one regulatory body (e.g., CCPA), we will completely suppress that file and completely remove it from our full database – even campaigns where that person has expressly opted in.
- Repermission, just to be sure. Every so often, we go out and repermission files just to be sure consumers still want to remain in our audience. Because “opt-in” today shouldn’t mean “til death do us target.”.
Our advice for marketers figuring out how to navigate a changing landscape is to be as compliant as you can with changing privacy norms, even if you find yourselves ahead of the curve. Playing a constant game of circumvention will ultimately spin you in circles and put you on the wrong side of privacy.
It’s time to opt in to a better approach toward building audiences.