tag:www.econsultancy.com,2008:/topics/privacy-data-protection Latest Privacy & data protection content from Econsultancy 2016-05-26T13:42:32+01:00 tag:www.econsultancy.com,2008:BlogPost/67881 2016-05-26T13:42:32+01:00 2016-05-26T13:42:32+01:00 Seven big challenges facing healthcare marketers Patricio Robles <h3>1. Digital underinvestment</h3> <p>By some estimates, healthcare spending in the US is close to 20% of GDP, but healthcare marketers aren't funneling much of their marketing dollars into digital. </p> <p><a href="https://econsultancy.com/blog/67131-pharma-s-mobile-social-efforts-aren-t-as-healthy-as-they-should-be">According to</a> Deloitte Consulting, healthcare and pharma marketers spent just $1.4bn on digital ads, a figure that lags marketers in other industries.</p> <p><img src="https://assets.econsultancy.com/images/0006/8525/deloitte1.jpg" alt=""></p> <p>One of the consequences of this digital underinvestment is that this has created opportunities for third parties to become the go-to resources for consumers and physicians looking for healthcare information online.</p> <p>This is despite the fact that, in many cases, healthcare marketers' organizations have valuable, proprietary data and content.</p> <h3>2. Measurement &amp; metrics</h3> <p>While measurement is top-of-mind for most marketers, it hasn't been as important in healthcare because of the role marketing has played historically in healthcare organizations.</p> <p><a href="https://econsultancy.com/blog/67863-healthcare-marketers-making-progress-on-measurement-metrics/">That's changing</a>, and many organizations have adopted a number of sensible growth and brand-related metrics.</p> <p>But adoption of metrics related to stakeholder engagement and marketing communications, including patient satisfaction and paid media, are still undervalued, which can make it more difficult for healthcare marketers to "connect the dots."</p> <p><img src="https://assets.econsultancy.com/images/0007/5068/hccforating.png" alt=""></p> <h3>3. Market structure</h3> <p>Healthcare is not a typical market. In the US, few consumers pay directly for care and drugs; instead, third parties like insurers pay the bills and control where, when and how consumers access the healthcare system.</p> <p>For marketers, this presents a number of challenges. One of the biggest: even if you can persuade a consumer that your hospital provides the highest quality of care or that your drug is the most effective, the consumer might not be able to access your product or service.</p> <p>So in many cases, healthcare marketers find themselves playing a game of triangulation involving consumers and care providers, like hospital systems and physicians.</p> <p>For obvious reasons, this makes developing an effective marketing strategy a more complicated proposition.</p> <h3>4. The trust gap</h3> <p>The healthcare industry, and pharma in particular, doesn't have the best reputation thanks in part to <a href="https://econsultancy.com/blog/67590-can-targeted-social-ads-help-pharma-overcome-drug-pricing-controversy">controversies over subjects like drug pricing</a>.</p> <p>That has created a trust gap in which consumers as well as physicians are less likely to trust ads and information that come from healthcare marketers.</p> <p><img src="https://assets.econsultancy.com/images/0006/8526/deloitte2.jpg" alt="" width="635" height="467"></p> <p>To rectify this, healthcare marketers <a href="https://econsultancy.com/blog/67747-pharma-marketers-should-use-storytelling-to-improve-the-industry-s-reputation">will need to become more adroit at storytelling</a>.</p> <p>Unfortunately, as Alexandra von Plato, group president of North America for Publicis Healthcare Communications Group, has observed, "We neglect the origin story. Instead we run these dumb ads," referring to the ubiquitous and oft-parodied television ads promoting prescription drugs.</p> <h3>5. Lawmakers</h3> <p style="font-weight: normal;">Those <a href="https://econsultancy.com/blog/67227-ban-on-consumer-ads-could-make-pharma-s-digital-shortcomings-more-costly">"dumb ads" haven't made fans of physicians</a>, and the aforementioned drug pricing controversy has made pharma companies Enemy #1 for some lawmakers in the US.</p> <p style="font-weight: normal;">That could soon have a dramatic impact on healthcare marketers as lawmakers consider reigning in how healthcare marketers promote their wares to professionals and the public.</p> <p style="font-weight: normal;">Given how reliant pharma marketers in particular have become on television ads, and how underinvested they are in digital, greater restrictions on advertising could make life very difficult.</p> <h3>6. HIPAA</h3> <p>Consumer adoption of wearables is growing but healthcare marketers are struggling to take advantage of wearable opportunities.</p> <p><a href="https://econsultancy.com/blog/67074-is-the-healthcare-industry-prepared-for-wearables">There are a number of reasons for this</a>, but one might be HIPAA, the Health Insurance Portability and Accountability Act, which regulates the use of Protected Health Information (PHI).</p> <p>Healthcare organizations regulated by HIPAA <a href="http://www.healthcareitnews.com/news/are-wearables-violating-hipaa">must receive consent</a> from patients before their PHI is used for marketing purposes, and there are many grey areas, particularly as far as innovative technologies such as wearables are concerned.</p> <p>That means healthcare marketers realistically don't have the same flexibility as marketers in other industries that aren't subject to HIPAA.</p> <h3>7. Data</h3> <p>Out of necessity, healthcare organizations may be adept at dealing with issues related to data security.</p> <p>However, as a recent Econsultancy and Ogilvy CommonHealth report - <em><a href="https://econsultancy.com/reports/healthcare-study-organizing-marketing-in-the-digital-age/">Organizing Healthcare Marketing in the Digital Age</a> -</em> discovered, a majority are unprepared to deal with emerging data sources or to collect high volumes of data at speed.</p> <p>Furthermore, a surprising large number of organizations (44%) aren't even prepared to use their CRM data in marketing campaigns.</p> <p><img src="https://assets.econsultancy.com/images/0006/7696/Screen_Shot_2015-10-05_at_18.50.56.png" alt=""></p> <p>Because effective collection and use of data is increasingly integral to successful digital marketing, healthcare marketers' capabilities around data will need to improve.</p> tag:www.econsultancy.com,2008:BlogPost/67840 2016-05-23T14:29:29+01:00 2016-05-23T14:29:29+01:00 Highly targeted online ads don't work: Stanford researchers Patricio Robles <p>Eilene Zimmerman <a href="http://www.gsb.stanford.edu/insights/pedro-gardete-real-price-cheap-talk">explains</a>...</p> <blockquote> <p>In this case, the researchers were looking at cheap talk in retail, for example, an ad promising 'Lowest Prices in Town'.</p> <p>That can be credible when it’s used to draw in appropriate customers; in this case, those who are price sensitive.</p> </blockquote> <p>At the same time...</p> <blockquote> <p>They found that the most personalized ads were less effective because consumers worried they were being exploited.</p> <p>For example, says [Stanford Graduate School of Business professor Pedro Gardete], someone looking for a prom dress 'might get an ad from a retailer saying, "We have a wide selection of prom dresses! Click on this link!" The consumer clicks, and it turns out the retailer has dresses for all occasions but not specifically proms,' says Gardete.</p> <p>Those kinds of ads frustrate consumers and eventually become meaningless to them.</p> </blockquote> <p>Based on this, Gardete suggests that businesses might adopt a "less is more" approach in which less information is collected, information collection is more transparent, and targeting is used more sparingly. </p> <h3>Theory versus reality</h3> <p>While there's no doubt that a growing number of consumers are concerned about their privacy and how marketers are using information to track and target them, given the continued level of interest and investment in targeting tech and targeted ad offerings, does the researchers' model actually reflect reality?</p> <p>Obviously, a hypothetical retailer falsely promoting that it has a wide selection of prom dresses when it doesn't isn't likely to see good results, <strong>but this isn't how most experienced digital marketers are operating.</strong></p> <p>Instead, <a href="https://econsultancy.com/blog/64099-what-is-retargeting-and-why-do-you-need-it/">retargeting</a> (and <a href="https://econsultancy.com/blog/10194-the-roi-of-personalisation-infographic">personalisation</a>) are widely seen to drive ROI in the real world.</p> <p>As an example, AdRoll, a performance marketing platform provider, detailed <a href="https://www.adroll.com/sites/default/files/resources/pdf/case-study/AdRoll%20Case%20Study%20-%20Chubbies.pdf">in a case study</a> (PDF) how one apparel retailer used retargeting to deliver a 10.5x average ROI, 13% conversion lift and 33% lower CPA than average for other apparel retailers.</p> <p><a href="https://econsultancy.com/blog/64980-put-your-email-list-to-work-facebook-custom-audiences">Facebook Custom and Lookalike Audiences</a> have delivered similarly impressive results.</p> <p>Crowdfunding platform Tilt <a href="https://www.facebook.com/business/success/tilt">doubled</a> its conversion rate using Custom Audiences, and lowered its mobile cost per install by 30% using Lookalike Audiences.</p> <p>And Hospitality giant MGM <a href="https://www.facebook.com/business/success/mgm-resorts-international">realized</a> a greater than 5x return on spend using Custom Audiences.</p> <p>Needless to say, any specific marketer's mileage will vary, but on the whole, marketers are becoming more and more adept at targeting consumers online and doing so to good effect. </p> <p>That doesn't mean that marketers should rely on targeted ads exclusively, and the Stanford research is a reminder that targeted ads need to deliver what they promise to consumers.</p> <p>But targeted ads are here to stay because they work well enough of the time, even if <a href="https://econsultancy.com/blog/67830-young-users-aren-t-fans-of-targeted-social-ads-report/">many consumers say they don't like them</a>.</p> tag:www.econsultancy.com,2008:BlogPost/67784 2016-04-27T11:06:15+01:00 2016-04-27T11:06:15+01:00 EU data laws: An update on GDPR & Privacy Shield Todd Ruback <p>The controversial Apple and FBI matter – where the FBI sought to compel Apple to unlock an old iPhone model as part of a domestic terrorism investigation – has already become old news.</p> <p>In the EU, terrorism in Brussels and Paris is forcing uncomfortable and morally difficult conversations about security, privacy, and fundamental human rights. </p> <p>While I am optimistic that we will arrive at a good place, the EU is enacting a flurry of powerful new privacy laws that will impact us all.</p> <h3>General Data Protection Regulation (GDPR)</h3> <p>On the 14<sup>th</sup> April 2016, the EU Parliament <a href="https://econsultancy.com/blog/67540-what-is-the-eu-general-data-protection-regulation-gdpr-why-should-you-care/">formally adopted the GDPR</a>; another legislative step in the multi-year process to overhaul the EU’s disparate data protection laws. </p> <p>The next step will be for the GDPR to be officially published, translated, and put to print in the Official Journal of the European Union, hopefully by June.</p> <p> Just 20 days following that, the two-year countdown to the GDPR taking effect will commence. </p> <p>As the GDPR winds its way through the end of this legislative process, it’s important to note how much work organisations will have to complete during this small two-year window. </p> <p>It will strengthen the individual’s control over their personal data by new rights that will be bestowed upon EU citizens, such as the right to data portability and the right to be forgotten (erasure).</p> <p><img src="https://assets.econsultancy.com/images/0007/4342/The_EU.jpg" alt="" width="800" height="600"></p> <p>On the flip side, organisations will have new codified obligations to honour the individual’s rights, and these obligations will force companies to create new privacy-centric business processes – no easy task in the best of times. </p> <p>For example, the quaint notion of “bundled” consent – those dense, unreadable Terms and Conditions buried in the footer of a site that say use of the website constitutes consent to the company’s data practices – is non-existent. </p> <p>In it’s place, companies are going to have to give prominent notice and obtain a user’s consent when a person visits their website.</p> <p>Other changes include more transparent privacy policies and the requirement to have processes for a person to access, review, and correct their personal data, as well as request that data can be easily transferred or taken from one service provider to another.</p> <p>All of this, and more, needs to be considered, created, tested, and put in place by the time the GDPR takes effect. That means you need to start now.</p> <p><strong>Why is this important?</strong> </p> <p>Namely because the EU’s data protection authorities have enhanced new enforcement powers that include the ability to penalise an organisation up to €20m or 4% of it’s annual global turnover, whichever is greater.</p> <h3>Privacy Shield </h3> <p>While the GDPR’s impact will be huge, at the same time, the evolution of the digital world continues to sprint forward. </p> <p>Similar to the Berlin Wall, digital borders have come crashing down; allowing for the natural flow of data between Member States but also between the EU and US, its largest trading partner. </p> <p>Both economies are in fact dependent upon this fundamental notion. </p> <p>However, the fledgling Privacy Shield – a heavily negotiated replacement to <a href="https://econsultancy.com/blog/67144-safe-harbor-2-0-an-update-on-eu-privacy-law/">the invalidated US Safe Harbor Program</a> – recently received a tepid review by the Article 29 Working Party (WP29).</p> <p><img src="https://assets.econsultancy.com/images/0007/4343/safe_harbor.png" alt="" width="351" height="144"></p> <p>The Privacy Shield at the highest level is a mechanism that allows organisations to transfer personal data about EU citizens to companies in the US. </p> <p>It’s needed because the EU, for a host of reasons, has not recognised the US as a country that has “adequate” data protection laws, although the US does in fact heavily regulate data protection through a variety of laws and robust enforcement. </p> <p>But because of this political fact, a negotiated agreement that created a mechanism needed to be put in place, thus the Safe Harbor Program (which became obsolete), and now the Privacy Shield.</p> <p>Although many thought-leaders have concluded that the Privacy Shield provides essentially equivalent levels of data protection as EU law, the WP29 has chosen a more cautious route, one that whilst not rejecting it, also doesn’t endorse it. </p> <p>I anticipate the Privacy Shield will be heavily challenged in the EU courts, but that it will ultimately prevail. </p> <p>Any other result would have a tremendous negative impact on both economies, which no reasonable person could want.</p> <h3>ePrivacy Directive </h3> <p>On the 12<sup>th</sup> April 2016, the European Commission began its comprehensive review of <a href="https://econsultancy.com/reports/the-eu-cookie-law-a-guide-to-compliance/">the ePrivacy Directive</a>. </p> <p>Some call it the cookie law, which requires companies to give notice and get consent before they use any sort of tracking technologies or analytics tools when you visit their sites. </p> <p>The Directive also restricts how telecom providers can treat or move electronic communications. The review aims to close any potential gaps between the ePrivacy Directive and the GDPR.</p> <p>As a stakeholder in the process, I am aware how important it is to get it right. </p> <p>Of concern to me is the separate notice and consent requirement the ePrivacy Directive has from the GDPR. </p> <p>But I am also confident that the distinct transparency requirements between the two laws can be merged so the consumer can be well informed and make meaningful decisions that are best for themselves.</p> tag:www.econsultancy.com,2008:BlogPost/67718 2016-04-14T11:01:52+01:00 2016-04-14T11:01:52+01:00 Key trends in online identity verification (so everybody knows you're a dog) Danny Bluestone <h3>Using our ‘real’ identities online</h3> <p>Online anonymity is waning. A user’s digital behaviour never used to be closely connected across the web, nor did it connect to their offline lives.</p> <p>Technically, there were also fewer plug-and-play solutions like <a href="https://econsultancy.com/blog/61911-the-pros-and-cons-of-a-facebook-login-on-ecommerce-sites/">Facebook Connect</a>, which can follow and connect users’ activities across the Internet. </p> <p>The desire for anonymity hasn’t completely disappeared. But, as the social web has grown, people have become happier to use their ‘real’ identities online. Some social networks are even throwing their influential power behind ‘authentic’ identities to make their platforms more credible and secure.</p> <p>For instance, Twitter issues verified account status to key individuals and brands who are highly sought after. This helps users differentiate and validate if specific accounts are credible. </p> <p>Furthermore, the boundaries between social and commercial websites are blurring. Some users submit real-name <a href="https://econsultancy.com/blog/67117-analysing-amazon-s-palliative-approach-to-fake-reviews/">reviews on Amazon</a> and other ecommerce sites like Etsy, where authenticity can increase sales by generating confidence from customers. </p> <p><em>"<a href="https://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_you%27re_a_dog">On the internet, nobody knows you're a dog</a>"</em></p> <p><img src="https://assets.econsultancy.com/images/0007/3930/dog.jpg" alt="dog" width="500"></p> <h3>The rise of identity verification services</h3> <p>So, identifying people online – and confirming that information against their ‘real’ selves – is becoming increasingly important. </p> <p>Verification is required by a surprising amount of digital businesses: from purchasing products and applying for services, to social networking platforms, where users’ authenticity is built into the experience.</p> <p>It’s consequently no surprise that the technology behind identity verification services is constantly evolving, while balancing two critical, and often competing, factors: security and user experience.</p> <p>Last year alone ecommerce fraud <a title="rose by 19%" href="http://www.infosecurity-magazine.com/news/uk-online-banking-fraud-soars-64/" target="_blank">rose by 19%</a> and online banking losses soared by 64%, compared to 2015. High-profile <a href="https://www.marketingweek.com/2015/10/30/the-talktalk-hack-shows-why-every-brand-must-take-customer-data-seriously/">data breeches at TalkTalk</a> and Sony have made consumers more aware of the security threats.</p> <p>Yet users are still incredibly fickle. They will go elsewhere if the verification stage of a purchase or online account setup is too lengthy or rigid regarding which proofs of identification are acceptable. </p> <p><em>TalkTalk website</em></p> <p><img src="https://assets.econsultancy.com/images/0007/3932/Screen_Shot_2016-04-14_at_10.36.35.png" alt="talktalk" width="615"></p> <h3>Trends in verification solutions</h3> <p>Exposing more personal information about ourselves and revealing our true identities online opens up great opportunities and risks. Organisations must navigate (and mitigate) these for their users.</p> <p>Consequently, a number of solutions have emerged to validate who we are online.</p> <p><strong>Two-Step Verification</strong></p> <p>Creating a username and password to access specific websites is the most familiar online identity system. But, we’ve known it’s a broken process for years. </p> <p>It’s too difficult to create and manage unique, elaborate passwords for each online account we have. And even the idea that a ‘strong password’ can protect us is now a fantasy, with hackers regularly breaking into computer systems and releasing username and password data.</p> <p>Worse than this, plenty of us <a title="daisy-chain accounts" href="http://www.wired.com/2012/11/ff-mat-honan-password-hacker/all/" target="_blank">daisy-chain accounts</a> to our main email address; creating a single point of failure for hackers to exploit, gaining entry to countless more with ease. </p> <p>The most common solution is two-factor authentication: requesting knowledge (such as an alphanumerical ‘secret’) and possession (adding a physical level) for a user to verify themselves. Cash machines were the original implementation of this idea, requiring possession of a physical card and remembering a secret PIN. </p> <p>The trick is establishing a second, physical authenticator that is secure, but doesn’t inconvenience the user.</p> <p>For example, many companies have avoided the delay and cost of issuing unique physical tokens (such as a key fob, or card reader); instead, asking users to add a mobile contact number and enter unique codes sent via SMS. </p> <p><img src="https://assets.econsultancy.com/images/0007/3931/Screen_Shot_2016-04-14_at_10.27.47.png" alt="two step verification" width="615"></p> <p><strong>Biometric Verification</strong></p> <p>Biometric technology can streamline the second step in two-factor authentication. Fingerprint data is the clear favourite, as a particularly elegant solution for unlocking smartphones.</p> <p>Promoted by Apple and Samsung, it requires investment from device manufacturers to install the sensors and secure partners willing to use the channel for purchase, like PayPal. </p> <p>Concerns about storing such sensitive data has been addressed with both companies storing an encrypted mathematical model instead of the fingerprint images. But as a <a title="Mashable hack" href="http://mashable.com/2013/09/25/video-hack-apple-touch-id/#KhNkh0x3zZqo" target="_blank">Mashable hack</a> revealed, people leave copies of their fingerprints everywhere – and lifting a copy can be used to unlock devices. </p> <p><img src="https://assets.econsultancy.com/images/resized/0007/3706/econsultancy-touchid3-blog-flyer.jpg" alt="" width="470" height="265"></p> <p><em>To set up Apple’s TouchID, users repeatedly tap the phone’s sensor so it can map a single fingerprint that will unlock the phone. </em></p> <p>Some businesses are even exploring more outlandish models. Amazon recently filed a patent application for <a title="payment by selfie" href="http://www.independent.co.uk/news/business/news/amazon-files-patent-to-offer-payment-with-a-selfie-a6931861.html" target="_blank">payment by selfie</a>.</p> <p>Preventing fraudsters using a photo to pose as another, the proposed system would involve its own two-step process. One photo would be taken to confirm identity. Users would be asked to subtly adjust their position, then a second photo would ensure their proximity to the device.</p> <p>MasterCard has already trialled facial recognition technology, ensuring users are actually there with a blink instead. 83% of those tested believed it felt secure.</p> <p>The company has even proposed <a title="heartbeat recognition" href="http://www.theverge.com/2016/2/23/11098540/mastercard-facial-recognition-heartbeat-security" target="_blank">heartbeat recognition</a> as an alternative, integrating sensors that can read people’s electrocardiogram, or the unique electrical signal their heart produces.</p> <p> <img src="https://assets.econsultancy.com/images/resized/0007/3695/econsultancy-mastercard-blog-flyer.jpg" alt="" width="470" height="267"></p> <p><em><a title="MasterCard's selfie pay system" href="http://newsroom.mastercard.com/latin-america/photos/mastercard-identity-check-selfie-pay-en-mobile-world-congress/" target="_blank">MasterCard’s selfie pay system</a> was available to test at Mobile World Congress, Barcelona. </em></p> <h3>National service verification</h3> <p>Demand for access to government services online is rising – but verification is particularly critical for national schemes.</p> <p><a title="CitizenSafe" href="https://www.citizensafe.co.uk/" target="_blank">CitizenSafe</a>, one of <a href="https://econsultancy.com/blog/65774-gov-uk-the-government-s-website-is-better-than-yours/">GOV.UK</a>’s certified identity verification providers commissioned a <a title="YouGov survey" href="http://digitalmarketingmagazine.co.uk/digital-marketing-news/govuk-verify-partner-citizensafe-launches-consumer-awareness-campaign-with-cyber-duck/3239" target="_blank">YouGov survey</a> that found 61% of full-time workers (and 64% students) believed online identity verification was the most convenient option for them. </p> <p>Hailed by the UN for providing the world’s best e-Government content, <a title="Estonia's service provision" href="http://www.theatlantic.com/international/archive/2014/01/lessons-from-the-worlds-most-tech-savvy-government/283341/" target="_blank">Estonia’s service provision</a> rests on centralised unique personal identification codes, given at birth. Microchipped ID cards with this code enable users to sign things online and use a range of digital services from online banking to voting.</p> <p>But, such comprehensive nationalised schemes have faced concerns from privacy and civil liberties groups.</p> <p>Instead, countries like the UK and US are adopting a verification approach that checks who the user is against physical sources, such as passports, utility bills or drivers licence. These sources aren’t centrally stored, so no department or individual knows everything about you.</p> <p>Transitioning from public beta to live next month, <a title="GOV.UK Verify" href="https://www.gov.uk/government/publications/introducing-govuk-verify/introducing-govuk-verify" target="_blank">GOV.UK Verify</a> is the UK’s solution to accessing national services easily (yet securely) online. GOV.UK certified a variety of identity verification companies, like CitizenSafe, to verify users’ identities on the Verify portal. </p> <p><img src="https://assets.econsultancy.com/images/resized/0007/3704/govukverify2-blog-flyer.jpg" alt="" width="470" height="255"></p> <p><em><a title="GOV.UK Verify" href="https://identityassurance.blog.gov.uk/2016/04/06/new-certified-companies-now-connected-to-gov-uk-verify/" target="_blank">GOV.UK Verify</a> empowers you to choose from a range of certified companies to verify your identity. </em></p> <p>Users complete the online verification process just once to create an account they can use to quickly and easily access a multitude of government services, such as tax returns, benefits and allowances. </p> <p>Furthermore, two-factor authentication is used when users login to their online account, needing to enter a user ID and password as well as a code sent to a stored phone number.</p> <h3>New data storage solutions</h3> <p>Whatever identification solution is used, a critical question remains around how personal data is stored to safeguard it against hackers.</p> <p>Even if hackers can’t access your credit card details, obtaining your home address, date of birth, contact details and other personal data could give them enough to access, change or use a multitude of your online accounts, posing a serious risk.</p> <p>One of the recent solutions to overcome this issue is blockchain technology. Initially developed as a ledger for bitcoin transactions, blockchain is an incredibly secure distributed database where no single organisation (or individual) holds all information.</p> <p>Blocks of data are added sequentially, embedded using a ‘hash’ of the block just before it. CoinDesk explains how this acts as a <a title="digital version of a wax seal" href="http://www.coindesk.com/information/how-bitcoin-mining-works/" target="_blank">'digital version of a wax seal’</a>, confirming data is legitimate and hardening the chain against tampering and revision.</p> <h3>Summary</h3> <p>Connecting our digital services and activities with our ‘real’ offline identities has significant implications for our safety.</p> <p>Leveraging the myriad of new technologies and systems available, businesses have some choice and must balance the security of user data with providing a seamless service, or users will look elsewhere. </p> <p>Whatever approach you choose, communication with customers throughout their experience is the key. For instance, users may be reluctant to give you their mobile number during an <a href="https://econsultancy.com/blog/64385-how-to-attract-registrations-without-creating-a-barrier-to-checkout/">online sign-up</a> if you don’t explain that it’s for a two-step identity verification process that will protect their identities.</p> <p>Carefully considered communication, on the other hand, is likely to make users tolerate a slightly more elaborate on-boarding process in the interest of keeping their data safe.</p> tag:www.econsultancy.com,2008:BlogPost/67668 2016-04-04T14:25:51+01:00 2016-04-04T14:25:51+01:00 Data can be toxic, here's how companies should handle it Patricio Robles <p>Schneier <a href="https://www.schneier.com/blog/archives/2016/03/data_is_a_toxic.html">blames</a> the "hype cycle of big data" on the risks that have been created...</p> <blockquote> <p>Companies and governments are still punch-drunk on data, and have believed the wildest of promises on how valuable that data is.</p> <p>The research showing that more data isn't necessarily better, and that there are serious diminishing returns when adding additional data to processes like personalized advertising, is just starting to come out.</p> </blockquote> <p>He also points out that many companies underestimate the risks and impacts of data breaches and overestimate their ability to mitigate against them.</p> <p>And in some cases, Schneier believes, companies choose to take unreasonable risks with data because they're encouraged to.</p> <p>"The culture of venture-capital-funded startup companies is one of extreme risk taking," he argues.</p> <blockquote> <p>[These companies] are so far from profitability that their only hope for surviving is to get even more money, which means they need to demonstrate rapid growth or increasing value.</p> <p>This motivates those companies to take risks that larger, more established, companies would never take. They might take extreme chances with our data, even flout regulations, because they literally have nothing to lose.</p> </blockquote> <h3>Realistic versus unrealistic solutions</h3> <p>Not surprisingly, as a security expert and privacy advocate, Schneier wants greater regulation of data "collection, storage, use, resale and disposal" and even suggests that certain business practices that involve "surveilling people" be made illegal.</p> <p>Ostensibly, this includes much of the activities associated with digital advertising.</p> <p>While greater regulation around data is indeed likely given the growing number of costly breaches, it's highly unlikely that large swaths of the big data economy will be rendered illegal.</p> <p>Even so, companies shouldn't ignore Schneier's arguments.</p> <p>Data is digital black gold and it's similar to the black gold that comes out of the ground. That black gold, when controlled, fuels the industrial economy, but when spilled, is the source of environmental disaster.</p> <p>Likewise, digital black gold <a href="https://econsultancy.com/blog/67674-what-are-first-second-and-third-party-data/">fuels the internet economy</a>, but can also be the source of disaster when it leaks.</p> <h3>What companies should do</h3> <p>So what should companies do to avoid disaster? Here are several suggestions.</p> <h4>1. Develop a data strategy</h4> <p>In most cases, companies aren't collecting more and more data because storing it is so cheap. Many are storing all the data they can get their hands on because they don't have <a href="https://econsultancy.com/blog/67296-how-to-create-a-clear-data-strategy-for-your-business/">a data strategy</a>.</p> <p>Without a strategy, decision makers will favor storing any and all data in the hope that they might develop a use for it later on.</p> <p>In reality, "we don't know if we'll need it therefore we'll keep it" is typically a poor excuse for data collection and retention, the result of laziness and not true lack of knowledge.</p> <h4>2. Develop data acquisition and retention policies</h4> <p>With a data strategy in place, companies can create sensible data acquisition and retention policies.</p> <p>Such policies can ensure that they have the data they need to meet business goals while reducing the risk that they're storing data that they don't need, or storing data in ways that are unnecessarily risky.</p> <h4>3. Treat data differently</h4> <p>Sensible data and retention policies will inherently reflect the fact that data differs in nature.</p> <p>For example, data that contains personally identifiable information (PII) isn't the same as data that doesn't contain PII, and should be handled and stored differently as a result. </p> <h4>4. Embrace compliance and risk management</h4> <p>Certain types of data are already subject to regulation.</p> <p>For instance, in the US, some health information is protected by <a href="https://econsultancy.com/blog/67498-digital-media-vs-hipaa-violations-risking-your-reputation-in-healthcare/">Health Insurance Portability and Accountability Act (HIPAA) rules</a>.</p> <p>Companies subject to these rules should see compliance as an opportunity to ensure that they're taking all the steps they can to secure their data.</p> <p>Even companies that aren't subject to government regulation have the opportunity to embrace data security through risk management.</p> <p>It's now possible to acquire data breach insurance, and companies that opt to do so can use the process as a means to implement data security best practices.</p> tag:www.econsultancy.com,2008:BlogPost/67593 2016-03-01T09:49:40+00:00 2016-03-01T09:49:40+00:00 General Data Protection Regulation (GDPR): what we know & what's coming next Jack Simpson <p>The talks came from Christopher Graham and Baroness Neville-Rolfe, the former being the UK’s Information Commissioner and the latter the Parliamentary Under-Secretary of State for the Department for Business, Innovation and Skills.</p> <p>They are arguably two of the UK’s most knowledgeable people on the subject of data privacy, so I thought it would be useful to cover some of the key points from their talks.</p> <h3>The government is waging war on nuisance calls</h3> <p>A huge driver of this reformed legislation is the ever-present onslaught of nuisance telemarketing calls, particularly to the more vulnerable in society who rely on a landline phone. </p> <p>“We should not dismiss (nuisance calls) as an unfortunate by-product of the rapid growth of data in marketing,” says Neville-Rolfe. </p> <p>It is a form of harassment, she argues, citing one case in which a vulnerable woman whose landline phone was her only means of communication was left isolated and close to suicide following a barrage of intimidating telemarketing calls. </p> <p>It was this incident that actually led to the recent expose on charity fundraising practices. </p> <p><strong><em>Baroness Neville-Rolfe</em></strong></p> <p><img src="https://assets.econsultancy.com/images/0007/2477/Screen_Shot_2016-02-29_at_15.26.18.png" alt="baroness neville-rolfe" width="630"></p> <p>Neville-Rolfe insists the government is not trying to undermine legitimate fundraising or telemarketing activity. But the action of a minority, she says, are tarnishing the reputation of the majority. </p> <p>The worst offender, a burglar alarm firm called Direct Security Marketing Ltd, made almost 40,000 calls a day between January and February this year, 10,000 of which were made between one and six in the morning. </p> <h3>Lots of firms have already been fined for breaching data laws</h3> <p>The firm mentioned above was fined £70,000 by the Information Commissioner's Office (ICO), which has issued £2.5m in fines since January 2012.</p> <p>In the week before this event alone it dished out £150,000 in penalties, and it expects to raise a further £1m before the end of the financial year. 

</p> <h3>But the fines are about to get MUCH bigger</h3> <p>Currently the ICO has the power to enforce penalties of up to £0.5m for nuisance marketers, but that figure is about to increase substantially. </p> <p>While the exact figure is still to be confirmed, Graham says by summer 2018 it looks as if the ICO will be able to impose fines of up to €20m or 4% of global turnover, whichever is the higher figure. </p> <p>He describes the new penalty cap as "eye-watering", adding:</p> <blockquote> <p>It’s very important we remain a proportionate regulator, but the sky is the limit in terms of enforcement powers. People need to sit up and take notice.</p> </blockquote> <p><em><strong>Christopher Graham</strong></em></p> <p><img src="https://assets.econsultancy.com/images/0007/2478/Screen_Shot_2016-02-29_at_15.27.04.png" alt="Christopher Graham" width="630" height="642"></p> <p>Despite the potential new powers for bigger fines, Graham is a firm believer that consumer behaviour trumps any kind of financial penalty when it comes to influencing shady marketing practice. </p> <p>“You can make a quick buck,” he says, “but at the cost of damage to your reputation. The time and money it takes to rebuild confidence after a data breach can be as severe as any fine.”</p> <p>He argues that with greater opportunities in data come increased risks.</p> <blockquote> <p>We used to think of data as the new oil, but it can also be the new asbestos. You have to manage the risks if you want to take advantage of the opportunities.</p> </blockquote> <h3>It’s not just about punishing wrong-doers</h3> <p>Graham insists that the ICO is not just interested in dishing out fines and acting the bad cop, but rather hopes to use what he refers to as the ‘proportional positive partnership approach’.</p> <p>He says the ICO’s mantra revolves around five Es:</p> <ul> <li> <strong>Enforcement</strong> – catching and fining those who break the law.</li> <li> <strong>Education</strong> – showing people what good practice looks like.</li> <li> <strong>Empowerment</strong> – giving citizens the power to assert their rights under the data protection act. </li> <li> <strong>Enablement</strong> – unlocking the power of digital in the economy while respecting people’s privacy and rights.</li> <li> <strong>Engagement</strong> – working with business and the technical world to make sure we get the best from the digital economy.</li> </ul> <h3>The impact of a ‘leave’ vote in the EU remains unclear</h3> <p>The obvious question of the day was around the EU referendum, specifically how a ‘leave’ vote might impact on these new EU-wide regulations.</p> <p>As you can probably imagine, the answers were somewhat politician-like. The general message was along the lines of: ‘We’re not sure what will happen but we can’t afford to waste four months of work waiting to find out.’</p> <p>In other words: they’ll cross that bridge if and when they come to it. </p> <p><img src="https://assets.econsultancy.com/images/0007/2479/Screen_Shot_2016-02-29_at_15.28.00.png" alt="Christopher Graham and Baroness Neville-Rolfe" width="630"></p> <h3>Marketers are urged to "get it right now"</h3> <p>Despite the new regulations not coming into force until 2018, not to mention the fact they won’t even be fully agreed between EU countries until probably June or July, Graham urges marketers to start thinking about <a href="https://econsultancy.com/blog/67588-the-five-point-plan-for-data-privacy-business">data privacy</a> now, not just to stay within the law but to follow best practice. </p> <p>“Lawyers and translators are poring over text,” Graham says. “We’re working hard to make sure our organisation is ready to be an effective partner and give advice very early on.”</p> <p>Graham ended by saying:</p> <blockquote> <p>At its core, data protection is about simple things: respect, trust, integrity, and professionalism.</p> </blockquote> <p><em>To learn more about data privacy in the marketing world, download our report: <a href="https://econsultancy.com/reports/value-exchange-from-data">Value Exchange From Data Exchange</a>.</em></p> tag:www.econsultancy.com,2008:BlogPost/67588 2016-02-29T11:33:20+00:00 2016-02-29T11:33:20+00:00 The five-point plan for data privacy & business Jack Simpson <p>Introducing the talk was Facebook’s privacy policy manager Sinead Connolly, who talked about how the narrative around data has changed in the last year and become much more negative. </p> <p>It is easy to see why that is when you consider the enormous amount of (rarely positive) press around data privacy, not to mention the horrendous abuse people suffer from telemarketing companies. </p> <p>People are growing wise to their data and how it is being bought and sold, and they are starting to resist it.</p> <p>Hence the rise of sites like <a href="https://econsultancy.com/blog/67501-14-reasons-you-really-shouldn-t-ignore-duckduckgo/">DuckDuckGo</a> or the increasing use of ad blockers. </p> <p>Brandt believes that all is not lost, however, and highlighted five key focus points that could help brands rebuild trust with consumers around data and ensure the future success of this increasingly data-driven economy. </p> <p>Those five key points are:</p> <ol> <li>Collaboration</li> <li>Value exchange</li> <li>Control and cognitive load</li> <li>Transparency, education and data literacy</li> <li>Industry leadership</li> </ol> <p><strong><em>Liz Brandt</em></strong></p> <p><img src="https://assets.econsultancy.com/images/0007/2419/Screen_Shot_2016-02-26_at_16.34.31.png" alt="liz brandt ctrl-shift " width="600"></p> <p>Let’s go into those points in a bit more detail...</p> <h3>1. Collaboration</h3> <p>“Seeing regulation and the market as opposing forces is short-sighted,” Brandt says. </p> <p>A fair point perhaps, but it’s easy to see why the relationship between government regulators and private businesses is somewhat tepid. </p> <p>Having worked in a couple of frequently audited firms in my time I’ve seen first-hand how frustrating it can be to have to jump through hoops just to get the right tick on an inspector’s piece of paper. </p> <p>It’s extremely time consuming, and so brands are programmed to respond cautiously to government prying. As Brandt puts it: “They say no until they’re forced to say yes.”</p> <p>But that relationship needs to change, Brandt argues, if we want to overcome all the challenges around data and privacy.</p> <p>Business needs to forget the old way, change its relationship with government and start collaborating. </p> <h3>2. Value exchange</h3> <p>This is one so few companies seem to get. If you’re asking somebody to provide their data – quite a big ask when you really think about it – what are you really giving them in return?</p> <p>In his earlier talk, DMA Group CEO Chris Combemale cited a fairly alarming stat that only 7% of consumers believe they get better value than the brand in question when they share their data. </p> <p>It’s all take take take, as far as the consumer is concerned. </p> <p><a href="https://econsultancy.com/reports/value-exchange-from-data/">Research by Econsultancy and Acxiom</a> shows that, at the very least, consumers expect improved customer service in exchange for data.</p> <p>For example, respondents felt that companies should only ask for their personal information once, and should use that data to provide personalised service.</p> <p><strong><em>Q: To what extent do you expect the following as a result of providing personal information?</em></strong></p> <p><img src="https://assets.econsultancy.com/images/0007/2434/to_what_extent.png" alt="" width="636" height="461"></p> <p>Whether that’s a perception issue or a reflection of reality doesn’t matter, because the end result is the same: consumers having a lack of trust in brands when it comes to sharing their data. </p> <p>Combemale also mentioned a 4OD video campaign starring Alan Carr that aimed to rebuild trust in consumers, and it’s a great example of transparency around collecting data. </p> <p><a href="http://www.channel4.com/4viewers/viewer-promise/ourpromise"><img src="https://assets.econsultancy.com/images/0007/2423/Screen_Shot_2016-02-26_at_16.43.47.png" alt="channel 4 our promise data trust video" width="600"></a></p> <p>If you don’t have the time nor capacity to watch the video, it effectively says: ‘Look, we get you’re worried about giving us your data, but all we want to do is personalise your experience and make sure we give you the best service possible. We won’t sell it or show it to anyone else, we won’t send you marketing guff, it’s all for your own good.’</p> <p>A compelling message. The only thing I would add, however, is that if you make these types of claims you better make damn sure you follow up on them.</p> <p>Not doing so would almost certainly destroy any chance of trust you have in future.</p> <p>The point of all this is: consumers need to feel like they’re getting something of genuine value in return for providing their data. </p> <p>And if they’re not, perhaps you need to rethink your business model. </p> <h3>3. Control and cognitive load</h3> <p>This one is all about how to keep control over data while simultaneously reducing the amount of time and effort you spend on that control. </p> <p>Brandt discussed services that exist now where firms control where consumers’ data goes on their behalf. She mentioned Saveawatt in New Zealand, a company that takes people’s data and uses it to find the best electricity deals for them. </p> <p>But it all comes down to trust again, Brandt argues. And without that trust you are bever going to persuade people to hand their data over without a fight. </p> <p>Brandt referred to the fact that Google Compare recently closed down – arguably caused by people’s growing disillusionment with how Google handles consumer data – while Cheap Energy Club has more than 2m users. </p> <p>Trust, as with anything in the world of consumer data these days, is critical. </p> <h3>4. Transparency, education and data literacy</h3> <p>Key to building trust around consumer data is transparency, but also education. </p> <p>
Looking back to that 4OD video, it states, in a not entirely patronising way, exactly what is going to happen to people’s data once they hand it over. </p> <p>Clearly 4OD is being transparent, but it’s also educating customers, many of whom probably had no idea what really happened to their data and some of whom might have assumed something sinister happened to it. </p> <p>The point is: don’t just assume that consumers are aware of what you’re doing with their data. Tell them explicitly what you’re going to do with it and tell them up-front before they agree to hand it over. </p> <p>Again, if you’re not comfortable doing that then perhaps you need to re-think what you’re doing with your customers’ details. </p> <p>Then there’s data literacy. It is an increasingly broad and technical field, one which most people couldn’t hope to understand from top to bottom. </p> <p>But as a society – government, businesses, individuals – we need to work together to improve data literacy in general. Once everyone understands data better they will naturally become less distrusting. </p> <p>Fear of the unknown is a powerful thing. </p> <h3>5. Industry leadership</h3> <p>“We must be looking to industry to lead,” Brandt says. “There is so much it can do.”</p> <p>Brandt talked about the UX world and how UX designers are all linked in a global network, which means new developments are quickly adopted as best practice across the board. </p> <p>This is a good thing, but it can also be a bad thing, she argues, citing an example of airline companies including a tick-box to opt out of insurance within a scrolling list of countries, whereby users have to scroll through the list to actually spot it. </p> <p>
That’s bad UX and bad from a consumer trust point of view. </p> <p>"Corporates need to set the agenda," Brandt says. </p> <blockquote> <p>What we’re hearing overall is a big, big, big leadership gap. Corporates need to stand up and start showing the way forward.</p> </blockquote> <p>The issues within the growing data economy affect everyone, and if business leaders don’t take action now then the next few years will be much more painful than they need to be. </p> tag:www.econsultancy.com,2008:BlogPost/67557 2016-02-25T10:38:40+00:00 2016-02-25T10:38:40+00:00 Three is right to declare war on ‘irrelevant and excessive mobile ads’ Jack Simpson <p>In this post I’m going to cover what Three is actually doing, why it is doing it, and what the potential implications might be. </p> <h3>What is Three doing?</h3> <p>

Three has teamed up with Shine Technologies, whose self-professed goal is ‘to protect consumers from AdTech.’</p> <p>Shine owns the network-level ad blocking tech that Three will be using, and Three is its first European customer.</p> <p><img src="https://assets.econsultancy.com/images/0007/2192/Screen_Shot_2016-02-22_at_11.18.46.png" alt="Three mobile ad blocking deal with Shine Technologies" width="700"></p> <p>We don’t know the full details yet of how the tech will work and what the options will be for consumers and advertisers, but Three says it will announce full details in the coming months. </p> <p>It has stated that it ‘will work with Shine Technologies and the advertising community to deliver "a better, more targeted and more transparent mobile ad experience to customers."</p> <p>So it seems this is less about blanket ad blocking and more about bringing all parties together to improve the overall user experience for Three customers, but in a way that works for everyone. </p> <h3>Why?</h3> <p>In <a href="http://www.threemediacentre.co.uk/news/2016/shine-announcement.aspx%20">a recent statement</a> titled ‘Three Group to tackle excessive and irrelevant mobile ads’, the network stressed that its objective is not to eliminate mobile ads altogether but to give customers ‘more control, choice and greater transparency over what they receive.’</p> <p>The statement outlined three key goals:</p> <ol> <li>Customers should not pay data charges to receive ads. </li> <li>Customers’ privacy and security must be fully protected.</li> <li>Customers should be entitled to receive ads that are relevant and interesting to them.</li> </ol> <p>On that first point, <a href="https://www.marketingweek.com/2016/02/19/marketers-must-shape-up-says-three-as-it-outlines-plans-for-mobile-ad-blocking/">Three UK CMO Tom Malleschitz told Marketing Week</a> that ads currently account for around 20% of data usage. </p> <p>The idea that a fifth of people’s data allowance is being eaten up by ads they never asked for, and that they are effectively paying for the privilege of seeing, is quite alarming. </p> <p>But points two and three are just as important. Consumer privacy and security is a hot topic, as evidenced by the rise of sites like <a href="https://econsultancy.com/blog/67501-14-reasons-you-really-shouldn-t-ignore-duckduckgo">DuckDuckGo</a>. </p> <p>People are likely to react positively to any move from a network provider that aims to increase their privacy rather than hand more of their information over to marketers. </p> <p>But the third point is, in my opinion, the most important of all.</p> <p>An outright admittance, from a household name known for large and elaborate marketing campaigns, that online ads are out of control and unacceptably obtrusive. </p> <p>As Malleschitz <a href="http://www.marketingweek.com/2016/02/19/marketers-must-shape-up-says-three-as-it-outlines-plans-for-mobile-ad-blocking/">told Marketing Week</a>:</p> <blockquote> <p>From a marketing and CMO angle, I believe mobile ads are pretty annoying right now. This is absolutely a push from Three to get advertisers to shape up.</p> </blockquote> <h3>What will happen as a result?</h3> <p>If people on Twitter are to be believed, the entire publishing industry will implode and journalists might as well start looking for a new career. </p> <blockquote class="twitter-tweet"> <p lang="en" dir="ltr">Journalism is screwed #381: Three to impose ad blocking software on its network as standard. <a href="https://t.co/HCav5s2QlF">https://t.co/HCav5s2QlF</a> <a href="https://t.co/X6iaMrvrwh">pic.twitter.com/X6iaMrvrwh</a></p> — Jim Waterson (@jimwaterson) <a href="https://twitter.com/jimwaterson/status/700439509700366336">February 18, 2016</a> </blockquote> <p>Some were just downright pissed off...</p> <blockquote class="twitter-tweet"> <p lang="en" dir="ltr">Did you actually send me a press release about how you're helping people block ads, thereby killing the the site you want to write about it</p> — Holly Brockwell (@holly) <a href="https://twitter.com/holly/status/700716032378347520">February 19, 2016</a> </blockquote> <p>While others seem to think Three will fall foul of net neutrality laws...</p> <blockquote class="twitter-tweet"> <p lang="en" dir="ltr">You don't have to like ads to realize that ad-blocking at the ISP level is a flagrant violation of net neutrality. <a href="https://t.co/mwuYaWIdsQ">https://t.co/mwuYaWIdsQ</a></p> — Dan Gillmor (@dangillmor) <a href="https://twitter.com/dangillmor/status/700780981070860288">February 19, 2016</a> </blockquote> <blockquote class="twitter-tweet"> <p lang="en" dir="ltr">Three's network-level ad-blocking rollout will be massively illegal under net neutrality law, right?</p> — David Meyer (@superglaze) <a href="https://twitter.com/superglaze/status/700616813965668352">February 19, 2016</a> </blockquote> <p>All of this is just speculation at this point, of course, but there are a couple of other points that I think are worth mentioning:</p> <p><strong>1. Better mobile ads</strong></p> <p>Hopefully the quality of ads will improve in the long run. </p> <p>At the risk of having rotten fruit thrown at me by advertising types (one called me a ‘nimrod’ <a href="https://econsultancy.com/blog/66650-how-do-you-solve-a-problem-like-ad-blocking">last time I made this point</a>), you can’t just keep putting out crap ads and expect people not to block them. </p> <p>Something’s ruining my online experience and I have the option to remove it? Yeah, that’s not a difficult decision. </p> <p>And I don’t use ad blocking lightly, because I understand the potential implications it has for ‘free’ online content. But sometimes enough is enough.</p> <p>Hopefully this move will encourage advertisers to focus on UX when it comes to producing mobile ads, something that has traditionally been ignored across all platforms.  </p> <p><strong>2. The end of free content?</strong></p> <p>Of course with any big changes there is always going to be a certain degree of fear-mongering, and whether it is justified remains to be seen. </p> <p>The Internet Advertising Bureau (IAB) has warned that blocking ads could lead to the end of ‘free’ content. </p> <p>In a recent statement it said:</p> <blockquote> <p>The IAB believes that an ad-funded internet is essential in providing revenue to publishers so they can continue to make their content, services and applications widely available at little, or no cost.</p> <p>We believe ad-blocking undermines this approach and could mean consumers have to pay for content they currently get for free.</p> </blockquote> <p>Personally I don’t buy the idea that ad blocking will lead to the end of ‘free’ content. We’ve come too far. The majority of people simply won’t go back to paying for content online. </p> <p>If mainstream publishers start putting paywalls on their content, all that will happen is audiences will become increasingly fragmented and turn to smaller news outlets and blogs to get their information. </p> <p>Or the sites that have already mastered <a href="https://econsultancy.com/blog/67044-is-native-advertising-the-answer-to-ad-blocking">native content</a> and developed alternative revenue streams will thrive. </p> <p>The idea that all ‘free’ content will come to an end just because a number of publishers failed to see ad blocking coming and didn’t adapt is frankly implausible. </p> <h3>Do you agree with Three’s decision?</h3> <p>As a digital marketer, do you think Three is right to take these steps, or do you think it could be potentially harmful to brands and publishers?</p> <p>Personally I see the move as a positive, but let me know your thoughts in the comments below.</p> tag:www.econsultancy.com,2008:BlogPost/67540 2016-02-18T10:50:58+00:00 2016-02-18T10:50:58+00:00 What is the EU General Data Protection Regulation (GDPR) & why should you care? Nick Stringer <p>However, the next few years will see a ‘sea-change’ in privacy and data protection law: organisations face a new privacy challenge.</p> <h3><strong>Enter the EU General Data Protection Regulation (GDPR)</strong></h3> <p>Having just got used to the changes brought in by the <a href="http://www.iabuk.net/policy/briefings/updated-iab-factsheet-july-2015-the-revised-eprivacy-directive" target="_blank">revised ePrivacy Directive</a> (the so-called ‘<a href="https://econsultancy.com/reports/the-eu-cookie-law-a-guide-to-compliance/">cookie law</a>’) - replacing the ‘notice and opt out’ provisions for the use of cookies and other technologies to one based upon ‘consent’ - European policy-makers have agreed an update to the existing data protection legal framework dating back to 1995 (in the UK, the 1998 Data Protection Act).</p> <p>Known as the <a href="http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm" target="_blank">EU General Data Protection Regulation (GDPR)</a>, it is expected to be formally agreed in the coming months although won’t actually come into force until mid-2018.</p> <p>However, after nearly four years of debate and discussion in Brussels, it introduces new aspects that will require a different approach.</p> <p>It won’t overhaul existing data protection law completely but organisations need to sit up and take note now.</p> <h3><strong>So what’s new? </strong></h3> <p>There has been a wide range of debate about the new regulation: Will it place too many restrictions on the use of data? How will the ‘open’ internet fare? Is it a ‘milestone’ for the digital world?</p> <p>The devil is in the 200+ pages of text, but there are four specific changes to be aware of now:</p> <p><strong>1. It aims to deliver 'one law across one continent’.</strong></p> <p>In updating the existing framework, the policy-makers in Brussels wanted to take into account the world we live in today where vast amounts of digital information are collected, exchanged and used every second.</p> <p>They also sought to recognise that this world is global. To this extent, the new law is what is known as a ‘Regulation’.</p> <p>So, unlike the ‘cookie law', it will apply consistently across EU markets. However, in reality, many aspects are devolved to national jurisdictions.</p> <p><strong>2. It’s scope is broad. </strong></p> <p>The drafters will argue otherwise. But, with a few exceptions, all data is now ‘personal’ whether it directly identifies an individual or not.</p> <p>Therefore, in practice, a lot more data is swept up in the regulatory net.</p> <p><strong>3. The new law’s influence stretches beyond European shores in an attempt to recognise the global nature of data. </strong></p> <p>If an organisation is processing personal data about a person who is in the EU then the rules will apply regardless of where the organisation is located. </p> <p><strong>4. The penalties for a breach have been ramped up. </strong></p> <p>For serious violations the fine is €20m or 4% of annual global turnover, whichever is higher.</p> <h3><strong>A need for consistent &amp; practical EU-wide guidance</strong></h3> <p>The political necessity to find an agreement in Brussels before Christmas contributed to many aspects of ambiguity in the final text.</p> <p>But we should be used to this from policy-makers by now and, while organisations seek legal clarity, this may not be such a bad thing given what was on the table six months ago.</p> <p>While the Regulation will be done and dusted by the middle of this year, there will be a need for consistent and practical guidance across Europe, particularly on areas such as ‘consent'.</p> <p><a href="https://assets.econsultancy.com/images/resized/0007/2056/cookie_law-blog-flyer.jpg"><img src="https://assets.econsultancy.com/images/resized/0007/2056/cookie_law-blog-flyer.jpg" alt="" width="470" height="353"></a></p> <p>Working with industry, Data Protection Authorities (DPAs), such as the UK Information Commissioner’s Office (ICO), need to produce consistent EU guidance to help deliver practical, realistic and creative ways of achieving compliance.</p> <p>The experience of the ‘cookie’ law illustrates only too well that we require something that actually works for users: improving their control without interrupting their experience.</p> <h3><strong>What about the Cookie Law? </strong></h3> <p>The revised ePrivacy Directive stays in force for now.</p> <p>However, it will need to eventually align (specifically Article 5.3 regarding cookies, etc.) with the new Regulation to ensure organisations do not face ‘double-regulation'.</p> <p>There are many different views on its future and work is already underway to review it in Brussels.</p> <h3><strong>Next steps</strong></h3> <p>It is clear is that, in the next few years, the data protection and privacy landscape is going to change.</p> <p>The ICO, the UK body that will enforce the new law, has already kicked off its implementation process and it will soon have a new section of its site dedicated to this.</p> <p>It is worth organisations following this and the ICO’s updates. Those businesses and organisations that get out in front are likely to gain the advantage.</p> tag:www.econsultancy.com,2008:BlogPost/67501 2016-02-09T11:29:00+00:00 2016-02-09T11:29:00+00:00 14 reasons you really shouldn't ignore DuckDuckGo Jack Simpson <p>Because an increasing chunk of your target audience may well be heading to DDG in the coming years.</p> <p>Don’t believe me? Rand Fishkin of Moz fame said it will be <strong>"the fastest growing search engine of 2016."</strong></p> <p>If you’re still not convinced, here are some enlightening stats about DDG that might make you pay attention. </p> <h3>1) It averages 10m queries a day</h3> <p>According to <a href="https://duckduckgo.com/traffic.html">its own traffic stats</a>, DDG averages around 10m queries a day.</p> <p><img src="https://assets.econsultancy.com/images/0007/1567/Screen_Shot_2016-02-08_at_15.48.19.png" alt="DuckDuckGo traffic stats" width="500"></p> <p>This might not be up there with the likes of Google, but it means DDG is definitely a significant player in the search market. </p> <h3>2) 12m queries in a single day last December</h3> <p>While average search queries are at 10m, DDG managed a 12m-query day back in December. </p> <h3>3) 350m queries last month</h3> <p>DDG achieved an impressive 350m search queries for December 2015.</p> <h3>4) 3.41bn queries last year</h3> <p>For the whole of 2015, DDG achieved 3.41bn search queries. </p> <p>Again, this might not seem much next to Google, but for a relatively young search engine it’s pretty significant. </p> <h3>5) 73% growth in 2015 </h3> <p>Part of the reason these numbers are so significant is the pace at which DDG is growing. </p> <p>The 3.41bn 2015 number was up from 1.97bn in 2014 – a 73% YoY increase in search queries.</p> <h3>6) 22% increase in traffic from January to December 2015</h3> <p>Over the course of 2015, DDG’s monthly traffic grew by 22%.</p> <p>In December the site had 108m visits. </p> <p><img src="https://assets.econsultancy.com/images/0007/1568/Screen_Shot_2016-02-08_at_16.52.55.png" alt="DuckDuckGo traffic stats" width="500"></p> <h3>7) Tech fans love it</h3> <p>DDG users show a strong affinity toward tech news sites, according to <a href="http://www.similarweb.com/blog/duckduckgo-users%20%20">a report by SimilarWeb</a>.</p> <p>Comparatively, Bing users show affinity to typical websites you would expect of average internet browser (<a href="https://econsultancy.com/blog/67058-marketing-on-reddit-a-potential-goldmine-or-a-fool-s-errand">Reddit</a>, Amazon, Google, etc). </p> <h3>8) Average bounce rate is 31%</h3> <p>The average bounce rate for DDG users is 31%, according to the same SimilarWeb report. </p> <p>This is significantly better than Bing users’ average bounce rate of 43%.</p> <p><img src="https://assets.econsultancy.com/images/0007/1569/Screen_Shot_2016-02-08_at_15.58.11.png" alt="duckduckgo bounce rate stats" width="500"></p> <h3>9) Average time on site is 9.5 minutes</h3> <p>DDG users spend an average of 9.5 minutes on sites they visit through the search engine. </p> <p>By contrast, Bing users spend an average of just 7.5 minutes on each site. </p> <p><img src="https://assets.econsultancy.com/images/0007/1570/Screen_Shot_2016-02-08_at_15.59.03.png" alt="duckduckgo time on site stats" width="500"></p> <h3>10) It offers people what Google can’t (and won’t): true privacy</h3> <p>This infographic from Tech.co and Optilocal has a pretty good run-down of the privacy differences between DDG and Google, along with a load of other interesting facts and stats.</p> <p><em>Click to see the full version</em></p> <p><a href="http://tech.co/private-browsing-duckduckgo-vs-google-2015-03"><img src="https://assets.econsultancy.com/images/0007/1572/Screen_Shot_2016-02-09_at_10.45.48.png" alt="duckduckgo vs. google infographic" width="600"></a></p> <h3>11) It does other things that Google can’t</h3> <p>But privacy is just one <a href="http://gadgets.ndtv.com/internet/features/12-things-duckduckgo-can-do-that-google-cant-596526%20">feature DDG has over Google</a>. </p> <p>DDG also offers functions such as the ability to view someone’s social media profile without leaving the search engine, the ability to easily expand shortened links or check whether websites are down, and there’s even a password generator. </p> <p>These little <a href="https://econsultancy.com/blog/66731-25-excellent-ux-examples-from-ecommerce-sites">UX tweaks</a> could be key to DDG attracting an increasing number of users away from Google, not just relying on the privacy issue but actually providing an even better user experience.  </p> <h3>12) It’s the default search engine in the new Adblock Browser for mobile</h3> <p><a href="https://econsultancy.com/blog/67019-12-alarming-ad-blocking-stats-that-reveal-the-size-of-the-problem">Ad blockers</a> are here to stay. Let’s not kid ourselves about that. And there’s the old saying: ‘if you can’t beat them, join them.’</p> <p>If DDG is the default search engine for arguably the most popular ad blocking app of them all, brands should take that very seriously. </p> <p>Failure to optimise for DDG on mobile could lead to brands missing out on an increasingly large mobile ad blocking audience.  </p> <h3>13) It has signed the Acceptable Ads Manifesto</h3> <p>This one is less about ad blocking but more about a clear commitment to creating a user experience that benefits people rather than brands. </p> <p>The Acceptable Ads Manifesto was created by Adblock Plus as a way to encourage brands to stop ruining the online user experience with crappy ads like the ones in the screenshot below. </p> <p><img src="https://assets.econsultancy.com/images/0006/4701/Screen_Shot_2015-07-01_at_11.24.40.png" alt="Annoying display ads" width="600"></p> <p>Here are the key points of the manifesto:</p> <p><img src="https://assets.econsultancy.com/images/0007/1571/Screen_Shot_2016-02-09_at_10.22.11.png" alt="acceptable ads menifesto key points" width="600"></p> <p>It might be a PR move  - in fact it almost certainly is – but it also suggests DDG is taking UX seriously and this can only have a positive impact on people wanting to use it. </p> <h3>14) It makes money without tracking people</h3> <p>In short: DDG is not going anywhere. It isn’t just a political flash in the pan. It is a profitable business. </p> <p>In an ask-me-anything session on YCombinator’s Hacker News site last year, founder and CEO Gabriell Weinberg said:  </p> <blockquote> <p>DuckDuckGo is actually profitable. It is a myth you need to track people to make money in Web search.</p> <p>Most of the money is still made without tracking people by showing you ads based on your keyword, i.e. type in car and get a car ad. These ads are lucrative because people have buying intent. </p> <p>All that tracking is for the rest of the Internet without this search intent, and that’s why you’re tracked across the Internet with those same ads. </p> </blockquote> <p><em>I will be writing a post about how to optimise for DDG in the near future, so keep your eyes peeled!</em></p>