Consumer Privacy Attitudes: A 2015 Update

Back in 2013, my colleague Anjali Lai and I wondered how the "summer of Snowden" was affecting consumer attitudes about privacy. So, we fielded a survey and ran some qualitative analysis in our ConsumerVoices Market Research Online Community. A year later, we used that historical data, combined with Consumer Technographics and social listening data to see how perception and behavior were changing. It was a fascinating study

Fast forward another year: it's now pre-pre-primary season in the US, and candidates are talking about privacy and personal data protection. There have been three more major data breaches affecting millions of Americans. The adblocking debate is at fever pitch, while Internet giants make privacy a point of differentiation. Obviously, we decide to run our study a third time. And this time, we incorporate (opted-in, permission-based) data from our Consumer Technographics Behavioral Study.

Our findings? Consumers are more willing than ever to 1) walk away from your business if you fail to protect their data and privacy; 2) adopt technologies like tracker-blockers and VPNs to limit their exposure to data misuse; and 3) extend their protective actions to the physical realm. 

And the real kicker is that, if you're one of the marketers who's been counting on Millennials who "don't care" about their online privacy, you're going to be waiting a long time.

Read more

Get Your Privacy House In Order, or 2016 Will Hit Your Business Hard

Now that we’re firmly settled in the Age of the Customer, it’s time to take stock of the factors that are really going to drive business success -- or failure -- over the next few years. At Forrester, we’re betting our hats that privacy will be one a big one. In fact, we think that privacy is integral to each one of the 10 success factors in 2016.

Read more

Privacy & Personalization: two globally important initiatives, one tremendous opportunity

I'm just back from two weeks in Hong Kong, where I'd been invited to give a keynote at the 10th anniversary conference of the Business Information Industry Association. Since I was there, I took the time to meet with some fantastic Forrester clients in industries ranging from travel to insurance to retail to consulting. In nearly every discussion, whether I was speaking to a BT or a marketing exec, we eventually got to the topic of the "privacy-personalization paradox."

This is an issue I've explored extensively, and have written about before. It's a challenge that marketers in the US dabble with when they're considering investments in tools like retail beacons and cross-device identity resolution. But it was enlightening to hear about the challenges that firms in APAC face: antiquated privacy laws, a dearth of third-party consumer data, and even the incredible difficulty of compiling a single customer view across their own first party data. Interestingly, though, the solution in both markets is similar: preference management

I've just published a report about enterprise preference management, which Forrester defines as:

The business practice of systematically collecting, managing, and utilizing explicit customer preferences — about frequency, channel, content, interests, and intent — in outbound communications.

Read more

Safe Harbor is dead. What does that mean for your customer insights & analytics practices?

Yesterday morning, many of us in the United States awoke to some troubling news: the European Court of Justice (ECJ) had ruled that the Safe Harbor agreement is no longer valid.  Security & risk (S&R) and data management folks kicked into high gear. Customer insights and digital marketing teams...? Well, the news slipped past mostly unnoticed. That's a mistake. 

Let's start with a primer on Safe Harbor. If you're a multinational company doing business in Europe, Safe Harbor is the agreement under which you've been allowed to bring European customers' data back into your servers in the US for purposes of targeting, analytics, campaign management, etc. If you work with a US-based database MSP, digital or CRM agency to manage customer data, they've likely been relying on the same agreement. It's a nearly 20-year old agreement that was put in place to bridge the gap between Europe's strict data protection laws and America's relative dearth of them. 

Now, that agreement has been deemed invalid, which means that every company serving European customers needs to reexamine its data practices. Of course, this is primarily the purview of our technology management peers. But customer insights professionals need to partner closely with them on two fronts:

  • Speak up about your third-party data sharing practices. This includes sharing between business partners (for example, passing customer data to a firm that administers your loyalty program or manages warranties), sharing CRM data with digital marketing vendors, and even using third-party tracker on your website that collect IP addresses. Any third party data sharing could come under scrutiny from the European Data Protection Authority, so you'll want to have a consent-based model for collecting and sharing that data soon.
Read more

Is Your Privacy Organization Future-Proof?

Unless you're in a regulated industry, or headquartered in the European Union, chances are that your privacy organization has been limited to one or two lawyers, and maybe a data security expert. This small group has probably been tasked with making sure the firm is in compliance with local laws, and with writing and managing onerous and impenetrable consumer-facing privacy policies. In other words, these teams have worked to keep the company out of legal trouble.

But data privacy, collection, and use practices are becoming more visible, to regulators, to media and ultimately to individuals. And as a result, firms need a different kind of privacy organization to meet the need for transparency head-on. 

So tell us, has your privacy organization changed in the past few years? Are you staffing it with new skillsets? Creating more dotted lines to teams like marketing, product development, etc? Changing from a compliance-focused organization to one poised to capitalize on privacy as a market differentiator?

If so, my colleagues, Heidi Shey, Enza Iannopollo and I would love to hear from you for current research we're working on. Reply here, or email, and THANKS!


Privacy: Lessons Learned and Prognostications

Earlier this year, I had the pleasure of moderating a panel of leading privacy professionals for the Churchill Club.

During the session, we recapped the highlights—and lowlights—of privacy in 2014, discussed some of the major trends and issues in the space, and made some predictions for 2015 and beyond.

What stood out for me, as a customer insights (CI) professional, is how critical our teams are to the work of privacy and how much we must guide the process of contextual privacy. There is a lot of work to be done to build stronger organization-wide consensus around better privacy. Like they were the nexus point between business technology and marketing teams, CI pros are now the nexus between security, legal, and marketing teams.

I’ve linked the full session below. Please enjoy, and please consider getting involved in Data Privacy Day 2016 - the effort could use more marketers and business leaders.

Can people change markets?

As many of you know, the customer insights practice at Forrester traditionally focuses on the collection, management, analysis, and use of customer data to business practices. Over the past few years, I've been writing research about the changing face of the "collection" and "use" parts of that equation -- that is, how privacy and personal identity and data management tools will change marketers' access to consumer data, and how they're allowed to use the information they do have. Now I'm taking this research a step further.  

I've just started examining the history and future of consumer-driven market shifts, and would love to interview you if you have a position on this, theoretically or practically.

The hypothesis:

Read more

Oracle Gifts Itself Another Data Platform

Industry analysts know that major M&A deals, product announcement, and organizational changes can come at any time. But it still surprises us a little when a major player like Oracle announces a significant acquisition just days before Christmas. At any rate, Santa has come early for both Mr. Ellison and the Datalogix team this year.

We've just published a Quick Take on our perceptions of the deal, which holds a lot of promise. Our biggest concern? Realizing that promise requires some serious integration work, and so far, Oracle hasn't proven that it's especially capable of integrating the stack it's acquired for the Marketing Cloud offering. We also worry that Oracle's Data Cloud -- where Datalogix will sit -- is heading directly for a major privacy warzone. Whether Oracle is ready for that battle remains to be seen.

But the bigger picture is this: the Datalogix and Bluekai acquisitions, along with many others of the past year -- including Conversant by Epsilon, LiveRamp by Acxiom, and Adometry by Google -- are evidence of a fast-consolidating marketing and advertising technology landscape. 2015 will doubtless bring more M&A activity in this space, with a likely run on smaller technology and data vendors that have mostly been flying under the radar. What this race for the ultimate "marketing cloud" will mean to CI pros remains to be seen, but you should certainly anticipate plenty of shakeups in your vendor relationships over the next 18 months. 

Read more

The Evolution Of Consumer Attitudes On Privacy

With Anjali Lai

The tide is turning on privacy. Since the earliest days of the World Wide Web, there has been an increasing sense that the Internet would effectively kill privacy – and in the wake of the NSA PRISM program revelations, that sentiment was stronger than ever. However, by using our Forrester’s Technographics 360 methodology, which blends multiple qualitative and quantitative data sources, we found that attitudes on privacy are evolving: Consumers are beginning to shift from a state of apathy and resignation to caution and empowerment.

Read more

Facebook's Mood Manipulation Study: What Does It Mean To Brands?

By now, most of you will have read or seen multiple media stories about Facebook's recently published mood manipulation study. There's a lot of debate about the ethical implications of the research, and several European data protection agencies have already announced investigations into whether Facebook violated local privacy laws with the study.

But we think the questions for marketers go deeper: how will this research, and user response to it, affect how brands are able to engage with their customers on Facebook? My colleague Nate Elliott and I have just published a Quick Take on the subject. Our high-level assertions: 

  • While Facebook’s study crosses ethical lines, the data use is likely legitimate. Consumers are understandably outraged by why they perceive as an abuse of their postings. But Facebook’s Data Use Policy explicitly allows the firm to use data for internal research purposes. Still, the potential for users to abandon Facebook is real.
  • Facebook has novel data to analyze, and long term, that could change marketing practices significantly. The kinds of data that Facebook is starting to exploit are highly unique. It could actually combine evergreen affinities with contextually specific emotional states to change how brands buy media and measure performance.
  • But the short term implications may cut its opportunities off at the knees. If Facebook, with all of its research and experimentation, causes users to feel like lab rats, it’s possible that they will leave the site in droves. That outcome could severely limit brand reach — and that could signal the end of Facebook’s marketing customers, especially given today’s already reduced reach.
Read more