O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

GDPR: New Privacy Rules, Digital Communications, Marketing Opportunities

627 visualizações

Publicada em

GDPR privacy regulations from the European Union bring new marketing challenges and new marketing opportunities that we review in this 90 minute workshop for the eduWeb Digital Summit conference. Topics include (1) Advertising, (2) Inquiry forms, (3) Email and text marketing, (4) College Board "Student Search" data, and (5) the new California Consumer Privacy Act.

Publicada em: Negócios
  • Seja o primeiro a comentar

GDPR: New Privacy Rules, Digital Communications, Marketing Opportunities

  1. 1. GDPR: New Privacy Rules, Digital Communications, Marketing Opportunities©RobertE.Johnson,Ph.D.2018 BOB JOHNSON, PH.D. EDUWEB DIGITAL SUMMIT SAN DIEGO, CA: JULY 23-25, 2018 BOB JOHNSON CONSULTING, LLC 1
  2. 2. Who is Bob Johnson? Higher education marketing since the 1980s. Bob Johnson Consulting, LLC since 2006… 87 clients. Gerry McGovern “Top Tasks” partner at Customer Carewords, Ltd. “Your Higher Education Marketing Newsletter” monthly to 3,200 subscribers + “Link of the Week” websites. Chair of AMA Symposium for the Marketing of Higher Education, 1994-2003. Twitter: @highedmarketing LinkedIn: www.linkedin.com/in/bobjohnsonconsulting/ LinkedIn top task group: www.linkedin.com/groups/8478858 BOB JOHNSON CONSULTING, LLC 2
  3. 3. What are we doing today? 1. A cartoon to get started. 2. Key GDPR Rules 3. GDPR in the USA 4. Lemons to Lemonade 5. Advertising 6. Inquiry forms 7. Email & text marketing 8. College Board “Student Search” examples 9. And in California BOB JOHNSON CONSULTING, LLC 3
  4. 4. BOB JOHNSON CONSULTING, LLC 4
  5. 5. Europe first, then California… https://www.eugdpr.org/.... https://www.caprivacy.org/ BOB JOHNSON CONSULTING, LLC 5
  6. 6. Immediate reactions… http://bit.ly/2L4FGOi BOB JOHNSON CONSULTING, LLC 6
  7. 7. Immediate reactions… http://bit.ly/2mv8L6Z BOB JOHNSON CONSULTING, LLC 7
  8. 8. The short term future… “The major issue is that nobody really understands the law, or how it should be enforced. It certainly seems like when the dust settled we'll find a lot of the GDPR opt-in emails were absolutely unnecessary and as a result, we could find that it takes some suits to set precedent before we get some consistency.” BOB JOHNSON CONSULTING, LLC 8
  9. 9. Key GDPR rules… BOB JOHNSON CONSULTING, LLC 9
  10. 10. Who does the GDPR affect? https://www.eugdpr.org/gdpr-faqs.html “The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. “It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.” BOB JOHNSON CONSULTING, LLC 10
  11. 11. What constitutes personal data?... “The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. “This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.” BOB JOHNSON CONSULTING, LLC 11
  12. 12. What is the difference between a data processor and a data controller? “A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.” …ACT, College Board, NRCCUA are “processors” …Enormous State U & Friendly Private College are “controllers” when they buy data to recruit And when running “custom” ads on Facebook, etc. BOB JOHNSON CONSULTING, LLC 12
  13. 13. Do data processors need 'explicit' or 'unambiguous' data subject consent – and what is the difference? “The conditions for consent have been strengthened, as companies will no longer be able to utilise long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent - meaning it must be unambiguous. “Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.​ Explicit consent is required only for processing sensitive personal data - in this context, nothing short of “opt in” will suffice. However, for non-sensitive data, “unambiguous” consent will suffice.” BOB JOHNSON CONSULTING, LLC 13
  14. 14. Right to be Forgotten https://www.eugdpr.org/key-changes.html “Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. “The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.” BOB JOHNSON CONSULTING, LLC 14
  15. 15. GDPR in the U.S. BOB JOHNSON CONSULTING, LLC 15
  16. 16. COMPLIANCE IN THE U.S.? If you recruit students in Europe who are citizens of a EU country for online programs or U.S campuses. Yes. If you have alumni who are citizens of an E.U. country. Yes. If you operate campuses overseas located in EU countries who enroll EU citizens. Yes. If you do other business in EU countries and collect personal information in a database. Yes. If you have faculty & staff who are EU citizens. Yes. BOB JOHNSON CONSULTING, LLC 16
  17. 17. Campus Technology magazine is calling? OMG! “Several universities have set up working groups to steer campus efforts on GDPR, but most are in the early stages of identifying impacted systems and processes, and that fact seems to make them reluctant to speak about it. “Campus Technology reached out to five universities that have GDPR working groups. Two did not respond to requests and the other three declined to be interviewed about their efforts.” https://campustechnology.com/articles/2018/05/24/what-gdpr-means-for-us-higher- education.aspx BOB JOHNSON CONSULTING, LLC 17
  18. 18. But two U.S. universities were ready… https://www.massachusetts.edu/gdpr... https://www.stfrancis.edu/about/your-right-to-know/online-privacy-policy/ BOB JOHNSON CONSULTING, LLC 18
  19. 19. St. Francis GDPR consent form… https://www.stfrancis.edu/about/your-right-to-know/gdpr-consent-form/ Clear and simple language… “The purpose of the GDPR is to protect all EU citizens from privacy and data breaches by allowing citizens to maintain control of the personal data kept and processed by organizations. The GDPR stipulates that consent to process personal data must be freely given in an intelligible and easily accessible form, using clear and plain language. The form below is for EU citizens to provide or withdraw consent to USF to process personal information.” BOB JOHNSON CONSULTING, LLC 19
  20. 20. Lemons to lemonade… BOB JOHNSON CONSULTING, LLC 20
  21. 21. First reaction to GDPR privacy rules… BOB JOHNSON CONSULTING, LLC 21
  22. 22. Key points (some) marketers hate… https://live.prolificnorth.co.uk/2018/02/23/comes-gdpr-time-separate-myth-fact/ Explicit consent… ◦ “You need to tell people what you’ll be contacting them about, how often and in what format.” Right to be forgotten… ◦ “Individuals have the right to request complete erasure of their personal information.” Relevance & accuracy… ◦ “Only collect and store data you actually need.” BOB JOHNSON CONSULTING, LLC 22
  23. 23. Celebrate data security, privacy on one page… http://www.ligca.org/we-are-gdpr-compliant/ BOB JOHNSON CONSULTING, LLC 23
  24. 24. Can both of these be right? 2016 SURVEY RESULT… MARKETERS NOT AFRAID… BOB JOHNSON CONSULTING, LLC 24
  25. 25. Don’t ignore privacy concerns… https://www.consumerreports.org/privacy/americans-want-more-say-in-privacy-of-personal-data/ BOB JOHNSON CONSULTING, LLC 25
  26. 26. Major marketing point… Security + Privacy People more concerned about data security than data privacy. Present GDPR & California compliance with emphasis on security. Add ability of people to control how their data is used. BOB JOHNSON CONSULTING, LLC 26
  27. 27. Advertising… BOB JOHNSON CONSULTING, LLC 27
  28. 28. Personalization decreasing… https://digiday.com/media/personalization-diminished-gdpr-era- contextual-targeting-making-comeback/ Audience-based advertising: relies on personal data known about people targeted to received ads. Agencies now wary of this because of difficulty of proving consent. Contextual advertising: advertising based on where people visit online. TripAdvisor or CarGurus ads do not require personal data. BOB JOHNSON CONSULTING, LLC 28
  29. 29. Retargeting ads… https://www.criteo.com/insights/industry-wrong-about-gdpr-consent/ Different types of consent allow different types of ads. “Explicit consent” required for ads based on sensitive personal data: name, race, gender, sex, politics, health income, etc. “Unambiguous consent” allows retargeting ads: “Active behavior from which consent can be reasonably concluded. For example, when the individual continues to browse a website and thus accepts the use of cookies to monitor their browsing.” BOB JOHNSON CONSULTING, LLC 29
  30. 30. Facebook custom advertising… https://www.facebook.com/business/products/ads/ad-targeting Facebook requires that people in a database have given consent to use their data to advertise to them in a “custom” ad. For most data controllers, this will require contacting everyone in a pre- GDPR database to get permission & deleting from “custom” advertising anyone who does not give it. In future, ask new leads for permission to do this. https://www.reshiftmedia.com/gdpr- facebook-privacy/ BOB JOHNSON CONSULTING, LLC 30
  31. 31. Inquiry forms… GDPR: NEW REASONS TO KEEP FORMS SHORT & SIMPLE SHORT FORMS = MORE COMPLETIONS BOB JOHNSON CONSULTING, LLC 31
  32. 32. Undergrad vs. graduate inquiry forms… UNDERGRADUATE INQUIRY DATA… GRADUATE INQUIRY DATA… BOB JOHNSON CONSULTING, LLC 32
  33. 33. Suspicious 3rd party “opt out” activity… BOB JOHNSON CONSULTING, LLC 33
  34. 34. At the end of an inquiry form… http://bit.ly/2O6Nj4X BOB JOHNSON CONSULTING, LLC 34
  35. 35. “Privacy Policy” isn’t very private… http://bit.ly/2zXyPRF BOB JOHNSON CONSULTING, LLC 35
  36. 36. Email & text marketing… BOB JOHNSON CONSULTING, LLC 36
  37. 37. Target Marketing’s 4 steps to email growth… http://bit.ly/2NtDLQ5 Hunt Down (and change) Any Stray Pre-checked Forms Be Clear About the Benefits Subscribers Will Get From Your Emails (and texts) Be Equally Transparent About How You Collect, Secure and Delete User Data Force Consumers to Choose (with “yes” or “no” options) BOB JOHNSON CONSULTING, LLC 37
  38. 38. Target Marketing recommendation… https://www.typeform.com/ BOB JOHNSON CONSULTING, LLC 38
  39. 39. College Board “Student Search” examples… CB REQUIRES “REASON” FOR OPTING OUT OF STUDENT SEARCH PROGRAM BOB JOHNSON CONSULTING, LLC 39
  40. 40. Student Search service… https://collegereadiness.collegeboard.org/about/benefits/student-search-service Points to note: ◦ “Students… asked if they want to participate.” ◦ “By opting in, they give the College Board permission to share their names and limited information with colleges and scholarship programs looking for students them.” ◦ “Most students opt in to Student Search Service so they can get information about more than 1,100 colleges and scholarship programs without being solicited by commercial entities.” ◦ “Students say that as much as they like hearing from colleges they already know, they really like hearing from colleges they were previously unfamiliar with.” BOB JOHNSON CONSULTING, LLC 40
  41. 41. Data available for purchase… https://studentsearch.collegeboard.org/about-your-data BOB JOHNSON CONSULTING, LLC 41
  42. 42. Opt-out requirements… https://studentsearch.collegeboard.org/opt-out BOB JOHNSON CONSULTING, LLC 42
  43. 43. And in California… January 2020 start  CALIFORNIA CONSUMER PRIVACY ACT BOB JOHNSON CONSULTING, LLC 43
  44. 44. Major points… You can ask to see whatever data a company has about you. You can ask to have your personal data deleted. You can request that your data never be sold. Penalty only if an “intentional” mistake, i.e., data breach. May lead to similar rules in other states… or at national level. BOB JOHNSON CONSULTING, LLC 44
  45. 45. Differences with GDPR… https://www.firstsanfranciscopartners.com/blog/california-consumer- privacy-act-of-2018-vs-gdpr/ Some points to note: CCPA: individual can sue & be awarded up to $750 (data bread penalties would increase). CCPA: “Clear and conspicuous” home page link to “Do Not Sell My Personal Information” page. CCPA: Data definition includes “inferences” made from data “to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.” BOB JOHNSON CONSULTING, LLC 45
  46. 46. Limitations of 2018 CCPA… https://searchsecurity.techtarget.com/blog/Security-Bytes/Is-the-new-California- privacy-law-a-domestic-GDPR Applies to larger organizations… Annual gross revenues in excess of $25 million Process information of 50,000 or more consumers, households or devices Derive at least 50% of their annual revenues from the sale of personal information Changes expected between now and implementation Passed unanimously to forestall more stringent November privacy referendum BOB JOHNSON CONSULTING, LLC 46
  47. 47. Wrapping up… BOB JOHNSON CONSULTING, LLC 47
  48. 48. Take away points going forward… Organizations will benefit from reducing data collection. Privacy + security concerns will continue to grow. In the GDPR world, consumers are more important than organizations. Online advertising will continue. Expect inquiry pools to shrink but to convert at a higher level. BOB JOHNSON CONSULTING, LLC 48
  49. 49. Thanks for being here in San Diego! BOB JOHNSON, PH.D. BOB@BOBJOHNSONCONSULTING.COM WWW.BOBJOHNSONCONSULTING.COM @HIGHEDMARKETING BOB JOHNSON CONSULTING, LLC ... @HIGHEDMARKETING 49
  50. 50. Resources… BOB JOHNSON CONSULTING, LLC 50
  51. 51. GDPR webinar series for higher ed… http://bit.ly/2mvBokr BOB JOHNSON CONSULTING, LLC 51
  52. 52. GDPR is good for marketers… https://www.criteo.com/insights/gdpr-white-paper-criteo/ BOB JOHNSON CONSULTING, LLC 52
  53. 53. What is Google doing? https://adexchanger.com/online-advertising/google-plans-to-join-the- iab-europe-gdpr-framework-but-the-devil-is-in-the-details/ BOB JOHNSON CONSULTING, LLC 53
  54. 54. Facebook and GDPR… https://www.facebook.com/business/gdpr BOB JOHNSON CONSULTING, LLC 54
  55. 55. One month later… 1,300+ complaints https://www.emarketer.com/content/assessing-gdpr-s-impact-on-its- one-month-anniversary?ecid=NL1009 BOB JOHNSON CONSULTING, LLC 55
  56. 56. ASU “European Union Supplement”… https://www.asu.edu/privacy/ BOB JOHNSON CONSULTING, LLC 56

×