Remember when cookies were nothing more than a delicious treat for your tastebuds?
Or when data was left to scientists to decipher? Do you recall when all you had to do for some privacy was pull down your curtains? Yep, neither can we! In this hyper-connected world we now live in, these words – and our actions – have taken on a whole new meaning, thanks to the staggering rise of the Internet of Things (IoT).
Every single day, 2.5 quintillion (yes, that’s an actual number and it has 18 zeros FYI) bytes of data are created by humans. That’s a heck of a lot of Google searches (around 3.5 billion per day in fact), social media activity and web browsing! And a heck of a lot of opportunity for advertisers to gather information and connect meaningfully with their customers. It’s little wonder that data has become a trillion-dollar-a-year industry, heralded as the world’s most valuable resource.
Data is king (or queen) and when used properly, it can help launch ROI-driven advertising campaigns that better achieve your business and marketing objectives and improve your company’s bottom line. So, what can you be doing as an advertiser to collect, analyse and use customer data to grow your business without breaching privacy laws? Stick around as we dive into the sometimes confusing, always fascinating, world of data and digital advertising.
Welcome to the data party!
What is a cookie?
Cookies, officially known as HTTP cookies, are small text files passed between your computer, the web browser (think Chrome and Safari) and the website you are visiting. The first time you visit a page on the internet, a new cookie is created.
When you return to that website, a cookie is sent back to the website owner with all of the juicy data contained within. At a minimum, cookies contain two pieces of data: a unique user ID and some info about that user, such as preferred language, items in a shopping cart or the subject of an article that was read.
Why do we love cookies?
For users, cookies exist to make our web experience more convenient and relevant. User preferences can be saved from visit to visit, whilst ads, content and offers can be personalised to be as relevant as possible.
From a marketer’s perspective, cookies allow you to deeply understand your audience and perform behavioural targeting and website retargeting. That is, following a potential customer around the internet and serving them relevant ads until they purchase a product or service from your website. And yep, it really works! Who hasn’t bought something they once had sitting in a shopping cart after a “10% OFF” code was served to them days later?
What’s not so great about cookies?
If a person followed you from work to home to the shops, holding up a sign for a particular product they wanted you to buy, you’d consider this a tad stalker-ish. Cookies essentially allow for this in an online environment, so they can be seen as a bit of a privacy violation. They also store a wealth of data which can potentially be used to identify you without your consent.
For marketers, the downside is that users can opt out of or delete cookies, or completely disable the full extent of their awesomeness. Although, disabling them does make browsing more manual for users, so it’s often a matter of privacy vs. convenience vs. not really understanding what these delicious data morsels even get up to!
OK, let’s talk data.
There are three kinds of data available to an advertiser; first, second and third party. If third party data is your v. average oatmeal raisin cookie, then first party data is some serious triple chocolate chunk epic-ness.
Rich and delicious, first party data is collected by you about your customers. This stuff is absolute gold and should be a priority for any business. It’s free, yours to own, highly relevant, super accurate and incredibly valuable. It also comes with the necessary consents to be used for advertising purposes IF your cookie policy complies with local and/or global regulations.
Second party data is basically someone else’s first-party data. You purchase this directly from another company or website and might use it to increase the scale of your first party data or to reach a new audience that you don’t personally have a whole bunch of data on already.
Third party data is collected by external sources that don’t have a direct relationship with the user the data is being collected on. It usually comes from a whole bunch of different websites and is aggregated by a third-party data provider and on-sold in groups such as “vehicle intenders”. Sounds OK in theory, but it’s not the most accurate and with privacy concerns increasingly affecting how it’s collected, the days of third party data are numbered.
How do I collect first party data?
Anytime someone lands on your site, checks out a product page or downloads a form, you’ll automatically receive that data from inside the delicious cookie they send back to you, as well as small pieces of info about their user preferences, such as language, location, browsing habits and more (Google Analytics is a popular tool to collate this info). You can also encourage users to complete surveys and provide their details in physical stores as a way to strengthen your first party data.
Why is first party data so good to use when advertising?
First party data allows you to get to know and target your audience in serious detail, well beyond age, gender and location. You can gain valuable insights around your customer’s interests, dislikes, browsing habits, content preferences and more, allowing you to tailor ads, personalise marketing and content and even predict customer behaviour.
Do I need a privacy and/or cookie policy on my website?
You know the old saying, “if in doubt, don’t”? The opposite is true when it comes to a privacy policy. If in doubt, just DO IT. You might not be legally obliged to have one in your country right now but it’s better to be safe than sorry! Read on to find out more about some of the data protection regulations around the world…
The EU General Data Protection Regulation (GDPR) is the most comprehensive data protection legislation that has been passed by a governing body. Under the GDPR, “cookies not strictly necessary for the basic function of your website, must only be activated after users have given their explicit consent (usually via a pop up with both an accept and reject option) to the specific purpose of their operation and collection of personal data”.
Additionally, businesses in parts of the world other than the EU may also need to comply with the GDPR if they a) have an establishment in the EU, regardless of whether they process personal data there or b) do not have an establishment in the EU but offer goods and services to those living there or c) or are conducting specific types of advertising (e.g. lead generation campaigns on Facebook).
In Australia, New Zealand and the US, cookie notification requirements aren’t anywhere as strict as across the EU, although companies do owe obligations under various country-specific privacy acts when handling personal data so be sure to keep up to date with these. Check out this handy resource for more information Privacy Laws By Country
In a nutshell, get some legal advice and ensure your business is covered by a privacy policy.
What about if I’m advertising on Google or Facebook?
Your business may not be legally bound by GDPR requirements but Facebook and Google are. As best practice for the below advertising types, you should use a cookie consent pop-up as if you too were following the GDPR.
While incredibly powerful tools for advertisers with a proven ROI, Facebook and Google Ads remarketing and “custom audience” tools use first party data to reach people who have previously been to your website or to target people from a marketing list. If you’re planning on running any kind of remarketing or custom audience campaigns you should inform website visitors in your privacy policy that you gather information for these purposes. You should also frequently weed out those who have unsubscribed from your mailing list AND ensure you don’t have any subscribers from the EU (that would be a definite violation of the GDPR!).
In saying that, Google and Facebook don’t strictly police this and you can run these campaigns if you don’t have a privacy policy on your website. However, if you want to run a lead generation campaign on Facebook (e.g. get someone to give you their details via a form within the platform), you absolutely need one. In fact, Facebook won’t allow you to run this campaign until you’ve linked them to your policy.
Again, it’s better to be safe than sorry and have a solid privacy policy and option to opt out of cookies on your website. Not only will you cover yourself, you’ll also establish trust with your customers.
So I’ve got 4,000 customer emails. Can I upload them to Google and Facebook?
As mentioned, you can create a “custom audience” in Facebook and Google Ads by uploading data from your CRM and targeting your current customer database (so long as they are logged in with the same email or phone number they provided you or target lookalike/similar audiences across Facebook and Google (isn’t technology amazing!?). Unless you’re a business in the EU, or have people on your email list from the EU, you don’t technically need a privacy and cookie policy on your website to do this.
However, the moral of the story – and this article – is to cover yourself and always have one! There’s absolutely no harm in doing so and you’ll protect yourself from any possible issues now or in future.
