When going online, privacy statements, cookie guidelines, obligations to give one’s consent and the like overwhelm the consumer. Those “features” are not only labour-intensive but also alarming because marketing and sales departments lose 10% of their potential customers with every additional click. Yet they are essential for achieving data protection compliance and, more to the point, to avoid enormous fines. Does marketing make a better case for getting its way or does data protection have a trump card in attaining its goals?
In her Duet Interview with Petra Dahm, strategic consultant and former copy writer, creative director and strategic planner in the advertising world, Dr Caldarola, author of Big Data and Law, discusses the trade-off between two stakeholders with different needs as far as digital business is concerned.
It is essential for a company’s survival to sell products and/or services. However, it is also important that its hard-earned revenues not be lost by enormous data protection fines for non-compliance (up to 4% of the worldwide turnover of a company group) , as we have seen in an earlier interview with Prof. Dr Schrey. One can observe different phenomena in digital activities: (1) companies seeming to become bolder in selling activities on the internet; (2) at the same time, consumers feeling anxious that their data is not secure – according to surveys, (3) conversely, consumers scrolling immediately to the end of a document without even making the effort to read seemingly endless information in order to give their consent to companies having composed, for the most part, long, detailed and seemingly transparent data protection statements. What must companies do to be compliant? What trend have you observed? And which consequences do the behaviour of potential customers and vendors listed above have with regard to the intended legal goals?
Petra Dahm: Companies are definitely getting bolder in their digital activities. Over the last five years, global sales via data-driven portals and e‑commerce have almost doubled (source: Statista). The pandemic and the associated contact restrictions have accelerated this development even further because COVID-19 has profoundly changed stationary and digital commerce within just a few months – a trend which clearly has the potential to remain with us.
According to a forecast by the Institute for Retail Research IFH Cologne, growth in Germany alone is expected to double, and the market will increase to up to €88bn in sales. The general willingness to open up to digital tools has also been significantly strengthened by the pandemic – both on the part of companies as well as on the part of customers.
However, there is still dissatisfaction with the online shopping experience because, according to the market research company Forrester Consulting, German customers, in particular, are not provided with a sufficiently intuitive user experience – both when searching for suitable products or services on the internet and when navigating an online store itself. This circumstance can be attributed to a number of factors: On the one hand, it results from a rather poor digital strategy of companies that is not yet fully developed in many cases, but is also du to the General Data Protection Regulation (GDPR) introduced since 2018, and other guidelines, such as the very complicated regulations of the cookie notification or opt-in/opt-out procedures which have all made life difficult for companies in this country. For all these reasons, pages or notifications are encoded, not to be presented in a visually appealing way, or the navigation is so complex that consumers either willingly click on online offers without knowing the relevant background information. After that one fatal click, they are then literally flooded with follow-up offers and feel powerless and frustrated. The alternative scenario is to simply refuse everything from the outset, leave the page and mentally deselect the service.
In addition, there are still consumer concerns about data security, although according to a recent study by Deloitte, shopping behaviour during the pandemic has also relaxed significantly in favour of convenience – one only has to remember how readily personal data was shared when visiting a restaurant this year or recall the widespread use of cloud-based collaboration tools, such as Zoom and the like, and private, unencrypted WLAN-connections in home office surroundings. Or let us consider an even more pressing issue: Health protection vs. privacy? Here it is also worth taking a look at the different behavioural patterns of the various generations, particularly in terms of target group segmentation – while the Baby Boomer, GenX and GenY generations tend to be more restrictive with their personal data, younger generations are much more willing to disclose their data in order to make use of online services.
When consumers visit a website and/or navigate through the internet, they are confronted with “features”, such as privacy statements, consent, double opt-in and the like. Even though such requirements are obligatory, have they been correctly implemented? Are they more of a deterrent or even counter-productive? Why is the way companies are fulfilling these data protection requirements so antagonistic to consumers?
When considering this matter, it is certainly necessary to differentiate between global enterprises and small and medium-sized enterprises (SMEs), which have predominantly been active on local markets, and are now making their way to international markets. The key factor is the company’s level of digital maturity and how well it is positioned in terms of its digital business strategy.
I find it problematic that two years after the introduction of the GDPR, many companies have still not sufficiently come to grips with the issue in terms of its significance for marketing, sales and advertising. In addition, there is another difference between B2B and B2C companies: namely that while in a B2C buying process only one contact is decisive, in a B2B buying process up to seven contacts or more are part of the sale.
Although the necessary administrative or IT-related measures may have been taken internally, such as data access control, or data retention, many SMEs in the B2B sector have only really started to come to terms with digital business models, multi-channel approaches, online marketing and data-based analyses of online customer journeys and buying processes since the Corona pandemic, which means that there is a great deal of catching up to do in terms of digital competence – and thus with regard to secure compliance with GDPR regulations.
In addition to purely technical expertise, it is particularly important to act in a customer-oriented manner – here, among other things, an understanding of user experience and user interface is an essential prerequisite for communicating regulations and requirements in a user-friendly fashion.
We ourselves see both tendencies in the discussions with our customers, which have especially been triggered by the publication of the first more substantial fines: either online measures are being massively scaled back or at least put on the back burner for fear of mistakes in implementation, a reaction which is actually fatal, as this restricts the possibilities of digital business models, or penalties are, quite simply, factored in deliberately and accepted.
Do companies take advantage of their market power? In other words, does the consumer really have the choice of not accepting data protection rules established by companies? Will the consumer find alternative offers from a different company that has – in his eyes – better data protection rules?
One factor which must be taken into account is that the application of the GDPR is being interpreted completely differently, in part, by data protection officers, but also by data protection lawyers. This important conclusion was one we could reach from our own experiences with different customers. Since we ourselves constantly deal with the data protection guidelines and, as a marketing consultancy, naturally also make corresponding suggestions to clients for online campaigns or measures, this sometimes leads to heated discussions and the client is forced to decide either in favour of a strict or a somewhat laxer interpretation of the GDPR.
What we find lacking – especially after the publication of the first official evaluation from June 2020 – is a clear and unambiguous presentation of the regulation for all parties based on best practice examples. Instead, we were mainly given a mere inventory of the status of the implementation of the GDPR, which might be helpful to statisticians, but not for advancing a practical approach to the regulation.
Above all, one thing must be kept in mind: the GDPR is based to a certain extent on a level of discussion, which had already taken place 10 years ago, and since then, as is well known, a lot has happened in terms of technology, analysis options, customer behaviour, generation development etc. Not to mention innovations, such as voice tracking (voice assistant environment), eye tracking (extended reality environment), emotional tracking (HR assessment environment) and let’s not forget the advent of cloud computing (Industry 4.0/IoT environment) as well as the increased use of artificial intelligence.
In the course of increasingly ubiquitous computing, we are no longer dealing with simple, traceable data packages in individual silos, but with intricate, networked applications that require a similarly complex view of data protection – both for companies in terms of protecting their intangible assets and for customers safeguarding personal and sensitive data.
The problem is that the speed of technological developments presents almost insurmountable challenges for a proper data protection impact assessment because it is not possible to draw up or implement new or adapted regulations in the time needed and to train staff accordingly. Therefore, a dialogue involving all interested parties should be held that already begins during the development of such technologies and is consistently kept going.
My favorite quote is:
“In times of change, the greatest danger is to act using yesterday’s logic”.
Peter Drucker
Do companies lose sales opportunities when applying data protection requirements? If so, what proportion of sales opportunities are lost? Can you give us a short overview of how marketing and sales work to draw in potential customers using digital business models, when a decision for a specific action is normally taken, how much additional time and how many clicks decrease a potential digital purchase, and, finally, explain why the “features” necessary for data protection compliance, such as consent, cookie guidelines and similar, are so disruptive with regard to marketing and sales in the process of winning potential customers on the internet?
To be honest, it is very hard to give a generic answer to how many sales opportunities are lost because, at the very least, a number of parameters are involved. For example, the stricter cookie directive and the resulting restrictions on the integration of common online services have severely limited both customer service and the analysis of user data, which can have a negative impact on online marketing planning. Here, we see Europe at a clear disadvantage compared to American or Asian companies, for example, which simply have completely different options for a target-oriented customer approach and for continuously optimizing the customer journey with technologies, such as programmatic advertising and predictive targeting, and can thus fully exploit the advantages of digital marketing.
How much potential is actually lost can therefore only be estimated, but the fact that an online customer journey generally has more touchpoints than an offline one means that the possibility of bouncing back in the course of a journey is certainly higher. What we definitely see in our own analyses of international comparisons is that the restrictions imposed by the GDPR are having a measurable impact. As already mentioned at the beginning, small and medium-sized enterprises in Germany, in particular, are still far from making complete use of the opportunities offered by digital business models. In this respect, I see a high potential for discussion and conflict in the coming years.
Above all, the disproportion compared to the Big Five from the USA is a subject for discussion because, to be honest, from our point of view, a really cut-throat competition is developing here. Due to a technological head start and less restricted possibilities, companies, such as Google, Facebook, Amazon and others, are developing more and more intelligent data analysis options and, above all, have the economic lobbying and financial resources, not to mention technical expertise, to stand up to European data protection authorities.
We ourselves have just seen how long a clarification by the EU Commission can drag on – in the meantime, billions of data points have already been generated again: THE asset of every digitally oriented company. Incidentally, a similar imbalance can be observed when looking at technology-oriented start-ups in Germany in an international comparison – here we should not be surprised if talent is poached or emigrates.
Are there really alternatives or are consumer associations, the Chamber of industry of commerce, consultants and other digital privacy providers harmonizing the appearance of the digital journey as well as how it proceeds so that there is little or no other possibility?
The advances in technology and the associated adjustments to data protection are developing so quickly that we require a high level of continuous training and further education to keep up. Above all, the complex infrastructures described above require a consistent interdisciplinary exchange between individual participants so that practical and customer-oriented solutions can be developed that correspond to our European understanding of privacy.
Unfortunately, the guidance offered by industry or professional associations as well as official contact points, such as the chambers of industry and commerce, usually only provide general basic information or focus on the correct interpretation of data protection directories or checklists. If you are looking for meaningful training opportunities in the areas of marketing/sales or digital business models, you are usually left with seminars or workshops – and ironically, these are often not even available online so far.
Marketing and data protection seem to have conflicting agendas. Which side normally prevails?
It is important to understand that marketing has become extremely complex compared to ten years ago. With the ability to network analogue and digital marketing as well as the advent of communication measures, we are in a position to perfectly personalize offers- even a small-sized company is in a position to serve global target groups via multi-channel approaches- and companies rightly expect analyses that are as comprehensible as possible and, in the best-case scenario, can be consistently planned and readjusted on the basis of measurable data. With the data-driven networking of a wide variety of online channels (website, social media, email marketing, platforms, etc.), the colaboration of lead management, transparent monitoring of the customer journey, and possibly even direct feedback from the product itself via IoT and automated after-sales services, these various processes and the associated personal data can certainly be multi-layered with regard to the individual marketing and communication steps within the customer journey. When a campaign or system is set up from scratch, we therefore advocate getting all the decision-makers from marketing, sales, service, product, system development and data protection at the same table to define clear requirements and expectations from the outset. However, it becomes difficult when a system or campaign is already up and running and needs to be assessed to determine whether it is a privacy-compliant solution. This often leads to very extensive discussions, since mutual understanding must first be established – and that is not always easy. In most cases, quick external advice is not possible because careful awareness of the overall strategy and the individual objectives is necessary – and acquiring this understanding takes time.
How do marketing and data protection form an effective trade-off of their needs and interests? Are there better ways to synchronize data protection requirements without losing sales opportunities? Any ideas?
If we imagine that the world will become even more connected and mobile in the future, then we need to reconcile this deliberately open and, in many cases, perhaps also desired infrastructure of innovative technologies, such as blockchain, cloud computing, Internet of Things, Augmented Reality (smart glasses) and artificial intelligence with the strict regulations of the European Data Protection Regulation. And we must ask ourselves quite honestly: is such a reconciliation even possible? The European Commission itself has just phrased it very nicely in the context of the draft for a Data Governance Act (DGA): We are probably trying to square the circle.
Mrs Dahm, thank you for sharing your insights on the challenges of marketing and sales in the digital environment.
Thank you, Dr Caldarola, and I look forward to reading your upcoming interviews with recognized experts, delving even deeper into this fascinating topic.