Consent & Preference Management for Marketers in 2023: 5 Key Considerations
The digital marketing landscape is changing fast. Marketing teams need to find new and creative ways to reach customers, build brand reputation, and stay on the right side of the law.
Here are five of the most important consent and preference management considerations for marketers in 2023.
The US is getting serious on privacy
At the end of 2022, just one US state (California) had a comprehensive privacy law—the California Consumer Privacy Act (CCPA).
The CCPA had a big impact on marketing as businesses were required to provide consumers with an opt out of the sale of their personal information.
Throughout 2023, five new state privacy laws take effect across the US—all of which have specific rules on selling personal information and running targeted advertising campaigns.
Some of these laws require opt-in consent for ad-targeting. Others require you to offer consumers an opt-out. Some require you to conduct a risk assessment before targeting ads. Read our round-up of the implications for marketers across all five new US privacy laws.
Beyond new laws, US regulators are also ramping up enforcement of existing privacy rules.
On 1 February, the Federal Trade Commission (FTC) sanctioned healthcare app GoodRx for sharing data with advertisers without consent. A week before, the California Attorney General did a “cookie sweep” to weed out non-compliant data-sharing practices.
The days of the US as the “Wild West” of privacy are over. Marketers must carefully consider how their consent management practices fit into this new landscape.
GDPR enforcement is becoming a reality
Many privacy advocates were disappointed throughout the early days of the EU’s General Data Protection Regulation (GDPR). The hotly anticipated multi-million euro fines were initially rare, and online ad practices initially seemed largely unaffected by the new rules.
That’s all changing. Several high-profile cases were concluded last year that could transform digital advertising.
For example, a decision against the Interactive Advertising Bureau Europe (IAB Europe) invalidated the Transparency and Consent Framework (TCF) that thousands of advertisers and vendors relied on for serving ads.
The IAB’s new framework was recently approved by the Belgian data protection regulator, and it should substantially change how marketers operate online.
Several high-profile decisions against Meta, published this January, confirmed the need to obtain freely-given consent from users before targeting ads. And the same month, the European Data Protection Board (EDPB)’s Cookie Banner Taskforce reiterated the EU’s prohibition on deceptive design.
Now is the time for marketing and compliance teams to assess their existing consent management practices and ensure they meet the EU’s rules.
Figuring out children’s consent is important
Children’s privacy is top of the agenda for many regulators and lawmakers worldwide. This presents a challenge for companies operating on an internet that is primarily built for grown-ups.
The UK’s Children’s Code has impacted how global companies get consent to use children’s data. But the UK situation might soon be complicated further by the Online Safety Bill, which could include some of the strictest online child safety rules ever seen.
In the US, some marketing and compliance teams will spend 2023 preparing for the California Age-Appropriate Design Code, which will force strict default privacy settings on websites “likely to be accessed by children” from July 2024.
And last year’s FTC’s action against Fortnite developer Epic Games for breaching the Children’s Online Privacy Protection Act (COPPA) served as a reminder that children already benefit from a high level of online privacy under existing federal law.
If your services are used by children, it’s essential that you think seriously about whether your consent management practices comply with children’s privacy rules.
Transparency matters more than ever
Digital marketing rules vary from country to country. But they all have one thing in common: transparency.
A January court ruling set a new bar for transparency in the EU. The court found that organizations must tell individuals the identities of every specific third party with which they share personal data.
The cases against GoodRx in the US and Meta in the EU, mentioned above, also revealed a lack of transparency around the use of people’s data for advertising purposes.
And it’s not just a legal obligation—people tend to put their trust in businesses that demonstrate transparency. A recent Cisco study suggests that 76% of people would not buy from a company that they did not trust with their data.
Marketing teams should think carefully about where the data they collect is going, and ensure they explain this to users in a way they can understand.
Tough economic times are likely ahead in 2023. Many companies, particularly in the tech sector, are making sweeping layoffs to cut costs and satisfy shareholder demands.
It’s more important than ever for marketing teams to show how their work contributes to their company’s objectives.
Good consent management practices don’t just help avoid customer complaints and enforcement action. They can also build engagement, strengthen customer relationships, and generate a strong return on investment.
Marketing teams understand the complicated regulatory environment in which they operate. They also know that transparency and trust enhance brand reputation. Learn more about how consent and preference management enables marketing teams to deliver ROI.
Business leaders recognize this too. According to a Deloitte study, 87% of executives see reputational risk as more important than other types of strategic risk.
During 2023, you should consider taking the time to review your tools and processes. Ensure you’re using an efficient consent management solution that can help you clearly demonstrate the value you provide to your business.
You might also like to read:
The future of AI marketing: Balancing privacy and efficiency
Explore how data protection and privacy risks can arise across five AI marketing use cases and considerations for how to overcome them.