How do you use customer data in line with European laws and regulations?

Privacy, AVG and GDPR are terms often used in the same sentence. The concept of privacy was defined by Harvard a number of years ago as “the right to be left alone”. Even so, the word privacy can only be found in one footnote of the AVG. What does this mean? And how can customer data be used in line with European laws and regulations?

During the Data Intervision on the 13th May of this year the aforementioned questions and themes were discussed. We would like to share the insights gained from this with you below.

What is the effect of the changing cookie law on being able to use customer data?

Since 2018, this is a law that has been changing continuously and it seems like the use of cookies is increasingly restricted. One of the participants in the discussion indicates:

“You have to explicitly ask for permission for anything related to marketing. The only exception to this is the use of analytics and A/B tests if they are not sensitive to privacy. In those cases the user only has to be informed. We were faced with the dilemma of collecting as much permission for retargeting as possible or only installing a cookie notification that doesn’t detract from the website experience, particularly on mobile phones.”

Stephen Beuker (TB Auctions): “I think this is an extension of the question of what to do with retargeting. If you only use retargeting to spam customers it becomes annoying, however, if you use it to be relevant and don’t bother customers with unnecessary messages, then I think you’re using it in the right way. If you use data the right way you have a much more relevant product offering or a much more relevant product message.”

How do you ensure that you always stay relevant?

In a commercial B2B setting, one thing that always goes is: “It is a misconception that you have to have a 360 degree picture of your customers before being able to become relevant. That is a utopia. Probably only Google and Facebook have this 360 degree image of their customers and perhaps banks and insurance companies whereby people log in regularly.”

Within B2B you’re talking about a different playing field altogether just like Gazelle: “We mainly sell bikes through dealers, bike shops and chains. The Coronavirus means that there is now an acceleration of private customers buying a bike through the website. Because of this we also accumulate personal data, so this is a start. We have now reached the point that the B2C market reached years ago.”

How much data needs to be accumulated to form an accurate image of your customers?

One of the people present notices: “There are several organisations with analytics as a goal. They construct privacy in such a way that it is allowed without permission. There are tools that anonymise the IP address, meaning that they don’t store it to ensure that it doesn’t count as personal data anymore. However, with that also comes a discussion because it is said that the IP address whilst not being stored, has been processed. So, a lawyer often doesn’t make it a 0 but a 1.”

Tjeerd van der Stroom (Opt-Insight): “Without compliance there is no business. But, without business there is also no compliance. Therefore you really have to protect personal data whilst still being able to do business with them.”

What is the normal ratio between the business and the compliance department within an organisation?

Stephen Beuker (AB Auctions): “I don’t see myself directly as a business. This is because I see data & analytics more as a servant part of the organisation just like compliance & legal. From a data point of view, we advise the way in which data can be best used to reach your goal. Compliance would play a role in that, saying things like be careful, these are the kinds of things you can use and these are the kinds you have to make official.”

Jos Mulder (fonQ): “I took on the role of privacy officer in conjunction with the lawyers when I still worked at my previous employer. This is knowledge I brought with me to fonQ. That means that these kinds of questions often reach me first.

We also run the webshop of some of our labels. Questions emerge such as to what extent is data allowed to be collected within labels and used to enrich the data within fonQ? These are the kinds of questions that I first try to answer myself. The first thing I ask myself in such a case is: “what do you want with it exactly, what is the goal? Do you want to use it for marketing purposes and if so, what has already been made official? What do we ask permission for?”

How will this ratio between privacy and the collection of data continue to develop in the future?

Jos Mulder: “I am under the impression that it will be played through the Googles. We will sooner be limited by modifications in Google than by the AP or ACM. An example of this is that cookies already expire after a day or a week. In the end, I think it will only become more strict if that is what is demanded from a consumer perspective, but that won’t happen in the short-term.”

Another participant notices: “For customers the user experience has worsened greatly over the past couple of years. If you look at all the vague cookie and consent notifications that pop up, the situation has not improved. This is why it’s expected that browsers and tech companies will lay down the rules for themselves because there comes a point that this does not work for them anymore.”

In conclusion, it can be said that a balance has to be struck between connecting enough data to be relevant for customers and the aimless mining of data. As an organisation, if you’re transparent about what data you collect and with what purpose then it also becomes clear for customers and the customer will also see advantages to sharing their data.

Up to this point, few companies have been reprimanded but if this changes there is a chance that the rules will become even stricter in future. In that case it is up to companies to create relevance for their customers in an innovative way.