Data Privacy Considerations and Acquia Lift

With Acquia Lift, digital marketers have access to a powerful personalization technology that allows them to combine data across different channels to build a unified, high-resolution profile about their customers. A unified view of customers allows you to provide the best possible cross-channel personalization experiences through a better understanding of how a customer is engaging with you across every touchpoint. For example, you could personalize a web page to show a different piece of content to those users that clicked through on a particular email campaign, or have a particular account type in their CRM record, or exhibit affinities to certain content. Gartner believes that by 2018, organizations that have fully invested in all types of personalization will outsell companies that have not by 20%.

Data privacy as it applies to personalization is a balancing act. It’s been proven in many studies that users genuinely want more personalized experiences, and leveraging more data to improve personalization provides a benefit to both the user (with better, more relevant experiences) and the marketer (increased engagement and conversion). The data that you chose to collect and use to power these experiences must be treated with care and in consideration of local privacy regulations. In particular, data protection rules in the European Union (EU) are among the strictest, and each EU member country currently still has its own privacy laws. This will change in May 2018 with the forthcoming EU General Data Protection Regulation.

Aligning your data privacy practices not only helps you mitigate the risk of potential fines and legal expenses, it also is a cornerstone to building customer satisfaction and trust. Below are some of the key data privacy considerations for marketers who are implementing cross-channel personalization, and how Acquia Lift can be utilized to help support these requirements.

Where will customer profile data live and how will it be secured?

Hosting customer profile data outside of the EU for European users can be a challenge, particularly when it comes to EU customer data hosted in the United States. The easiest option for marketers with a European presence may simply be to choose Germany as the location to host all customer data, as it currently has the toughest rules governing customer data living outside German borders.

Marketers also need to ensure that customer data is secured and access is strictly controlled. If a third-party is involved in the handling of EU customer data, a Data Processing Agreement may be required to ensure that the vendor has necessary data security measures in place and that all vendor’s activities are solely based on the customer’s instructions.

How Acquia Lift helps: Customers can choose where to host their customer profile data, including data centers located in Germany, United States, and Australia. Security and controls built into Lift can be used to ensure that access to data is strictly limited. In addition, Acquia offers a Data Processing Agreement to all customers.

What kind of customer profile data will be used?

The most effective means of mitigating the risk of personal data is not to store the data in the first place. You should limit any data you collect to that which directly supports your desired personalization scenarios (and which in turn delivers clear value and better experiences to your end users). In particular, you should avoid storing names, addresses, or other specifics, as this information usually isn’t necessary for personalization. Unstructured data like a person’s name or street address isn’t particularly useful for audience segmentation or algorithm-based personalization. On the other hand, information that reflects a person’s past behavior, known facts, and their affinities towards content are very useful for personalization. Try to capture this kind of information as broad segments rather than as specific values. In other words, it is better and safer to store “Customer segment 1” instead of “Customer lifetime value = $65,434”, and the former will usually work just as well in support of personalization scenarios.

When identifiers are used to tie people together between data sources, it is best to employ a system-generated common identifier between systems or a one-way hash, rather than storing personally identifying email addresses or user IDs. For example, when a user signs up for a newsletter on a website, a unique UUID could be randomly generated, and sent to both Lift and the marketing automation platform. This common identifier can be used as the basis for synchronizing any data between the two systems that will be used in support of personalization. However, if the UUID stored in Lift or elsewhere was ever revealed, it could not be directly used to determine a person’s identity.

How Acquia Lift helps: Customers can choose which identifiers they want to utilize in order to match data between systems. Identifiers can optionally be stored using a one-way irreversible hash. Any data that is matched between systems is stored entirely at the discretion of the customer.

Should you collect IP addresses?

IP addresses are often used by personalization products including Lift to determine the geographic location of an anonymous user (e.g. city, region, country). However, in the EU countries, the rules around collection of IP addresses are strict. If IP addresses are used to determine location, the full IP address should not be permanently stored in the profile after the geographic look-up is complete.

How Acquia Lift helps: Customers can choose to store only a partial IP address - such information is then not considered to be personal data any more.

How can users opt in and opt out?

If you plan to combine data together from multiple sources, you may need to consider an opt-in process. In some EU countries, users should provide an explicit “privacy opt-in” in order to gain permission to tie anonymous visitor behavior with known customer data, such as CRM or email. This opt-in is separate from the double opt-in often required for email marketing (e.g. newsletter sign-up).

In the EU, users must also be able to opt-out, in which case any data from different sources that has been combined together must be removed, and the user must once again be treated as an anonymous user. This is also consistent with the EU General Data Protection regulation applicable as of May 2018 and the “right to be forgotten.”

In addition to the above, an opt-out process should also be provided that allows users to disable tracking and personalization altogether. While not strictly required, this is considered best practice, and most personalization vendors support a means for users to opt out.

How Acquia Lift helps: Customers can choose to send identifiers only after the visitor has opted in, and can make use the Lift APIs to support opt-out scenarios to suppress visitor tracking and anonymize profile data.

How will you use cookies?

Personalization technologies like Lift typically use first-party cookies to understand if a user is returning from a previous visit. While this is an acceptable practice that is no different than how web analytics products work, the maximum time to live for the cookie can vary by region. For example, in France, the lifetime of cookies should not exceed 13 months, while the typical practice that can be used in most other countries is two years.

Third-party cookies can optionally be used to tie a visitor together across different websites that you operate. While this is a common and acceptable practice, the use of third-party cookies can have negative connotations with end users because they are also widely used by advertising networks. Third-party cookies are also blocked by certain browsers and devices, as well as by some ad blockers.

How Acquia Lift helps: Customers can configure the tracking length of first-party cookies and enable the user of third party cookies at their discretion.

Update your privacy policy

You should ensure that the privacy policy on your websites clearly reflects your implementation decisions on the points above. Here’s an example statement:

Our website uses a personalization service for identifying the interests, preferences and behaviour of web visitors. No personally identifying information is stored. The personalization service uses cookies to identify returning visitors. IP addresses may be stored and processed, but are shortened and stored in an anonymized form. For visitors that provide their express consent, user interests, preferences and behaviour in the personalization service may be combined and shared with other customer databases such as email.

Users can be delighted by personalization if the experience feels intuitive and helpful. But users can also react negatively to personalization if the experience feels creepy or invasive. Marketers need to recognize people’s rights to the protection of their personal data, and ensure they aren’t crossing the line from cool to creepy.

Data privacy regulations across the globe are continually evolving, and this post examines only a few of the considerations. Make sure your personalization initiatives are vetted by your own legal and data privacy experts, and that you have the appropriate technology and controls in place. If the scope of your project is global, then the data privacy requirements of strictest regions that you operate in should be considered early in your planning, since they may impact your overall decisions.