In their “Privacy-Led Marketing Handbook: The Actually Actionable Guide to Privacy Regulations for Marketers,” authors Nabeel Keblawi and Jeff Sauer urge businesses and their marketing companies to take action to avoid penalties resulting from noncompliance with privacy law.
In the old days – well, not too old – advertising platforms used third-party browser cookies to create visitor profiles. Ads were tailored and pushed to consumers based on their purchase history and other habits. It was the Wild, Wild West – which ultimately got a little too wild. Not only was the privacy of users being violated, but identities were also placed at risk of being breached, hacked, or sold.
Then the law cracked down. Hard.
A flood of privacy developments ensued, from the General Data Protection Regulation (GDPR) to subsequent updates from iOS 14.5 and 17 (and so many others in between).
As third-party cookies dropped like flies, the FTC went to work enforcing laws and levying fines. Businesses were fined up to $100,000 for not implementing a privacy policy on their websites, while larger companies shelled out more than $2 billion for violations in 2023, alone.
According to the guide, there are seven big things small businesses neglect, ultimately resulting in fines and other consequences.
They don’t:
- Follow data processing guidelines.
- Obtain permission for the data that is collected.
- Properly protect personal data from breaches.
- Disclose how information gathered is going to be used.
- Conduct data minimization activities.
- Lawfully transfer data to third parties.
- Obtain user consent before targeting ads using personal data.
While privacy laws vary state-by-state, they remain applicable to businesses that have customers or website visitors who reside within a jurisdiction in which privacy regulations are in effect. As the handbook explains, some states may exempt smaller businesses from comprehensive statutes, such as California, where companies must have annual revenue exceeding $25 million and maintain the personal information of at least 50,000 people, households, or devices. Still, it is important to remember that laws are different in each state, making attention to detail paramount. Keep a keen eye on the following components to avoid any unpleasantness in the future:
- Be sure to add appropriate disclaimers to all website forms.
- Regularly review your Privacy Policy pages to ensure they are easily accessible and up to date.
- Double-check cookie notices on your websites and make certain opt-in/opt-out procedures are in place.
- Create forms with privacy in mind to reduce the risk of “dark patterns” (i.e., pre-ticked boxes, hidden costs, “sticky” subscriptions, confirm shaming, etc.)
Don’t put your business at risk of privacy violations and the debilitating fines that can result. Talk to the IMPACT team today to learn how we can help.
Read the “Privacy-Led Marketing Handbook: The Actually Actionable Guide to Privacy Regulations for Marketers,” by Nabeel Keblawi and Jeff Sauer, available for download here. Subscription fees may apply.