Tealium iQ: Data Privacy as a Differentiator
As data collected through the web, mobile devices, and the Internet of Things (IoT) increases exponentially, managing and respecting data privacy is a serious concern for consumers and a challenge for organizations.
The good news, is technology currently exists that allows customers to control their online privacy settings.
Unfortunately, most consumers are unaware of this, and most companies do not respect those settings.
Don’t Track Me, Bro!
Consumers have an increasing desire to not be tracked or control what is tracked. Data privacy is a far-reaching issue and consumers do care, as:
- 74% of Americans believe control over personal information is “very important” (Source)
- 9% of consumers believe they have such control (Source)
- 41% are concerned about how their security is impacted by Ad Tracking (Source)
For organizations, privacy is too often a low priority because there is not a perceived urgency or upside.
However, the risk of major damage is high and underestimated, as a single privacy issue will cause major brand damage and other potential legal ramifications. Organizations also underestimate the upside of increased user confidence as they recognize that you care about user privacy.
How Companies Track You
As we discuss how companies should improve their consumer data privacy efforts, let’s take a step back and look at how companies are tracking consumer information today. There are a variety of ways that companies collect data using 3rd party cookies, 1st party cookies, local storage, browser fingerprinting, and IP address.
You can test your own browser fingerprinting results here.
Why Companies Track You
Companies track you in order to gain information that will help them increase revenue and profit.
Advertisers want to know more about you so they can increase the relevancy of their ads and reach more potential customers who look like you (and buy like you). They also want to know when not to show you ads and save money. So, next time you complain about seeing a display ad for that product you bought the day before, maybe they don’t have the data they need to stop from showing you that ad.
Analytics, user experience, and personalization teams want to collect data about you to understand what’s working well and what isn’t to make websites, apps and other interfaces easier to use. Ideally, they want to create an experience that is easy to use and personalized to your interests, which will make you want to share your data.
What Can Be Tracked?
A plethora of information about you can be tracked including:
- Who you are (e.g. name, gender, race, age, weight, heart rate, government ID)
- What you did (e.g. education, career, criminal record, press, awards, credit score)
- What you like (e.g. political party, social groups, entertainment, brand affinity)
- What you have (e.g. income, home, car, devices, clothing, jewelry, investments)
- What you do (e.g. keystrokes, gestures, eye movement, TV viewing)
Want to know more about what advertisers know about you? Here are some sources:
What Should Marketers Do About Data Privacy?
There is an opportunity for companies to differentiate based on how they handle their customers’ data and privacy.
Companies who choose to take privacy seriously, and provide real value to their customers based on what they know about them, will rise above others who do not.
As a quick aside, many marketers worry that if they provide privacy features and opt-out options to customers they’ll lose data accuracy. This is a fallacy, as digital data is not meant to be 100% accurate and marketers should instead focus on trends and segments of data to identify opportunities for improvement.
Other areas of focus should include:
- Providing great experiences
- Assuring trust in how data is handled
- Being transparent in privacy policies
- Giving consumers choice and control
Let’s focus on the last bullet since that’s where companies tend to fall woefully short. Imagine if we lived in a world where your customer could have better control of their data privacy. There are a few specific ways to provide them with that control.
Do Not Track (DNT)
“The signal sent MUST reflect the user’s preference, not the choice of some vendor, institution, site or network-imposed mechanism outside the user’s control; this applies equally to both the general preference and exceptions.” -W3C Standards on DNT
There are issues with DNT though, including the fact that there is no legislation in the United States to enforce it and most advertisers do not honor the DNT setting. Overall, it has good intentions but accomplishes little.
Enablement of DNT is low, with 4% in the United States (Source), but among visitors to the Blast website in 2016 it was 18%.
An alternative technology is Opt-Out, which is available via plugins, browser settings, or website controls. When a customer explicitly opts out of technology it is expected to be honored 100%. Opt-Out can also be set at a granular level and tied to a single technology or specific website.
Opt-Out is robust, as it targets both 3rd-party advertising technology and web analytics tools.
The overall message is to be a better marketer by proactively increasing your customers’ access to their privacy options. Your users are real people like you and me who care about their privacy.
We suggest you do it before you get bad PR that is sure to damage your brand.
How We Helped Healthcare.gov Ensure Privacy
At Blast Analytics & Marketing, we recently went through this very process of increasing privacy controls for consumers for one of the most visited sites on the internet. Healthcare.gov, the flagship site of the Affordable Care Act, had previously received negative press in the area of consumer privacy and therefore made transparency and consumer options a high priority.
Although HealthCare.gov met the privacy standards, they wanted to provide their customers with an extra layer of security in addition to DNT.
This extra security would ensure that DNT tracking was honored, and offer their customers further peace of mind that their information was secure.
Theoretically, a third-party website could match up information unknowingly provided to them by a referring website with an already extensive amount of information they had collected about a user. This could result in a detailed profile of a user’s online reading habits, buying preferences, medical conditions, salary, etc.
HealthCare.gov wanted to ensure this did not happen to their users.
To meet security standards set by HealthCare.gov, we recommended the use of Tealium iQ tag management.
By migrating all site tags from Google Tag Manager (GTM) to the Tealium iQ tag management solution, HealthCare.gov could give users control over what tracking and data collection takes place during their visit. Leveraging Tealium iQ capabilities and a Tealium Privacy Extension option, a new Privacy Manager was built and implemented across both the English and Spanish sites.
When opted out of specific tracking categories, the Privacy Manager blocks third-party tools from ever loading (regardless of your cookie settings), preventing cookies, web beacons, and local storage objects from being placed on a user’s device.
This provides users with an additional layer of privacy, and HealthCare.gov retains a user’s desired settings for 3 years from the date of their most recent visit.
The Privacy Manager is also unique in that it provides users with the choice to opt-in or opt-out of entire classifications of tags, rather than individual tags.
The three classification categories of third-party tools used by HealthCare.gov that can now be managed by users are:
- Advertising: Will block the use of digital advertising tools such as web beacons.
- Social Media: Will block the ability to track a user sharing content on Facebook, Twitter, or other social media accounts.
- Web Analytics: Will block the ability to use tools to count, track, and analyze visits.
Furthermore, Tealium does not see, collect, or store a user’s data either. By building a set of instructions for the browser to execute, the management and routing of data is completed within the browser itself, rather than through the Tealium servers. User IDs stored in its cookies are different on each website, and they do not use any sort of browser fingerprinting or supercookies.
These safeguards make it virtually impossible for Tealium to track HealthCare.gov users.
Lastly, users who have turned on the DNT feature in their browser will have advertising-related tracking disabled by default.
Shortly after launching the new privacy opt out and DNT option, EFF, the previous news organization that wrote about the privacy concerns, had a follow up story with positive press about healthcare.gov’s 3rd party privacy practices.
This forward thinking approach to online consumer privacy protection was a first for any U.S. Federal Agency.
Blast helped Healthcare.gov evaluate technologies, select Tealium, create a strategy, and implement to deliver enhanced consumer privacy and choice.
Using the Tealium iQ Privacy features we helped Healthcare.gov:
- Provide a high level of security to consumers
- Provide consumers options to Opt Out
- Honor Do Not Track settings
- Create a friendly system to accomplish these objectives
We used the following features of Tealium iQ:
- Do Not Track Extension
- Privacy Manager Extension
- Privacy Manager Modal
As a result of the data privacy efforts using Tealium technology, Centers for Medicare and Medicaid Services (CMS) was able to achieve the following:
- Increased customer access to privacy controls
- User can adjust privacy options via modal to Opt-Out of Advertising, Social Media, or Web Analytics tags
- DNT is automatically honored to opt user out of ALL Advertising tags
- User’s privacy selections honored for 3 years from date of last visit via 1st party cookie
- Privacy selections honored across all sub-domains
- Increased transparency on 3rd-party tools
- Privacy Impact Assessment for each 3rd party tool (TPWA) covers why and how each tool is used
- 3rd-party tool assessments
- Provides links to 3rd-party privacy policies and opt-out links
Having achieved these consumer privacy objectives, there is always an opportunity for ongoing improvement. CMS and Blast continue to work together to educate internal stakeholders on the importance of data privacy and to ensure its place in the overall data governance efforts.
Read the full CMS Healthcare Data Privacy Case Study
Takeaways on Data Privacy
- Privacy concerns intensifying and best to get ahead of it now!
- It is okay to lose some data as it won’t impact insights
- Perform a Privacy Impact Assessment
- Be a responsible marketer; use Tealium iQ Tag Management Features to Honor DNT
- Invest in your commitment to User Privacy via education, governance, and monitoring
- Differentiate and protect your brand by proactively embracing user security and privacy
Let’s keep the conversation going. Please share your questions or thoughts on Internet/Digital consumer data privacy.