Data privacy, digital marketing and the rule of three…


  •   6 min reads
Data privacy, digital marketing and the rule of three…

When confronted by a screen-long menu of cookie permissions, says Andrew Sharp from Securys – try Reuters or YouTube – it can feel like you need a degree in the subject. Companies like this are the cookie monsters.  He says: "the power of permission marketing is worth dedicating some time to mastering."

I mean it. Three initial cookie options. No more in the first cookie banner.

Even the UK government is threatening to challenge "pointless cookies" – and not necessarily in a good way, I might add.

There are many books on "permission marketing". But what you need to know will fit on a post-it note. Here goes:

·      Offer three choices

·      Keep them simple

·      Present them equally

I mean it. Three initial cookie options. No more in the first cookie banner.


One of the three options needs to be 'Reject all optional cookies' while also delivering a functional online experience. It must be as easy to reject previously accepted cookies as it was to accept them, so if we have an 'Accept All' button, we must also have a 'Reject All' button. You absolutely can't have customers 'reject all' and then drop cookies anyway, which is what many companies are doing. That also makes them, yes, cookie monsters.

The others? 'Manage cookies' gives a link to a more granular option, allowing customers to manage individual cookie purposes and share with third parties according to preference. These options must not default to accepted.

Finally, the one we already see everywhere, 'Accept all'. There is an argument that "Accept all" doesn't constitute valid consent as the customer won't have seen the detail of cookies dropped, but with the "Manage Cookies" option available providing access to sufficient information for informed consent, it seems fair to offer the 'Accept All' shortcut completing our set of three options on a spectrum from 'rejecting all' through 'manage cookies' to 'accept all'.

Trust without nudging

Image credit 


It is also essential to make the choices equal. For example, do not make the 'Accept All' button more prominent through position, size or colour. To do so suggests that you don't trust your customer to make the right choice and that you have something to hide. We believe that privacy is all about trust, so we recommend that clients inform customers clearly and trust them to decide without nudging. In return, we believe that customers will then trust you with their data.

Cookie permissions that hoodwink customers, such as clever ways of duping them into handing over their data, like suggesting you don't need consent because you have a 'Legitimate Interest' in personalising advertising, may lose you business. The law is clear that consent is required for non-essential cookies, and customer opinion is clear that they want control. Instead, the trust you develop with customers, many of whom are nervous about data privacy, will deliver long-term, loyal and valuable relationships.


Sixty per cent of customers are afraid their data will be misused finds research from  Securys.  It's a fear that comes second only to identity theft. Nearly everybody, across all age groups, pays attention to data privacy before spending money online.

And with good reason. A UK Supreme Court judgment is expected imminently over Google's alleged 'Safari Workaround' between 2011 and 2012. Google allegedly set its DoubleAd Click cookie to track and collect information about iPhone users' internet activity, known as 'browser generated information', without their knowledge or consent, in breach of the Data Protection Act 1998.

Google aggregated the browser generated information into groups like current affairs enthusiasts or football lovers and sold that data to advertisers.

A third of consumers polled will not trade their privacy for a lower price. So your more granular 'Manage Cookies' option should offer clear control over sharing of their information with third parties. It's your opportunity to invite customers to choose whether to allow you to share their data with any third parties such as advertising networks. That personalisation is perhaps the most valuable permission a brand can be granted by customers, arguably more valuable than spending advertising money to retarget them.

Crucially, the research found that 80 per cent of customers judge a brand on whether it respects their privacy. While half of all consumers routinely decline marketing emails and cookies, 75 per cent change their mind when they are offered clear privacy information beforehand. Easy access to change their mind, then, is a critical part of designing a consent mechanism. This isn't a one-time decision. Make sure that customers can access a consent centre where they can review and change their options.

Don't blow it


With data privacy established as a core tool in building brand value – don't blow it with a ream of cookie options, in other words, the kind of fine print that spooks them. Transparency is about providing appropriate information to inform choice, not about impenetrable waffle hoping for a 'whatever' (i.e. accept all) response.

There are two ways to approach privacy around cookies; one is as an intellectually interesting legal challenge, 'Can I find a way around this?' and the other is a values-based 'How can I protect the rights and freedoms of my customers?'

It's never been more important for digital marketers to understand this and to align their approach with brand values, as our rules over data privacy look set to change according to noises being made by the UK government.

The new Information Commissioner John Edwards told a recent hearing of the Digital, Culture, Media and Sport (DCMS) Committee that the UK might "take Fleetwood Mac's advice" and "Go Your Own Way" – suggesting a break from current General Data Protection Regulation.

This coincides with a June report to government by an independent committee called Taskforce on Innovation, Growth and Regulatory Reform which said, "A good measure of whether reform is successful will be the end of pointless cookie banners, together with securing a greater understanding among the public of how their data is used, if and how they benefit from their data and what their realistic privacy and consent powers really are."

And just before we get teary-eyed about our current government's concern for citizen privacy, let's add that the context behind this statement read, "Consumer data is highly profitable and a currency in itself. One study estimates the email address of a single internet user to be worth US$89 and the total data of the average US resident US$2,000 - US$3,000. There is a multi-billion–dollar industry of data brokers—companies that collect and sell consumer data to other companies. Studies show that Google holds the equivalent of roughly three million Word document pages per user in personal data, and Facebook holds around 400,000 pages of data per user. This data is extremely valuable."

So I'll remind you of my point: permission marketing, robust brand trust through respect for customer data is even more valuable, and this should be the goal.

Even John Edwards went on to say, "What I really want to do is make privacy easy. I want to make data protection easy – easy for industry to implement at low cost, easy for consumers to exercise privacy-friendly choices in their marketplace, and easy for people to access remedies when things go wrong."

Yes, we subscribe to this policy ambition in principle.

But how does that translate in terms of your relationship with customers? First: don't cut corners, be upfront, and offer them what they want - the peace of mind that their data is in safe hands. Second: go beyond compliance and build trust by providing clear information and putting the customer in control. Show that you trust your customers to decide. They will then trust you to respect their choices.

Andrew Sharp is a Practice Lead at Securys, where he is dedicated to helping clients use data wisely, safely and transparently


Securys is the UK's largest specialist data privacy consultancy, with a proud reputation for integrating the human right to privacy into a business proposition that wins clients the competitive edge. In other words, good privacy is good for business.

Related News

You've successfully subscribed to Techopian - The conversation and voice for ethical technology
All done, we'll keep you informed when we post articles. Just check your email
Welcome back!
Success!
Success! Your billing info is updated.
Billing info update failed.
Your link has expired.