When it comes to data privacy law compliance, are your marketing or legal team’s priorities more important?
For companies operating globally — or even those whose websites merely reach visitors in different locations — this question has consumed significant time and valuable resources, with one or both parties generally feeling aggrieved.
What if rather than this relationship being competitive, it could be collaborative and lead to better outcomes for your customers and company? This optimization isn’t hypothetical; it exists today for those in the know.
In this post, we’ll show you how you can utilize Littledata’s integration with industry-leading data privacy compliance platform Clym to make this a reality for your website.
First, though, we’ll need to survey the current landscape of privacy laws and how they affect what you can have on your website.
How do data privacy laws affect your website?
Modern data privacy laws originated in 2018 when Europe implemented the General Data Protection Regulation (“GDPR”). Other jurisdictions have followed in the past few years as consumers increasingly grow concerned about their individual privacy.
At their core, data privacy laws affect companies that collect and/or process the personally identifiable information (“PII”) of individuals, such as one’s name, email address, phone number or other information that can be readily attributable to a person. These laws dictate and restrict the way that PII is collected, processed and stored. Their restrictions often depend on a consumer’s consent to these actions, and are generally implemented to cover the geographic location of the consumer, rather than the location of the company to which they apply.
One commonly overlooked piece of PII is the IP address of a website visitor that gets collected by cookies and tracking scripts. However, regulators are increasingly reviewing websites to assess data privacy law violations, and private advocacy groups have picked up the enforcement slack by lodging complaints against companies in multiple jurisdictions. Complaints regarding noncompliant websites range from companies implementing a cookie wall, relying on “legitimate interest” for consent or violating the principle and requirements of granular consent.
Are all privacy laws the same?
No, and that’s a problem for marketing professionals focusing on data-driven growth. Privacy laws are different around the world: in the US alone, a fragmented landscape of regulations is emerging on a state-by-state level, with California, Virginia and Colorado being first to adopt comprehensive laws for their residents. Most states aren’t far behind, and already-implemented laws are changing with a high level of frequency.
Data privacy isn’t limited to the US and EU. Countries such as Brazil and China have implemented their own laws, each with their own nuances and penalties for noncompliance.
As consumer awareness regarding privacy continues to expand, expect these laws to proliferate, with enforcement following closely behind. If you’re targeting consumers in any location where a data privacy law exists, you need to ensure compliance with that jurisdiction’s regulation.
My website has a cookie banner, so I’m good to go, right?
The unfortunate reality is that many cookie banners are noncompliant for purposes of modern data privacy law, putting you at risk for penalties. Others only offer a static, inflexible UI that either creates friction for visitors or restricts the flow of data to your marketing team. The consent standards for each jurisdiction play a major role in how marketers can collect data from consumers. GDPR is an explicit consent or “opt-in” regulation, meaning that a consumer must provide specific and affirmative consent before you can collect their PII.
CCPA, on the other hand, is an implicit or “opt-out” regulation, meaning that you can collect data from consumers assuming their consent, but must provide a way for them to retract that consent. These are mutually exclusive frameworks that require marketers to adopt a flexible approach.
Further, to achieve compliance your website should have up-to-date policies (e.g., privacy, terms of use, etc.) and a mechanism to respond to data subject access requests (“DSARs”). Companies who fail to implement a scalable DSAR solution can become overwhelmed with consumer requests that are time-consuming and expensive.
What’s the solution?
Marketers rarely take a one-size-fits-all approach, and the same mindset should apply to data privacy compliance.
There is no global standard, and adopting a static framework will put your company at risk of legal noncompliance, restrict the amount of legally-obtainable data flowing to your marketing team, or both. That’s why Littledata has an integration with Clym, a global leader in global website data privacy compliance management. To make things even easier, this integration can be deployed whether you’re only concerned with one site or if you leverage cross-domain tracking.
Clym believes in striking a balance between legal compliance and business needs, which is why they provide Littledata companies with a cost-effective, scalable and flexible platform to comply with LGPD, GDPR, CCPA and other laws as they come online. Clym’s platform provides consumers with an effective and easy-to-navigate way to opt-out of data collection while not infringing upon the website UI that businesses rely on to drive revenues.
Check out Littledata’s integration with Clym today to help manage your data privacy regulation compliance from a global perspective without sacrificing the valuable data your marketing team relies on for its digital strategy.
This is a guest post from Michael Williams, Partner at Clym, a leading provider of data privacy law consent management software. After starting his career with Ernst & Young, Michael has provided executive leadership to multiple organizations with a focus on long-term strategy, day-to-day financial management and legal concerns (especially privacy!) Michael is a California-licensed attorney with his J.D. from the University of Connecticut and an M.B.A. from Bryant University.
