Welcome Enrico Girotto, Director of Public Affairs at FEDMA, as he dives deep into the evolving landscape of data protection in marketing, addressing the challenges of GDPR compliance, AI integration, and ethical marketing as part of the MarTech Thoughts series.

Challenges and the Future of Data Protection in Data-Driven Marketing

The past five years have marked data-driven marketing with significant regulatory and technological developments, which will set the course of the industry in the short- and medium-term.

Through the lenses of data protection, this interview will focus on three major challenges expected to play an important role:

How is the GDPR still raising issues for companies?

2024 marked the sixth anniversary of the GDPR, which was reflected in the European Commission’s Second Report on its application. Though the report acknowledges significant progress in implementing the EU data protection framework, particularly in increasing awareness of data subjects’ rights and significant investments by the industry, it also voices businesses’ concerns over ongoing legal uncertainty on key data protection issues. An area of the GDPR where marketers still grapple with legal uncertainty is around the appropriate legal basis for processing personal data, particularly regarding legitimate interest. This uncertainty often leads to an overuse of consent exacerbated by the stance of certain regulators despite other legal bases being more suitable. This leads in turn to unintended negative consequences for customer promotion, innovation, and optimal user experience. A joint industry statement, published in July and spearheaded by FEDMA, called on regulators to achieve a better application of the risk-based approach, to balance data protection with the operational needs of businesses, and to foster innovation while ensuring legal compliance.

How does AI fit in the current data protection landscape?

The new EU digital rules adopted over the past five years (Digital Services Act, Digital Markets Act, Data Act, AI Act, etc.) will require a stronger dialogue as they go beyond data protection and also regulate online safety, competition, content moderation, data sharing, and AI.

Artificial Intelligence, whose collection, use or creation of personal data can pose challenges under the GDPR[1], will bring further questions in the context of marketing, stemming from the opportunities that AI marketing tools can offer in terms of hyper-personalization to better tailor promotional messages and content to prospects and existing customers. While personalization can enhance user experience, it also risks being perceived as excessively intrusive or manipulative. AI algorithms may also inadvertently incorporate biases present in the data used to train them, leading to unfair or discriminatory outcomes. This can result in biased targeting or exclusion of certain demographic groups from marketing campaigns, which is potentially harmful.

Fortunately, most of these risks are not new to the Data and Marketing Industry, which has long relied on personal data to tailor the consumer experience, and the industry already has experience in dealing with risks related to intrusiveness and biases through the lens of data protection. While the use of AI marketing tools will most likely exacerbate these issues, marketers who have consolidated a data protection culture to safeguard their customers’ personal data will be advantaged to mitigate these risks when using AI.

[1] GDPR, Article 5: Principles relating to processing of personal data

How should marketers approach ethical marketing?

Marketers will increasingly need to go beyond legal requirements to ensure trustworthy customer relationships through the adoption of ethical marketing practices. The newly published 11th revision of the Advertising and Marketing Communications Code of the International Chamber of Commerce (ICC), which FEDMA worked on, puts great emphasis on this concept, stating that all marketing communications should not only be legal but also decent, honest and truthful.

In the realm of data protection, adopting Privacy Enhancing Technologies (PETs) to process personal data for marketing purposes is an example of how companies can operationalize ethical marketing practices. PETs such as pseudonymization, differential privacy, federated learning, etc. enable marketers to protect consumer privacy, comply with regulations, and build trust with their audience while still leveraging data for effective marketing campaigns.

Consumers are more aware of their privacy rights than they have ever been, especially the younger generations who will turn their backs on organizations that do not treat their data with respect. This means that even Google’s recent decision to cancel cookie deprecation will not stop (and should not stop) the online advertising industry to explore more privacy-friendly alternatives to third-party cookies. Ethical marketing practices place the consumer at the centre, and marketers should not use the increasing regulatory challenges to disregard consumers’ privacy expectations.

A big thank you to Enrico Girotto, Director of Public Affairs, FEDMA, shares his expert insights on GDPR, AI’s impact on data-driven marketing, and the need for ethical practices. If you want to connect with Enrico, feel free to reach out via LinkedIn!

See more MarTech Thoughts interview pieces here!

Last updated: September 2024