Managing Director & Partner
Related Expertise: Digital Marketing, Personalization, Marketing Function Excellence
With a privacy-first approach to data-driven marketing, companies can build trust with consumers and create lasting value, new research from BCG and Google shows.
Marketers today face a tricky paradox: on one hand, the fight for customer attention requires ever more relevant messages tailored to people’s interests at the moment they are most interested. On the other hand, customers are increasingly concerned about providing the data marketers need to create those experiences.
This forces successful marketers to become tightrope walkers, balancing consumers’ discomfort with sharing personal information and their general desire to have familiar, frictionless experiences with the brands they care about. (See Exhibit 1.) And while walking that fine line, marketers must be ready for what’s next: staying ahead of platform changes due to third-party cookie deprecation and tightening global data regulations.
To explore the perils inherent in this balancing act—and to learn how companies can adopt pro-privacy policies that create real value—BCG partnered with Google, expanding upon our prior research on data strategy by surveying consumers and interviewing nearly three dozen marketers at major companies. We set out to uncover how consumers feel about the way their data is collected, what data they are willing to share, and which uses of data they are comfortable with or even prefer. And we asked marketers how they are responding to these evolving consumer sentiments.
The results were clear: while many marketing teams are still struggling to find the right way to reach their consumers online, successful marketers take a consumer-centric approach to data collection across their organizations—and they take proactive steps to build trust with consumers by demonstrating their concern for data privacy.
We surveyed more than 1,000 consumers in the US and Canada in August 2021 and found that three things matter most to them:
What data is collected. There are certain types of data that people tend to be more willing to share. (See Exhibit 2.) For instance, respondents said they are more likely to share their gender, age, zip code, and email addresses with a specific company than their phone number, location, or online browsing activity. Consistently, respondents said they are least comfortable with companies recording their conversations.
These results vary significantly across consumer segments, however. (See Exhibit 3.) For example, new parents are 70% more likely to share their income than the average consumer, but they are 43% less willing to share their activities on other websites. Given the divergent opinions about what data is most private, marketers must consider their consumers’ unique preferences and situations and then define a segment-specific approach to data collection.
Why data is collected. Consumers’ perceptions of how their data will be used impact their willingness to share it in the first place. They prefer that their data be used to create short, informative, and engaging advertising content, or to help companies understand what product innovations they’d like to see. But they are much less comfortable with their data being shared with other companies, and they’re especially uncomfortable with it being sold.
Furthermore, consumers do not fully understand what marketers are doing with their data. For instance, 57% of consumers believe companies are selling their data, 21% more than any other form of data use.
This perception does not match with reality: according to our interviews, few brands consider themselves to actually be “selling data” (an activity which is further complicated by shifting regulatory definitions). Companies can correct these misconceptions and assuage consumer anxieties by being transparent about their intended uses of the data upon collection, such as site updates, product insights, or marketing. This transparency would allow consumers to determine what value they will find in the intended use case—like seeing their favorite styles on display when they next visit a website.
How data is collected. Many consumers are willing to share their personal data with brands, but the majority want a clear incentive (or “value exchange”) to do so. Even as privacy concerns mount, about 30% of respondents said they are willing to share their email addresses with a given company for no incentive. However, 90% are willing to share that data when presented with the right value exchange. Some exchanges are more appealing than others: in general, consumers find hard-value incentives, such as discounts and free samples, to be more compelling reasons to share their data than soft-value incentives, such as access to games, newsletters, or communities. (See Exhibit 4.)
While many companies are quick to offer all consumers discounts in exchange for their data, optimizing the value exchange by consumer segment can be more effective. For example, Gen Z consumers and new parents will share their email addresses for relatively low value incentives, whereas wealthy and retired people are not tempted by most
Our research shows that two-thirds of consumers want ads that are customized to their interests—yet nearly half are uncomfortable sharing their data to receive personalized ads. Much of this comes down to trust. When consumers trust a brand, they are about twice as willing to share their email addresses. But 64% of consumers say they mistrust companies in at least one industry to protect their personal data and privacy online. Technology, travel and transport, and media and entertainment are the least trusted industries, while health care and finance—the most heavily regulated industries—rank highest. (See Exhibit 6.) Meanwhile, 29% of consumers mistrust companies across any industry.
Gen Z consumers, who are relatively less guarded about sharing data, and wealthy and retired consumers, who tend to be less comfortable about online activities in general, are the most mistrustful across all industries. The wealthy and retired segment is two and a half times more likely to mistrust companies than young urban professionals, the most trusting segment.
Based on the survey results and discussions with more than 30 marketers, we have designed a three-step action plan that companies can adopt to take a holistic, privacy-first approach to marketing (see Exhibit 7):
First, cultivate consumer trust through increased transparency and brand management. Showing consumers that a company is sensitive to privacy concerns and can be trusted is essential to success. Companies can build trust by communicating—in clear, concise language—what data is collected, how it will be used, and how it will benefit consumers. Yet only one in three brands actively communicate to their consumers about the security of their data.
This communication must be consistent across touchpoints and should start with the very first interaction a consumer has with a brand, such as the cookie consent form. These touchpoints are an opportunity to clearly communicate your value proposition and data protection policies to consumers, not to drown them in legalese. This content should be A/B tested, like any other language on a website—one brand saw more than a 20% improvement in opt-in rates after testing different consent forms.
Along with typical brand metrics such as favorability and awareness, companies should focus on measuring and improving trust metrics—consumer confidence and respect, for example. As one VP told us: “We take consumer trust seriously. Our tracking of trust allows us to be hyper-aware of potential risks and dangers.” (See “Data Protection and the Trusted Brand.”)
Second, create great experiences by evolving your tech and data infrastructure. In order to create great experiences, you must know your consumer—and that requires accelerating first-party data collection while redefining consumer interactions in a way that respects privacy sensitivities. Historically, much consumer data is still collected through third-party cookies, generally with less consideration about the sensitivity of the data or the consumer’s preferences. Now, in order to decrease reliance on third-party data and adapt to shifting consumer preferences, many marketers are looking to expand their identifiable first-party data, some by 100% or more year-over-year. The majority of marketers are providing discounts as their main incentives in exchange for consumer data, and roughly half have created logged-in experiences to allow for additional data collection. (See “From Third Party to First Party.”)
Further, to create excellent experiences, marketers must shift away from historical methods of data-driven targeting. (See Exhibit 8.) New approaches need to be respectful of consumer data sensitivities and leverage more contextual data and more dynamic creative. “We used to be concerned about efficient personalization at scale,” a global marketing executive noted. “Now we are thinking about personalization as building richer connections between brands and consumers.”
When it comes to automated and integrated tech, five out of six companies we interviewed said they are investing in privacy-ready technology and building in-house capabilities. Winning companies are revamping their data and tech infrastructure to be:
Marketers also need to redefine and future-proof measurement with the right tools and tags. While there is no “silver-bullet” in measurement and future-proofed solutions will not replace existing measurement one-to-one, marketers need to invest in and integrate a range of measurement solutions with complementary strengths and weaknesses. As a chief revenue officer at an ad agency observed: “Without third-party cookies, you need to make strong inferences about your consumers and rely more heavily on a variety of signals and machine learning to piece it together.” (See “In-House Data Technology.”)
Internally, it’s also important that teams are able to access data in order to inform decision making; however, this requires strict data access, governance, and cataloging protocols to make sure that individuals are given approval to view or use data based on right- and need-to-know.
Third, build a data-centric organization with a privacy-first approach and mindset. Since data privacy and communications are now critical for any brand, the role of chief marketing officer (CMO) should be reimagined as a data steward. In this position, CMOs and their teams can take ownership of data privacy, data collection consent management, and communications to consumers regarding data. Additionally, CMOs are in a position to align internal finance teams, legal teams, and the executive suite around the company’s privacy strategies—and inform them (for instance) how shifting from third-party to first-party data collection may impact their overall business.
Another way to build a data-centric organization is to bolster internal education and culture change involving data privacy. Here, it is critical to create cross-functional privacy teams that have an experimental mindset. In our interviews, we found that nine out of ten brands are building data-privacy teams, some of them quite robust. In one case, an executive told us about a cross-functional data team that included “people from legal, compliance, privacy, vendor, tech, and marketing teams. They decide what data will be shared, how it will be used and how it will be stored. They stop us from jeopardizing the trust of our consumers.”
Lastly, building a data-centric organization requires applying the same privacy-first approaches beyond your four walls—which means including the data and services partners you work with. As restrictions around cookies and tracking minimize the scale and richness of data that can be collected, winning marketers are turning to new privacy-first data partnerships to bolster their data and capabilities in order to provide their consumers with even better experiences. Such partnerships include:
These shared ventures must be carefully vetted up front to be certain that all partners are maintaining the highest level of data privacy across the value chain. Partners need to be fully transparent; they should include an overview of what data will be shared and how it will be moved and protected. They should have the right teams and right levels of engagement, and they should be reviewed critically across key, predefined privacy criteria. Partners unable to meet delineated upfront data privacy standards should be turned away. (See “The Data Privacy Team.”)
With all of these requirements, the journey to win in marketing with a durable, privacy-ready approach can feel overwhelming. But the investment is worthwhile—and it can’t wait. Organizations need to move quickly and take a test-and-learn approach while also preparing for longer-term shifts. To do so, they should start aligning on a privacy-readiness roadmap today. (See Exhibit 9.)
The roadmap above can provide a holistic strategy for privacy-first marketing. Steps taken early on can have significant impact on long-term privacy readiness. And while some of these steps require significant culture change, this approach will better balance companies’ marketing activities with their consumers’ privacy expectations and preferences—and make walking the data-collection tightrope less daunting.