eting compliance: Why we care //

Marketing laws and regulations have been around for a while. Marketing regulations were not common until relatively recent times. They rarely extended beyond the boundaries of truth in advertising, trademarks, and other areas of consumer protection.

Many of these things have changed with the 21st century. Data became more accessible, cheaper and richer. Social networks, search engines, tracking widgets, and other tools have made it possible for even novice two-bit marketing agencies to obtain the most direct form customer insight, in the form of something similar to outright surveillance.

This is not a secret. Marketing has seen one of the most significant developments in recent years. The average consumer is now more aware of how much data is being collected, analyzed, and used to market to them.

Martech bulls have used this realization to justify their efforts to shift from buyer personas into buyer dossiers. According to them, customers are demanding that marketers place emphasis on personalization as well as seamless omnichannel experiences. Marketers are in a race to get the most personal data.

These trends have been noticed by CX-focused consumers, but they have also been noted by privacy-focused individuals and their government representatives.

Marketers need to be aware of consumer privacy and data sensitivity issues and trust is paramount when consumers choose which brands to engage with.



Dig deeper:

Construct

Trust

, gain sales


In the following article:

The EU’s GDPR

On May 25, 2018, the European Union’s General Privacy Regulation (GDPR), went into effect. This law is a culmination of European sentiment towards U.S. data handling practices and antipathy toward Big Tech. This law was notable because it governed behavior that didn’t actually occur in the EU.

GDPR’s fundamental principle states that any company that controls or processes data belonging EU subjects is in violation of GDPR and can be subject to penalties. No matter where the company is located or where its data collection, control or processing occurred.

These penalties can be severe. The maximum penalties for companies that violated EU privacy laws prior to GDPR were significantly increased. A GDPR violation could result in a fine of up to EUR20 million, or 21.7 million dollars (4% of global annual revenue).

The GDPR was at that time the most comprehensive, severe, and broadest data protection law in the world.

Analogs of GDPR

The GDPR was passed less than five years ago. However, privacy has been a growing concern around the world. There have been more laws and regulations with their own nationalistic and regional quirks. The UK retained its own version GDPR ( UK) in the wake of Brexit.

China’s Personal Information Protection Law is one of the most important privacy laws. PIPL, China’s equivalent of GDPR, is stricter in certain areas. The handling of sensitive information (i.e., personal data that has received enhanced protection such as data about health, race, religion, and other matters) requires consent from the data subject. This is a higher standard than what is required under GDPR in the EU.

What makes PIPL even more distinct from GDPR are the possible severity of the penalties. Under PIPL, serious violations can result in a Chinese government debt of up to Y=50million (equal to approximately $7.37million) plus any “unlawful income”.

Employees and directors of violating companies may also face personal liability upto Y=1,000,000 ($147,000), and could be banned from working in China in the same type of job or have their Chinese social credit scores negatively affected.

The privacy act has been adopted by the United States. A few laws and regulations that affect privacy at the federal level are available in the United States. The Children’s Online Privacy Protection Act (COPPA), for instance, impacts companies’ ability to collect data involving minors. However, a number of other laws may also impact data privacy concerns. However, a U.S. version GDPR at the federal level is yet to be created.

There has been even more activity on the Stateside. The California Consumer Privacy Act (CCPA) was the first to go into effect, about a month after GDPR. This law was an open GDPR-lite adaptation. It applied not only within California, but also worldwide to certain businesses that handle data from California residents.

Other states, including Connecticut, Colorado, Connecticut, and Utah, have also promulgated versions. All went into effect this year. ( Virginia’s Consumer Data Protection Act has been in effect since January 1.

Every state has a different consumer privacy law. This doesn’t mean you won’t be able to get the gist of the requirements, but it is enough for compliance organizations, marketing, IT, and compliance professionals who need to keep up with these changes.

California has also passed the California Privacy Rights Act (CPRA) which is a privacy law. CPRA, which was adopted in July this year, updates and modifies CCPA. These amendments clarify and add new rights to consumer data. A new state agency is also created to handle administrative enforcement powers under CCPA/CPRA.

It’s just the tip of an iceberg. Other states are in various stages of developing privacy laws.

According to , a statement by the International Association of Privacy Professionals(IAPP), “State-level momentum is at an all time high for comprehensive privacy bills,” Although many of these bills won’t become law, it is helpful to compare the key provisions to see how privacy is evolving in the United States.

Virginia’s CDPA recognizes sensitive information and provides special protections. California’s CCPA, however, does not. California’s CPRA now rectifies this, following Virginia’s lead and giving Californians enhanced rights related to sensitive personal data.

Common privacy law provisions

Privacy laws and regulations may not be the same. Even similar laws and regulations may have different mechanics.

Here’s a summary of some of the duties and rights that can be found in these laws.

Data subject rights. A person may have different rights.

Some data privacy laws also grant consumers or data subjects the right to private action, i.e. the right to sue data handlers or entities for violating the law. This right is not granted by some data privacy laws such as Virginia’s CDPA.

Other duties

Data handlers are required to fulfill certain privacy laws. They have to not only meet the needs of data subjects or consumers, but also the government. These duties may include:

Other laws

Data privacy laws around the world may be the most complex and infancy to affect marketing practices. However, there is more to marketing compliance than just data privacy and data management. Many older laws still have limits on acceptable marketing.

This list is not exhaustive. However, it is quite common for different jurisdictions to have laws prohibiting the following:

False advertising

Advertising must be honest in general. Marketers are always looking for ways to make this more complicated (under English common law the UK and U.S. allow for “mere puffery”, which allows for the assertion that a product “the best”. If you claim that your product is compatible with iOS devices (for example), it should be compatible with iOS.

Misleading, deceptive or unfair claims

General consumer protection laws are a more severe version of false advertisement laws. They prohibit what are called “unfair and deceptive trade practices” and can also include misleading claims even if they are technically true. These laws may prohibit you from paying for reviews online.

Specific laws and regulations for each industry

Misleading claims are also prohibited by other laws and agencies. The FDA in the United States regulates advertising claims about health and medicine. The SEC regulates statements and disclosures regarding investments.

High-regulated industries such as finance and healthcare have restrictions on what companies can say.

Even though pharmaceutical advertising may seem innocuous, such as conference swag that has the logo and brand name of a drug on it, FDA clearance is required. SEC action may be taken against an investment firm if it makes false claims or claims that are contrary to disclosure regulations.

Trademark infringement

Trademark laws often do not prohibit anyone from using a phrase, logo or word (or sound, color, or smell) in any way.

Advertising that appears deceptively similar or identical to an in-effect trademark can be considered infringing.

Sometimes, but not always, PPC and backend SEO practices which use a competitor’s trademark could be considered an infringement. For example, you might bid on the company name of a competitor.

Influencer marketing disclosures

When you work with social media influencers, it is important that they clearly and conspicuously declare that they were paid for their posts about your company, product, or service. FTC regulations state that failure to disclose this information could result in liability for both the influencer and the company.

Disclaimer: This article is intended for entertainment, education and/or informational purposes only. This article and any other articles do not constitute legal advice. They also do not imply or confirm an attorney-client relationship. You should consult an attorney licensed to practice in your area for actual legal advice.

MarTech first published the post Why do we care about compliance when marketing.

Tagged

Leave a Reply

Your email address will not be published. Required fields are marked *