, , ,

Navigating the New Privacy Landscape: What Marketers Need to Know about Data Privacy Regulations

Dasha working on a website at her laptop with a coffee.

Privacy protection is a growing issue for legislators in many countries, and Canada is no exception. With digital platforms and tools able to collect more information than ever before, countries need to be sure that users’ data is being collected and used in an ethical and safe way. Currently, Canada is drafting a series of acts for protecting personal information and data, including the Consumer Privacy Protection Act (CPPA) to replace the PIPEDA. While it is still only in its second reading, it will likely be enacted this year with minor changes. User information and data are vital tools for marketers, so they need to understand this new privacy landscape. We explain how privacy regulation is becoming more prominent and what marketers need to know and consider.

A Surge in Data and Privacy Regulation

In recent years, there has been a wave of new digital privacy regulations with a slew of acronyms. One of the first major acts was the EU’s General Data Protection Regulation (GDPR) in 2018. Since then, many members of the EU also revised or are drafting their own privacy acts. Outside of Europe, Canada is just one of the many nations revising and updating their own digital privacy legislation. Australia is also drafting its own, while India is currently voting on the Digital Personal Data Protection Bill (PDPB). Brazil passed its own Brazilian Data Protection Law (LGPD) in 2019. In the U.S., numerous states have enacted and are currently drafting their own legislation.

Privacy Legislation in Other Provinces, States, and Countries

All those different acts are important for marketers and businesses. If operating and potentially collecting data from users internationally, they need to be sure they are following that nation’s privacy laws. That’s still something to consider even when working within Canada. Most places in Canada are subject to both federal and provincial law. While the federal government is still currently working its way through the legislative process for the Digital Charter Implementation Act, 2022, individual provinces like BC and Quebec have already passed and updated their own provincial legislation in anticipation. This is a similar situation for the EU, where each member can have its own privacy legislation in addition to the GDPR, e.g. Germany. It’s slightly different in the U.S., which has no overarching data protection and security law. Instead, individual states, such as CaliforniaVirginia, and Colorado have enacted their own privacy laws. 

Most of these data protection laws are being drafted with similar considerations for individual privacy. However, different countries and regions may have important differences or restrictions/allowances for certain industries. If a marketer is ever working with user information from these areas, it is best that they familiarize themselves with any specific requirements. 

Platform Regulations and Policy

These national, provincial, or stated requirements exist alongside any additional privacy policies set by other companies, such as Apple. Many of the platforms used for marketing, such as MetaGoogle, or Klaviyo also have their own policies about how data is collected and used. In turn, those platforms must also follow legislation, or else face serious fines. While breaches in these policies might not result in legal action for a business, they can result in their suspension or removal from the service. That can severely impact a company’s marketing opportunities as well as their and a marketer’s reputation.

What Does This New Privacy Landscape Mean for Marketing?

The CPPA is meant to protect users and ensure their right to control their information. If marketers are already treating user data with the care it deserves, then they will see little changes to their current strategies. However, there are some specifics of Canada’s new CPPA that marketers should remember:

  • Valid Consent: A primary concern of the CPPA is that users must provide valid consent for their information to be collected and used. This still includes the idea of “implied consent”, but only in instances where the information is necessary.
  • Plain language: One of the biggest facets of the CPPA is clear communication. Whenever requesting consent, a business will need to include a full explanation in “plain language” that details what, how, and why information is being collected, stored, and used. Thankfully, communication and writing in plain and clear language is a standard marketing expertise.
  • Revoking Consent: The CPPA will require that users can easily revoke their consent at any time and have their data disposed. Whether that information was collected via a website, through email, or on social media, marketers and data managers must be prepared to remove that information.
  • Explaining the Algorithms and AI: Since artificial intelligence and algorithms are becoming more advanced, the new CPPA will require organizations to be transparent about how user information is being used with algorithms and more complex learning models to generate content such as personalized messaging.

How the New Legislation Helps Marketers

Those new requirements might make data collection more difficult and affect your metrics. However, it will also help marketers navigate this new privacy landscape. Once legislation passes, the Privacy Commissioner of Canada will create a new accessible list of best practices. This already exists for previous acts, such as the Digital Privacy Act. These parse through the legislation to provide guidelines in clear and directed language for how marketers and organizations should follow the new legislation. This is valuable for marketers since it is a comprehensive list for their own reference. These best practices are also great support documentation to show clients what the requirements are and why.

The Changing Landscape of Privacy

This new legislation in Canada and other nations are creating a new privacy landscape. However, most of it will be familiar territory to marketers already following these best practices and collecting and using data information honestly and ethically. When the CPPA finalizes later this year, we will have a full sense of its requirements and specifications. For now, if you want to ensure your marketing and data collection is prepared for these oncoming requirements, contact our marketing team.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.