Facebook third party

How To Navigate Through Facebook’s Ad Targeting Changes

We all know the story: Facebook has been under pressure about how their third-party targeting data capabilities infringe on user privacy since even before the 2016 elections, but they could no longer make excuses once the Cambridge Analytica scandal broke. Now, the company is making a permanent – and surprising – move that may usher in a new era of social media where privacy is king, and user vulnerability is no longer the norm.

For most people that use Facebook, and other social media networks, this is a welcomed shift; but as a marketer, the alarm bells might be sounding. If you’re feeling a sense of dread for all the meetings that need to be scheduled with management to explain next steps, here’s an overview of what you need to know to prepare for and navigate those meetings.

What Exactly is Facebook Changing?

Facebook’s announcement outlined their plan to place restrictions on advertising data usage, with the emphasis on eliminating all public and private third-part targeting; essentially the dissolution of their Partner Categories tool. This tool previously allowed marketers to partner with companies to use offline purchase data to enhance their ad targeting. Some of the targeting that this will effect includes behavioral, purchasing, and household income. This change has a pretty transparent goal: decrease user vulnerability by limiting the way their consumer data is used by other companies.

Why is Facebook Making This Change?

There are several reasons that Facebook is making this change, but the most prominent reasons are the Cambridge Analytica scandal and the new General Data Protection Regulation (GDPR). The scandal put a target on Facebook and drew criticism from users, stakeholders, and others in the social media space. GDPR took effect on May 25, 2018, and aims to give data control back to the people. One way GDPR does this is by requiring companies to gain explicit consent for all data collection they do, as well as transparency about how that data will be used. GDPR is applicable to all residents of EU, no matter where the company in question is located. Additionally, Facebook’s general outlook has shifted from one of arrogance to one of responsibility; making changes like this is the only way they are going to keep the business alive.

How Will These Changes Effect Marketers?

As of October 1, 2018, Partner Categories will cease to exist and any ads that are running using that targeting option will no longer be delivered. In a nutshell, marketers will need to bring their targeting focus inward, and stop looking to third-party targeting to reach their audiences. This is not doomsday; there are plenty of other ways for marketers to target their audiences online.

The first step is to revisit and adjust existing KPIs with Facebook’s new limitations in mind. Trying to meet those expectations without the same tools would have any marketer feeling like a failure. As you review and rebuild your strategies and KPIs, don’t forget to focus more on objectives that align with brand awareness. Operating your targeting within Facebook’s new rules will help you gain and keep the trust of the audiences that you continue to reach, which is an invaluable way to gain long-term brand advocates.

Don’t forget that you have a lot of data on your own. Start to work with your internal teams and your agency to collect that data and find creative ways to use it for targeting and for general content. Upload your existing data lists into your campaigns and start running some targeting to see what results you get. Adjust, repeat, adjust, repeat.

There are also other social media networks that you can use to reach your targets. If you haven’t created company pages on Pinterest, Twitter or Snapchat, now might be the time to start exploring how you can leverage those platforms to access new audiences.

Last minute gdpr checklist

Last Minute GDPR Compliance Checklist

The GDPR deadline is just days away, and no organization that collects personal data is exempt from its new rules. As the deadline approaches, it’s a good idea to run through your checklist, and to compare it to another compliance checklist to make sure that you haven’t left anything out. This is not something to take lightly, as failure to comply could result in damage to your company’s reputation, its relationship with its customers, and, ultimately, its finances. Assessing your plan and getting help where needed will ensure that you can get a framework in place for data protection.

Comprehensive Data List

When speaking about being able to manage your data, it’s first important to understand your data. You should have a list of the personal data points that you have collected, where the data comes from, how you use and share that data, and the age of that data.

Privacy Policy

You should already have a privacy policy that is publicly available to anyone that wants to view it. You should review that policy and update it to comply with the new GDPR regulations. Remember to notify your customers and web site visitors about the changes that you make to your policy.

Consent Forms

If your company uses consent forms, those need to be reviewed and updated so that users have clear control of their data and how it is going to be used. Under GDPR, it’s important for people to be able to say “no” just as easily as they can say “yes.”

Future Data Management

Beyond the May 25, 2018 GDPR deadline, you’ll have to continue to manage your data in a compliant way. You need to assess if you already have someone in-house that can do that job, if you need to hire someone for that job, or if you need to get help from a third party to manage your data moving forward.

Internal Communications

Has everyone and anyone that touches your data or makes decisions about your data been informed of the GDPR measures taking effect, and received internal communications about how your company is implementing the changes and how you’ll proceed moving forward?  It sounds tedious, but you’ll want to make sure all your SOPs have been updated to cover your new policies, to define the purpose for your data, and to review who and how access is gratned to that data.

New Procedures

Have you laid out new company procedures for communicating data breaches, performing data audits, and handling customer inquiries and request to be forgotten?

Existing Contracts

If you have contracts with other companies, make sure those partners are aware of your policy updates, and also ensure that they have updated their policies to be compliant with GDPR. Update any and all contracts and get each company involved to sign the addendum.

Don’t Forget

There are special categories of personal data, including that of children, anything genetic, and employees. Be sure to double check the GDPR standards for this information so that your policies on collection, processing and storing are compliant. You’ll also want to keep up with any changes to GDPR, so that you can adjust and adapt as needed.

Be sure to also check out Part 1 and Part 2 of our GDPR series if you haven’t already!

DISCLAIMER: This website is neither a magnum opus on EU data privacy nor legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand how Digital Style has addressed some important legal points. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this paper as legal advice, nor as a recommendation of any particular legal understanding.



Why GDPR Good

Stop Panicking: Why GDPR is Actually a Good Move

By now, we’ve all heard of the European Union’s General Data Protection Regulation (GDPR) – which is taking effect on May 25, 2018 – and we’ve all witnessed or personally experienced some amount of panic in relation to the new law.

But…have you ever stopped to consider that GDPR might actually be a good move that will have some really positive impacts on marketing, and business in general?

Continue Reading

GDPR Email Permission

What The Impacts Of GDPR On Email Consent & Permission Really Are

TL;DR

• Your business must now compliant with GDPR, which imposes fines of up to 4% of your annual global revenue if your business fails to meet certain GDPR obligations
• Even if your business isn’t in the EU, the GDPR likely applies to your business if you process the personal data of EU data subjects
• For consent to serve as the lawful basis for processing personal data for electronic marketing purposes, such consent must be GDPR-compliant, i.e., be freely given, specific, informed, unambiguous, obtained from the data subject prior to beginning processing, and distinguishable from other matters.
In addition to consent, under limited circumstances, a company’s legitimate interests may also serve as the lawful basis for processing personal data for electronic marketing purposes  

Introduction and Overview

Marketers have long tried to balance the quality vs. quantity issue for their databases. As email software and technology has evolved and allowed for better targeting, marketers have had to continuously defend their decisions to leave chunks of email addresses off their lists.

A new development relevant to such decisions is a new law that updates the regulations concerning EU customer privacy and imposes obligations affecting how marketers are able to build and manage their databases.

The new data protection regulation in the EU, the General Data Protection Regulation (GDPR), brings new focus to the protection of personal data in the age of technology. This new law replaces the 1995 EU Data Protection Directive and must be read together with the current EU ePrivacy Directive in determining whether a business has a lawful basis (consent or other lawful basis, such as legitimate interests) for processing personal data for electronic marketing purposes.

The GDPR regulates how companies process the personal data they have, including how they collect it, store it, use it, protect it, transfer it, and dispose of it. The law  applies not only to companies located in the EU, but also to companies that are not located in the EU but that process the personal data of EU data subjects in connection with offering goods or services or monitoring the behavior of EU data subjects. The GDPR has a broad definition of ‘personal data,’ that includes any information relating to an identified or identifiable natural person (e.g., an email address or online identifier). The new regulations also imposes obligations that cover the handling of EU personal  data security and personal data breach notifications.

Consent and Legitimate Interests as Lawful Bases for Processing of Personal Data for Electronic Marketing Purposes, and the GDPR’s Impact on Email Permission

There is an exception to the ePrivacy Directive’s consent requirement for electronic marketing communications if an opt-out opportunity was provided at the time the EU customer’s contact details were collected and in future messages.  If instead of obtaining consent, a company has provided an opt-out opportunity that was compliant with the ePrivacy Directive, the company may be able to rely on legitimate interests as its lawful basis for such processing under the GDPR.  The lawful basis of legitimate interests may apply if the processing is necessary for the legitimate interests of the data controller or a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject[s].

Data Subject Rights and Related Obligations

The GDPR also provides for a number of data subject rights that would be applicable in the context of data subjects to whom a company sends direct marketing communications.  For example, a data subject has a right to erasure of his/her personal data under the circumstances set forth in the GDPR, including where the personal data is no longer necessary to the purposes for which it was collected or otherwise processed, or where consent is the only lawful basis for processing and the data subject has withdrawn such consent.

The GDPR also allows data subjects to obtain a copy of the personal data that has been collected about them.

Under the GDPR, companies will generally not be able to charge customers for obtaining this data (there are exceptions that can be made if the requests from a data subject are repetitive, manifestly unfounded, or excessive). Other data subject rights set forth in the GDPR include the right to rectification, the right to restriction of processing, the right to data portability, and the right to object to processing. The GDPR Businesses will be requires data subject requests to be responded to within one month of receipt of the request, subject to a limited exception that allows such period to be extended by two further months where necessary, taking into account the complexity and number of the requests.

Conclusion

Companies to which the GDPR applies that do not comply with the new regulations may be fined up to 4% of their annual global revenue. While this new law might seem intimidating, compliance with its obligations can actually help businesses improve their marketing efforts and increase both ROI and sales. Fear not, you will survive the new obligations imposed by the GDPR.

Check out part 2 of our GDPR series, “Stop Panicking: Why GDPR is Actually a Good Move.”

DISCLAIMER: You should seek independent legal advice concerning your company’s status and obligations under the GDPR and ePrivacy Directive because only an attorney can provide legal advice that is specifically tailored to a particular company’s situation.   Our comments on this blog post are not intended to provide companies with legal advice, and they should not be used as a substitute for legal advice.

User Experience 101

Best User Experience Design Practices – Digital Style

Marketers can’t escape hearing about website best practices, including a lot of terminologies that are better suited for their designers and developers. One term that is casually tossed around is “user experience,” also known as simply UX.

This might sound like a simple concept, but it is actually very complex and involves several customer touchpoints. Before diving head first into all things UX, here’s a crash course on some of the basic concepts you should know about UX.

Continue Reading