Loyalty Programs: A Safe Harbor in a Sea of Privacy Regulations

Francis Silva

There are millions of reasons companies need to get serious about data privacy—and that’s no exaggeration.

GettyImages-1140691264Last year, Google was slapped with a $57 million fine after violating the European Union’s data privacy law. The General Data Protection Regulation (GDPR), which went into effect in May 2018, has strict rules for companies that collect, process, and store the personal data of EU citizens. The law requires explicit and informed consent before using personal data, and more transparency around what a company is doing with the data.

Regulators penalized Google for not properly disclosing to users how their data is collected and used for targeted advertising. Data breaches are also netting companies huge fines under GDPR: British Airways faces a $230 million fine and Marriott faces a $123 million fine for data breaches that occurred in 2018.

New legislation in California is another sign the Wild West days of data privacy are coming to a close. On January 1, 2020, the California Consumer Protection Act (CCPA) went into effect, requiring organizations to disclose what personal data they collect and how they will use it. The law applies to any company that collects personal data of California residents, even if the business isn’t located in California. Some companies, including Microsoft and Mozilla (the maker of web browser Firefox), are applying CCPA rights to U.S. residents nationwide, rather than just Californians.

In many ways, CCPA is modelled after GDPR. Both sets of regulations give the customer control over their data, including the right to access and delete it, and to know with whom the data is being shared. One key difference is that with GDPR, even small companies have to comply with most of the regulations, whereas CCPA is geared to large organizations: it requires businesses to have $25 million or more in annual revenue, or possess the personal information of 50,000 or more consumers for the law to be enforced.

It’s not just legislators who are tightening the reins on data privacy. Consumers are increasingly savvy as to how valuable their personal data is, and they’re feeling more protective of their information. In fact, a 2019 survey by cyber-security firm RSA found that 70% of consumers feel protective of their identity information and 57% feel protective of their contact details.

With laws like GDPR and CCPA already in place, and pressure to modernize privacy laws in other regions and countries (including Canada, where the Privacy Act is under review), this is only the start of a global push to make data privacy a human right. Companies have two options: live in ignorance and confusion, or buckle down on privacy rights and compliance. To say the least, it’s in an organization’s best interest to get their data-privacy act together, ensuring their data is safe and only shared when customers give express permission. The question for marketers is: how can you comply with CCPA and other privacy regulations—not just to avoid penalties, but to ensure your data collection practices are ethical and do right by your customers?

The beauty of loyalty

In a sea of complex privacy regulations, loyalty is your safe harbor. It provides simplicity when it comes to receiving express permission from your customers. They voluntarily identify themselves and are aware of what the value exchange is for their data—namely points, discounts, personalized offers, and other perks. A loyalty program not only provides you protection from being in breach of many privacy regulations, it also allows you to have transparent relationships with your customers, build trust, and communicate with them on a personal and individual level.

For brands that already operate loyalty programs, navigating complex regulations could be challenging, but it’s also an opportunity. It will force marketers to improve how they collect, use, and handle data. It will also put current value propositions to the test, exposing areas for improvement that will lead to a better program for the customer and the bottom line. Are you truly getting the best out of your customers’ data?

The key is to collect only what you know you will use and ensure that each piece of data enables you to build a deeper connection with customers. Sephora’s birthday gift is a great example of collecting simple customer data that adds exponentially to the relationship, making members feel special and recognized.

Spotify’s Wrapped is a great example of a brand differentiating itself in the eye on the consumer with a really elegant use of data. By reflecting the listeners’ own habits back at them, Spotify is announcing that they hold their data, but are using it in fun and interesting ways. This goes one step further with the app’s “Made for You” section that contains playlists such as “Discover Weekly,” “Release Radar,” and “The Ones That Got Away.” The personalized playlists encourage users to broaden their listening specifically based on their own tastes, building a sense of trust and familiarity with the brand.

What can companies do?

Our advice is simply to get moving and start doing. Above and beyond compliance, this is really about bringing analytics best practices to life to differentiate your brand; build customer trust by enabling them to have clearer visibility into how their data is being used and how they can control it; and reap the benefits of acquiring, knowing, and keeping your customers for the long term.

This is only the beginning, as consumers’ concerns about data privacy will only grow and governments around the globe will look even more closely at privacy protections. The time to get your data house in order is now, and leverage loyalty to stay ahead of the data-privacy tide. Regulations like CCPA and GDPR are widely thought of as wins for consumers. Make sure it’s a win for your business, too.