December 8, 2022

Everyone’s had the experience of being stalked around the internet by a product you’ve viewed or searched for, sometimes even days beyond making a purchase. Customizable content online, including ads targeted based on web browsing activity, is driven by cookies—small bits of data saved in your browser by websites you visit. Cookies also power the tools marketers use to help our message reach the right audience. But the days of collecting data about users without announcing it are over.

Public sentiment surrounding the collection and use of personal information is behind the move to regulations like the General Data Protection Regulation (GDPR) in the European Union (EU) and California Consumer Privacy Act (CCPA) in the United States. These laws provide new rights to consumers and, in some cases, carry the risk of substantial penalties. You should know what data your privacy and cookie policies include and that all data sources are accounted for.

The regulations to read up on

While there are other data privacy laws at work around the world, the GDPR and the CCPA are the broadest reaching laws in their respective jurisdictions. Both provide a range of protections to consumers surrounding the collection and use of data for marketing purposes and both carry the potential for substantial penalties.

Even though you may not do business in the EU, it’s likely that some of your web traffic originates in California. Regardless, it’s good practice to abide by the most stringent regulations to be sure. While the GDPR requires more data management, both it and the CCPA boil down to three main points:

  • Tell people clearly what data is being collected about them and by whom.
  • Give people the option to opt in or out of the use of their data for marketing purposes.
  • Allow people to change their minds about the data collection choices they’ve made.

Getting your policy house in order

There are two items to review and update as a first step to data privacy compliance: your privacy policy and your cookie policy.

Privacy policies must contain information specific to the data you collect, including:

  • Your contact information and legal business name.
  • Which personal data is being collected.
  • How data is collected.
  • Any other parties that may also access the data, including any third-party tools (such as Google Analytics).
  • The rights of the user.
  • How you’ll notify users about changes or updates to the policy.

Cookie policies must specifically describe the different types of cookies installed through the site. It needs to list any third parties (including a link to their privacy documents and opt-out forms) and the reasons for data collection.

Taking time to prepare the right policies and practices is good insurance against future pain.

Learn more about data privacy solutions for credit union marketers.

MATT NEZNANSKI is marketing technology manager at Edge.