An Interview With Richy Glassberg, CEO of Safeguard Privacy
The growing number of new state laws in the United States paired with existing laws in Europe via the General Data Protection Regulation (GDPR) means not only that every scaled user of data needs to be more than conscious of the new laws, but actually needs to have a process in place to manage compliance with those laws. For marketers and media owners, this should be viewed as a particularly important issue given the degree to which the industry is powered by data.
Unfortunately, it doesn’t always get the attention it deserves – or worse, these issues get derided as “boring” (as one speaker at this year’s IAB (Interactive Advertising Bureau) annual leadership conference said on stage, to much derision). However, related issues will only become more important as marketers look to use a wider array of data in their media activations, especially after third-party cookies effectively go away in the coming years.
Richy Glassberg has been around digital advertising longer than almost anyone. He co-founded the IAB in 1996, around the same time he was the first head of sales for CNN.com. With subsequent roles crossing digital media and television, start-ups, and established companies, he’s now the co-founder of a company called Safeguard, which was built to help marketers and media owners manage their data privacy compliance across multiple jurisdictions and laws in an automated way.
I thought he’d have a great perspective on all of these issues, and interviewed him recently via email to explore further.
Is privacy boring?
Absolutely. Reading a privacy policy is boring. Writing one is worse. Reading a privacy law to figure out what you need to do is not just boring; it's frustrating, and lawyers are expensive. That’s exactly why I started a business to make privacy easier.
Privacy is a hidden layered issue. Most of us don’t even understand the “privacy implications” inherent in all the goods and services we use in our daily lives.
I want to be able to type into a map, and I want them to know where I usually go or don’t go in order to give me great directions and divert me away from traffic. I want to log into my banking app knowing there’s a tremendous amount of security without having to remember who my kindergarten teacher was or my first pet’s name.
There is a large difference between the value exchange from a service we use and from a news site or an entertainment site or a social media app. Your expectations on what data you share and how it is used.
What I don’t want is for those apps or services to take my data and sell it to someone else or use it for purposes that I’m not aware of. I don’t want to have a restaurant review site sell my location data to advertisers so they can target me with unrelated ads I’m not interested in. I don’t want to buy something in a store or online and then see ads for it for the next 30 days, especially if it’s a sensitive purchase.
Is privacy boring? Yes. Is privacy more important to all of us than we realize? Absolutely.
Why should marketers care more about data privacy than they presently do?
First, as Apple demonstrates, privacy sells. Second, the lack of privacy hurts brand image. When an advertisement knows too much about the consumer, that consumer turns away. And finally, you do not want to be in the press on the wrong side of a lawsuit by a State Attorney General.
Privacy is just as important an issue as brand safety or anything else a marketer needs to worry about. A recent eMarketer report found that 8 in 10 consumers support a federal privacy law. IAPP and KPMG found that almost 93% of organizations indicated privacy is a top-10 organizational risk. If privacy is not as important as brand safety, I don’t know what is.
Do you agree with the premise that privacy laws are effectively trying to say: “Dear marketer or media company: if you can’t persuade a consumer to part with their data, you probably don’t deserve it.”?
I agree that meaningful consent has become important for a marketer to use consumer data beyond what the consumer would ordinarily expect. They expect when a car company gets their data, it’s to sell them cars. They don’t expect their data to be used to serve them ads for shoes or gambling apps.
It’s not just marketers. It’s data collectors, media owners, and connected devices. Privacy laws are trying to tell everyone, “Be mindful about what you’re collecting. Be mindful of what you’re doing with that data. What info are you asking for? What are you using it for? What are you doing with it?” Regulators want marketers and media companies to be transparent and honest with their customers.
Do you think they typically have “informed consent” of the consumers they are trying to ultimately sell to?
It’s not so much informed consent as it is consumer expectations. If you are going to sell personal data, that is not what the consumer expects without consent.
Be clear about what you want. Be clear about how you’re going to use it. Be clear about how long you will hold it and if you will share it or sell it.
How intentional are marketers’ and media owners’ acquisition and use of data today? By this I mean: how much do they use all of the data they collect on consumers?
The problem now is everyone is collecting too much data. Just because you can collect it doesn’t mean you should collect it. We’ve convinced the industry that we should collect everything, but we should really be asking, “What information do I actually need to collect, and what is the value of that data?”
Many uses of data can upset your customer. Why take that risk? You really don’t want to collect excessive data, or data that you don’t have a use case for today, because it could put you into regulatory jail.
This varies company by company and industry to industry. If you’re in a regulated industry, such as banking or pharma, you’re under a bigger microscope, but all companies have to be intentional about what they do with data. Unfortunately, not everyone is on the privacy bandwagon yet.
Media owners are desperately trying to understand who their end-user is. It’s difficult to find out the data on your user unless you’re using a paywall, app login, or something of that nature. But media owners are battling massive walled gardens and don’t want to put an impediment in front of the users.
There is a significant distinction between a marketer who aims to persuade a customer to purchase their product and become a dedicated consumer and a media owner who strives soley to draw attention to their content. This distinction has an impact on data and user acquisition strategies.
Frankly, just because you can collect the data doesn’t mean you should.
Do you think that data law compliance should be all about avoiding costs such as fines or reputation risks, or is there any aspect that might help marketers to drive growth, too?
As I mentioned before, privacy is valued by a majority of consumers, and that can be used as a marketing tool. Saying, “We won't sell your data without your consent,” – and sticking to it – gives the consumer an element of trust in your brand.
In a way, privacy is brand safety. Do consumers understand that it’s privacy when we’re talking about reach, frequency, tracking, and data collection? No. The user experience needs to allow the consumer not to feel like they are being tracked, stalked, followed, and listened to as they move around the web. They care about that. We all should. That’s all privacy.
For marketers, privacy is just as important as brand safety and more important than viewability and fraud. There aren’t any laws around viewability or fraud. There are laws for privacy, and regulation seems to be expanding by the day.
For those marketers and media owners who care about it and take action to make sure their processes are compliant, efficient, and consumer-friendly/responsive, does anything stand out about organizational design, or who sponsors related efforts? In other words, if there was a singular person most responsible for data and related compliance issues, does this need to be a CEO-level priority, an IT priority, a general counsel priority, or a marketer priority? Whose responsibility should it be, practically?
This is a great question. Privacy starts at the top and ends at the person who interacts with the consumer. It is a company-wide issue. Yes, different positions in the company have different responsibilities, but that’s true of any organization. If an airline has rude staff, does they still sell tickets? If safety is poor, does it matter how nice the staff is?
We find that regulated industries such as banking, pharma, insurance, automotive, and financial services all understand what a compliance-led organization looks like. It’s familiar territory for them, so privacy is a company-wide culture. It can’t be just the C-Suite. It should be at every level in the organization.
How do you think marketers will change how they use data once third-party cookies go away? What will they need to do in order to make the most of what data they have?
Technology constantly evolves, and new paradigms will develop. It’s the same with privacy, but we have a ways to go. Google’s FLoC did not catch on, while their new solution, Topics, is too early to make any predictions. Apple has its own approach, and Unified ID 2.0 and the other 7 ID solutions are interesting.
Unfortunately, cookies were never meant to be the backbone of internet identity. No one expected the humble cookie to carry this much burden. But that cookie has been there for almost 30 years and is deeply embedded in the fabric of the internet. That’s not going away easily. While first-party data and first-party cookies are fine, we still need to solve the third-party identifier.
We’ll see what evolves. I wouldn’t bet on what it will look like, what changes will emerge, and what their unintended consequences will be for digital marketing.
No matter what happens, privacy is here to stay.