The Data Protection Act: Dangerous Pitfall or Hope for the Future?

Share this:

Fresh on the heels of the CCPA and GDPR, the roaring ’20s kicked off with a continued focus on privacy-first policies. This trend is already gaining additional momentum with Senator Kirsten Gillibrand’s recent Data Protection Act, which proposes developing an independent Data Protection Agency (DPA) that would “protect Americans’ data, safeguard their privacy, and ensure data practices are fair and transparent.”

Though the Data Protection Act is in the beginning stages, 19 states already have similar regulations underway, indicating that these policies are part of a fundamental shift that will impact all Americans over the next decade, marketers included. Marketing leaders need to realize that this new commitment to customer privacy is not a passing trend and must prepare accordingly without wasting any more time. At Acoustic, we believe that education is the first step to becoming compliant and that marketers must understand what this bill, and others like it, mean for marketers nationwide. 

Done right, this bill has the opportunity to keep businesses honest and protect consumer privacy, but as with all proposals, there are flaws. The following considerations are intended to help marketers decipher the DPA, tackle the possible pain points the bill poses, and shed light on how it may be beneficial to all parties involved.

Privacy Must be Standardized at The Federal Level  

A critical element of the Data Protection Act is that it does not supersede the existing state laws and regulations, such as the CCPA. However, with the growing number of local regulations that differ in scope and boundaries, this will likely create greater confusion among both consumers and businesses. 

A national law that defers to state agencies will force marketers to comply with a checkerboard of differing regional privacy regulations as opposed to offering a single set of privacy guidelines nationwide. This is an unrealistic requirement that will result in inconsistent protections for consumers. The most important feature of a federal Data Protection Agency should be to enact one set of laws across the 50 U.S. states, which replaces and standardizes those at the state level.

In addition to ensuring that all companies are following the same rules and assuaging consumer confusion, this also would make it easier for marketers at businesses of all sizes to comply by reducing the complexity, infrastructure, and costs involved. To prepare for any and all potential (and existing) privacy laws at the state or national level, marketers should work now to comply with the strictest regulation. 

Will Small Businesses and Good Actors Suffer?

Another core aspect of this bill is that the Data Protection Agency would roll out certain “Privacy Enhancing Technologies” (PETs) that would protect consumers from the breaches exposing their personal data. The initial tenor of Gillibrand’s proposed regulations appear to be primarily targeting large “bad actors.” However, if the regulations are not designed properly and with sufficient participation from appropriate industry representatives, they risk causing undue burden and costs, which can disproportionately impact small and mid-sized organizations with more limited budgets and potentially also result in poor customer experiences. 

For this reason, organizations should be open to a proactive agency that acts on behalf of consumers but should be wary of an agency without limits. Any national agency should be formed with the guarantee that industry representatives will have input on the policies and procedures for these investigations, to ensure that they are created with fairness to all parties involved. 

In turn, marketers should avoid a wait-and-see approach and act early before federal regulations are in place, allowing for any privacy-associated costs to be budgeted properly. Waiting until there is no choice means that these costs can hit all at once.

Balancing Customer Protection with Personalization 

At the heart of this entire cultural shift towards privacy is the belief that, ultimately, consumers need to be protected from the misuse of their personal information. Most of us have no idea where our data lives, who has it or how they’re using it for their personal benefit. At Acoustic, we support regulations that do not discriminate against consumers and do not give businesses access to their personal data and information. However, as the CCPA notes, willingly sharing personally identifiable information can provide significant value to the end consumer because it leads to more relevant offers and better or enhanced services and experiences. 

It’s also no secret that data also provides value to marketers and advertisers. It helps marketers define the unique qualities of users to curate positive brand experiences for them. Nevertheless, it takes a great deal of trust for consumers to expose their identities to companies, and many trust that their data is being used safely. When organizations cross the line between data for the good of consumers and data for the good of corporate greed, it breaks this hard-earned trust.  

An effective national data privacy law must strike a delicate balance between allowing businesses to responsibly use personal data and information to provide a better experience for customers and ensuring that consumers are fully aware of how their precious data is being used. Ultimately, privacy regulations should be embraced, not feared, as they are designed to ensure that the interests of both marketers and consumers are respected.

What does it all mean? 

The aura of uncertainty surrounding the role that privacy will play in business going forward has continued to loom over the heads of marketers. However, with the correct foundations, the opportunities for improvement are substantial and should not be feared. Gillibrand’s proposal puts the US on the road to standardized privacy regulations, which in turn can keep consumers protected and businesses transparent. 

Many believe that the current national fixation on privacy will put an end to marketing as we know it, but, with the right preparation and dedication to generating customer trust, this will not be the end of marketing. It will mark the start of something better. 

Norman Guadagno is Chief Marketing Officer at Acoustic.