2. Attribution Modelling

Data Protection and Privacy Issues in Digital Marketing

data protection

Technology and digitalization have facilitated an increasing access to information. Laws emphasise that everybody has the right to data protection. Organisations using big data need to focus on transparency, win-win and security to build trust in the digital economy.

By large, data protection and privacy issues are driven by the Internet and technology, which enable the generation of big data through profiling of digital traces such as cookies, clickstream data and hyperlinks, as well as through social networks such as Facebook and Twitter; search engines such as Google; location-based services such as smartphone applications; cloud computing; and foreign transfers, i.e. third party data exchanges.

Data protection, security and confidentiality are interrelated concepts and represent different areas of privacy, which can be illustrated as follows:

Privacy vs Data-Protection

Another source that has given rise to a range of privacy concerns is social media. For instance, issues include user and identity data, online behaviour both when and when not transacting with a particular service, third party involvement without notice, and tracking of users’ locations over time. Hence, service providers may take advantage of user data by ignoring consumer protection and privacy laws, as well as by creating user interfaces that are complex, unclear, and unhelpful. Finally, involvement of third parties such as providing users’ purchasing behaviour without notice violates previous terms.

7 Data Protection Principles

The right to data protection is reflected in the e-privacy and citizen rights directives, which together with OECD’s recommendations for protection of personal data guide the seven EU data protection principles:

1. Notice: Subjects whose data is being collected should know of such collection.

2. Purpose: If data is collected for marketing purposes, it should only be used for this stated purpose. Direct marketing requires prior consent from the receiver who can say no to a specific organisation and have the right to opt out.

3. Consent: Personal data and sharing of it with third parties require permission from its subjects. Organisations are required to protect the interests of the data subject.

4. Security: Personal data should be kept reasonably safe and secure from potential data breach, abuse, loss, or unauthorised access.

5. Disclosure: The controller must inform the data subject of his identity, purpose of collection, recipients of the data.

6. Access: Everything needs to be open and transparent, i.e. subjects have the right to access and rectify personal data. The subject can request confirmation of data process and purpose.

7. Accountability: Data controllers should be accountable for adhering to all seven of these principles and demonstrating so to supervisory authorities upon request.

These apply to private companies, persons and public authorities if the data is processed entirely or partly by automatic means or if it is part of a manual filing system. It applies for both economic or non-economic activities, but does not provide any specific guidelines on how to reach consent.


Focus on Trust, Transparency, Win-Win and Security

Even though marketers may be tempted to take advantage of collected information, George L. Jones, CEO of Borders Group points out that “[it] may ultimately damage relationships with customers.” (as cited in Davenport & Harris, 2007: 42). Moreover, customers lose trust in businesses, as well as the corporate culture suffers because employees may be uncomfortable with what the company is doing. Likewise, Katherine N. Lemon, associate professor of marketing at Boston College’s Carroll School of Management argues that “…the real issue here is the unintended and uncontemplated use of the information from the customer’s point of view.” (ibid: 44), for which reason companies must come up with methods to address customers’ privacy concerns and transparency. Furthermore, she notes that companies should beware of the potential negative consequence of discriminating against customer segments.

In practice, the value proposition of any direct marketing program must be clear, which David Norton, senior vice president of relationship marketing a Harrah’s Entertainment emphasises: “[c]ompanies engaging in customer analytics and related marketing initiatives need to keep “win-win” in mind when collecting and handling customer data. It’s not just about what the information can do for you; it’s about what you can do for the customer with the information.” (ibid: 45). Finally, Michael B. McCallister, CEO of Humana suggests that data collectors need to have business ethics and the company’s core values in mind, as well as they must protect customers’ privacy via encryption and firewalls, concluding that “…collection, analysis, and sharing of data must be conducted in a protected, permission-based environment.” (ibid: 46).

Currently, several projects focus on data protection and transparency. For instance, the cookie checker scans a given website for cookies set and used by sites to detect privacy issues and comply with the EU cookie law.


Data privacy demands proactive strategy

Personal data is vital to the future of many organisations and accordingly marketers ought to be taking steps to address the issues involved. Effective digital stewardship can differentiate a business; digital transparency tells customers how data is being used and stored; digital empowerment offers customers greater control over their data; digital equity is about providing monetary or service-in-kind benefits to customers in return for their data; and digital inclusion sees personal data used to multiply positive societal outcomes.



Davenport, T. & Harris, J.G. (2007). The dark side of customer analytics. Harvard Business Review, May, 37-46.

Rouse, M. (2008). EU Data Protection Directive (Directive 95/46/EC). Retrieved 22 April 2015 from: http://searchsecurity.techtarget.co.uk/definition/EU-Data-Protection-Directive

OECD. (1999). Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Retrieved 22 April 2015 from: http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html

Simon Raun Madsen

I am a marketing, business, and communications academic and practitioner with strong cross-disciplinary skills from courses and work experience within the fields of marketing and business intelligence. In particular, my passion for technology and several years of experience with online marketing have provided me with a flair for digital solutions, data analysis, and front-end development.
Simon Raun Madsen

Latest posts by Simon Raun Madsen (see all)