Data ethics in marketing with Stéphane Hamel: How to approach marketing data responsibly

In this episode of the Marketing Analytics Show, Stéphane Hamel shares his view on ethical data collection and privacy.

You'll learn

  • Why ethical data collection is important
  • The differences between legal data collection and ethical data collection
  • How companies can build a user-privacy-first culture

Subscribe to the Marketing Intelligence Show

Learn from Supermetrics' experts how to use data to fuel growth and maximize the ROI of your marketing spend.

Anna Shutko:

Hello, Stephane, and welcome to this.

Stephane Hamel:

Thank you for having me, Anna. That’s it’s a great pleasure to be here.

Anna Shutko:

I’m very, very happy to have you here. And today’s topic is very, very important for all the marketers out there. So we’re going to be talking about privacy and security and how marketers can collect their data ethically from different sources. So my very first question to Stephane is that before the data is analyzed, it has to be collected in the right way, but why is this ethical data collection so important, especially these days?

Stephane Hamel:

Well, it’s interesting because marketing has always been about building trust. It’s about building a relationship. And if the first thing we do is play a little game or work around what the user really wants to do and wants to share with us, I think we’re starting on the wrong foot. So full transparency getting content in those aspects seems critical to me. And sadly, the way I see things evolving with the content popups and stuff like that, it’s always asking about cookies. It’s always asking about the technicalities of collecting the data or getting permission because that’s what the law requires. But I wish it was more about here’s what we can offer you. Here are the benefits you’re going to gain, not because we’re using cookies or other ways of collecting data, but because we want to build a trusted relationship, and you’re the customer. You are important to us. We always say businesses pride themselves on say they customer-centric. So this is the very start of customer-centricity.

Anna Shutko:

Great. And I really, really love how you mentioned that marketing is all about building trust. I definitely agree with this statement, and you’ve also touched upon cookies, as you know, sort of the technicalities of collecting the data, which is a perfect segue to my next question, which is what is the difference between legal and ethical data collection? You’ve already partially answered this, but maybe you could elaborate on this a bit more.

Stephane Hamel:

Yeah. Yeah. What I see currently is most of the energy, and the focus is put on having legal compliance. So, we have those popups because we have to. Legally, we have to do that. And when you have a legal approach to data protection, it means that you are looking at ways to mitigate the risk for the business. So the legal approach is very much about risk mitigation. While if you flip it on the other side and you have more of an ethical data collection approach and data protection and privacy, the mindset becomes different because you’re constantly asking yourself, what do my users really want? If I was in their shoes, what would be their reaction? So it’s a bit odd because it’s one of the core principles of marketing: to put yourself in the shoes of your consumers and your customers. And with all the interfaces on GDPR compliance and popups and those things, I think we’re losing a big chunk of that super important approach to marketing, which is thinking about the customer.

Anna Shutko:

Yeah, I agree with you that the customer should be at the center of every thought the marketing has. I really, really love how you mentioned that the energy, which is now put on legal compliances, should be aimed towards, not be aimed towards mitigating risk for the business, but should be aimed towards actually making the whole approach much more ethical. So again, my question in connection to this would be, if the marketer wants to create privacy-first culture, like you mentioned, instead of mitigating the risk for the business, they should try to focus on the customer’s viewpoint more. What would the first steps here be? So what are these concrete steps marketers would need to take and make sure their companies are cultivating this right culture?

Stephane Hamel:

Yeah, it’s a big challenge because we’re facing the overlap between the legal aspect, the technical aspect, which is super complex, and the marketing and analytics aspect of using the data in the right way and making sure that what we do is correct. So finding skilled people at all three aspects, legal, technical, and marketing analysis is almost impossible. Nobody in the industry, I don’t know anyone who would be able to claim that they are mastering all of those aspects. It’s just too complex. And we’re not starting from scratch. If we were starting from scratch, I would say, oh, you need to pick and choose the right partners that are private and ethically aligned with your own core values as a business. But we’re not starting from scratch.

So I think one of the first steps is to do a serious inventory of the market stack you actually have? What are the numerous tools that, you look at on any website, and there are tons and tons of, of third-party tools that are being used? Plus, internally, we use services and share data with different entities outside of the business. And even looking internally, what is the data we have? So doing this big inventory of what kind of data we have, what are the tools that we use, and most likely, we will find that there are some of those solutions that are not really being used, or maybe they are not aligned with what we want to do now, versus what we did maybe a couple of years ago. When you do that survey of all the tools that you use, even just looking at the website, it becomes complex because you can go with what you know you’re using on a daily basis, do the list, it’s fairly easy.

But at one point, you have to use some specialized tools to look at the website and uncover the tools or the tracking that is being done, that you don’t even know about, that you don’t even know it’s there because at one point there was an integrated widget that was free and super cool. And when you look deeper, you realize that, okay, the widget is doing something useful, but it’s also collecting data and sharing it with other parties that you don’t even know about. Of course, now that GDPR has been in effect for a while, this tends to become less of an issue. But I do audits of websites, and I find things that are incredible in terms of the cascades of data shared, left and right, with entities that we don’t even know about.

So I think the starting point is to look at what is being used right now. And to do that, yes, you need to think about what you use, but also use specialized tools to do a check of the website and see what it will uncover. And then from there, go to the next step, which would be really doing an impact assessment of, do I really need those tools? What kind of data is collected? Is the data being collected confidential, personal? What is the level of privacy that should surround this data, and so on? So that’s a huge task. It’s quite an endeavor to go into this journey of shifting from how things used to be done and how things should be done in the future. But it’s super interesting to do.

Anna Shutko:

Oh yeah. It definitely sounds like a very interesting process. And I also think that starting with the full review of what kind of data the company has is a really, really good first step. So when the companies start doing their inventorization process, in my opinion, they should also understand different data and data-related concepts. So my next question here would be, could you please explain to us what is a zero party data concept? And then how is this data concept different from first and third-party data concepts?

Stephane Hamel:

Yeah, so I think they’re pretty familiar with the notion of third-party data, which is the Facebook and Google and all the other ad networks and so on collecting data on your behalf and keeping it private to them but giving you a little glimpse, a little black box where you can, you can see part of the data, you don’t see the raw data, you can still make use of it. So third party, we pretty much get it. And that’s part of the big issue right now about the state of the industry, how it evolved, and the problems that surround it. That first-party data is very easy to understand. It’s the data as an organization. It’s the data you collect yourself. You have the responsibility to maintain and manage it and control it and so on. And you have some responsibilities also from a legal standpoint to answer privacy requests from users if they want to have a copy of it or delete it. So that’s the first-party data.

And we have heard about zero-party data for a couple of years now, but I think right now, it’s reaching a level or a state where the possibilities are becoming real. So the worry I have is that we hear a lot of agencies and social providers and so on saying, oh, with the debt of third party cookies, you’re going to have to focus more on collecting your own first-party data. But let’s take a scenario, I’m a consumer. And I’m visiting a bunch of different websites, some that I trust less. But those sites where I have a good relationship, I’m willing to create an account. I’m willing to share more information. So those organizations are happy because they are collecting first-party data. Everything is fine.

The problem is with the multiplication of first-party data. As a consumer, I interact with all those organizations. They create their own copy of my data. They create their own perception and view of who I am and what I share with them. With zero-party data, as a consumer, I am the sole owner of my data. I decide when I want to share it, with whom I want to share it, to which extent, for how long, and so on.

So I take it as a scenario it’s easier to understand for those who are not familiar with zero-party data. I own a dog. So this is a piece of data. This is one piece of information. I own a dog. It’s a golden retriever. She’s a female, 12 years old. She doesn’t have many health issues and so on. If I go to the same store to purchase food for my dog, they might want to be interested in what breed of dog, age because that will alter the type of food that I will purchase. So I could share that information with them. I most likely will share similar information with my insurance company, but all they want to know is I own a dog. What is the breed? They don’t care about the name, the gender, things like that. And maybe when I go to the vet, of course, the vet needs to have much more information about my dog. Then I will probably share much more information about the health and age, gender, and all those aspects.

So with zero party data, I have one copy of the attributes of my dog that I share with three different parties. It’s always the same dog, but I share different information based on the usefulness and relevancy of that information. Now, sadly, the day my dog passes away, I won’t have to go to those three different organizations or partners, I would say, and tell them, okay, I don’t own a dog anymore. Or maybe I have a different dog now. I will simply, from my own zero-party data control, I will simply say, I don’t want to share that information with all those different parties. So the example is pretty simple. It’s my dog, three different parties, but imagine it’s yourself with so much information and probably dozens, if not hundreds of different websites that you interact with and share different information. Simple things like I change my email address. Where do I change it? I mean, I will have, eventually, to go through dozens and hundreds of websites and go in my profile and say, Hey, by the way, my email address is not the same anymore.

If I relocate, where does it make sense to change my address? Not everywhere, but where it makes sense, it would be nice to be able to say, here you go. I just relocated to a new place. Here’s the change. And I still want to do business with you. I trust you. So here’s my data, but I still have control over it. So maybe it’s a utopia. Maybe it’s a dream, but I can tell you that some very interesting startups are working specifically on solving this kind of issue of zero-party data. The challenge is the network effect. Are you have to have a sufficiently large enough amount of people that will embrace zero-party data. And the brands that will trust that this is a new pairing that makes sense for the future. And I think it’s how it should have been from the start. It, we wouldn’t be in the situation we are today, and I think it would be much more beneficial for everyone, brands and consumers included.

Anna Shutko:

Excellent. I really, really love the dog example you’ve provided. Thank you so much for sharing this. I think this is super, super useful for our listeners out there. And sort of related to the answer you’ve just given, so when I was listening to the Endless Coffee Cup podcast episode with Med Bailey, you’ve mentioned that you don’t believe in anonymous data and you shared a very interesting statistic there, which was that it takes only 15 attributes to identify something like 99.98% of the people. Can you please explain why you don’t believe in anonymous data?

Stephane Hamel:

Yeah, I was very lucky to do an internship in 1987, to go back a couple of years ago. But anyway, I graduated in computer science, and my internship was working with healthcare data. And even at the time, and by the way, I was super lucky because we had actually of the internet in 1987, because it was a research project. There was no web, but there was chat, file transfer, news groups, things like that, but no web at the time. But anyway, I was involved in a research project looking at healthcare data, and we had every strict rule about what we could do with the data and how to make sure that it was still anonymized. And maybe it was because of my computer science background, or maybe it was because it was a research project. It was part of the culture to care about the data.

Stephane Hamel:

But then, I guess with the evolution, the internet, the web marketing took over, and so on, maybe that sensibility to our data was lost along the way, sadly. But the thing is, data is anonymous only onto someone finds out how to crack it. It’s really like the teeth and police. It’s really like hackers and antivirus software. It’s exactly the same thing. So data is anonymous only until someone finds a way either because there’s something that is not right in the way the data is managed and stored and so on. Or maybe because they find a new algorithm or enough power to crack the data and bring it back to a non-anonymous state. And so there’s a couple of studies, you know, I would have to dig the reference again, but just from the top of my head, there’s that one that says 15 attributes are sufficient to re-identify 99.98% of the people.

There’s another one where it says if you take the 150 top website someone visits over a two-week period, you’re going to be able to identify that person uniquely. So your top 150 websites are different from my top 150 websites. And that creates some kind of signature. The analogy I make oftentimes is DNA. DNA on its own is very useful, obviously from a research purpose and so on. But it’s harmless from an identity perspective. Because if you just have the DNA but no other data, you cannot do much with it. But the problem is the DNA is unique way. It’s probably the most intimate and personal piece of data that we have.

Our behavior online is like the DNA that we create, be it the 150 websites or 15 attributes. It’s unique to us. It’s a sign that nobody else shares. And things like the 15 attributes or 150 websites were assumed to be anonymous until someone somewhere found a way to say, Hey, by the way, this is pretty unique. Think of fingerprinting as another thing. And mechanisms are being put in place in browsers and so on to prevent fingerprinting. But you think of Google. Of course, they are positioning themselves to say, oh, we care about your privacy. Obviously, they all care about our privacy, so we’re going to block third-party cookies. But the thing is, they don’t even need third-party cookies. They already have so many ways of tracking and identifying us, even if we delete our cookies or block them or whatever, without fingerprinting, just the 150 websites, 15 attributes.

The thing about 15 attributes is when you look at the data aggregators, especially in the US, there’s a bunch of vendors that are priding themselves and saying, we have hundreds of attributes about millions of people. Even if they don’t have the address or the name or things like that, they can still identify all of those people. Even if they claim the data is harmless and anonymous. So to me, it’s just a risk that is always there. And there are consequences to that. We could go into details, but we can imagine all kinds of consequences when our information is being explored and shared without our knowledge, content, and control.

Anna Shutko:

Great Stephane, thank you so much for sharing. And you’ve already mentioned lots and lots of really good tips on how marketers can improve their data handling policies throughout the episode. But now, what if we talk about the mistakes part? So what are the typical mistakes marketers make when they start working on improving how they handle customer data?

Stephane Hamel:

The most obvious thing that I see most often is spending time and energy deploying a content management solution only to find that behind the scene, there are still so many things that are done in the wrong way. So I think that’s probably the biggest mistake going on right now. Because the issue, again, back to what I mentioned early on, is the overlap between legal, technical, analysis, and marketing. Legal will say, oh, you need a consent banner. And technical will say, yeah, sure. We can implement that. And they will put on the consent banner, but tying up all the little things around it is actually super difficult. It’s much more difficult than actually doing an implementation of AE analytics solution out there. Content management is much more complex than everything else I’ve done in my career.

And I’ve been working on the web ever since 1991 when it came out. It’s much more complex so that this is the most obvious issue is putting a consent banner out there that actually does nothing. And I’ve seen it on many websites. Nice banner, the message is there. We’re using cookies. We care about your privacy, blah, blah, blah. But when you open the cover and look behind the scene, you realize that it’s all BS, and that is very harmful to trust. It’s just a bomb waiting to explode for any brand. So I think that’s, for me, that’s the biggest issue.

The other thing I would say, the second one is, how do you go from … Already there are many marketers who don’t want to hear and know about JavaScript and tagging, and all those technical things. I still hear people in the market that, sadly, don’t like numbers. They just want to be creative, but the reality is marketing cannot be disassociated from measurements and optimization. And in order to understand that, you need to understand how the web works, how data is being collected, and all those aspects. And conversely, you have technical people that are really good at the technical aspects, but maybe they lack understanding of the business impact and understanding the business side of things. It’s been like that since the beginning of the web. And I think, even in the early days of computer science, there was always that gap between business and IT taken broadly or being really specific to web development and so on.

So I think this is a reality, and it’s not getting any easier. It’s getting much more complex. In a way, I feel like we’re living, kind of going back to more of a computer science approach to marketing and marketing, overtaking computer science at the same time. So we need to find ways to continue to work on bringing those together in agreement and joy and happiness.

Anna Shutko:

Perfect. And where can the audience find you if they would like to connect with you?

Stephane Hamel:

I think the easiest way is simply to look for me on LinkedIn, Stephane Hamel on LinkedIn. You’re going to find me very easily. And from there, you’re going to be able to follow me on Medium, where I publish some articles about privacy and ethics in marketing. And of course, Twitter and all the other ones, but the easiest one is LinkedIn.

Anna Shutko:

Awesome. Stephane, thank you so much for sharing all the useful tips and thank you so much for coming to the show.

Stephane Hamel:

Thank you, Anna. That was a pleasure.

Stay in the loop with our newsletter

Be the first to hear about product updates and marketing data tips