It was hard to not feel like Rick Knott, General Manager ANZ, Infosum, was at the wrong conference. Two hours into IAB Australia's Privacy and Data Summit, with its discussions about compliance, regulation, and deleterious impact of proposed changes to the privacy laws on digital marketing, Knott offered the audience a simple prescription for framing the whole debate.

“We should think about privacy like we think about all of our ESG [environmental, social and corporate governance]. What's the best I can do? What's the most privacy compliant or privacy capable I can be? How can I show the most respect to my clients, my customers, my partners around that data rather than what's the minimum I can get away?”

Knott’s business operates in the rapidly emerging data clean room market, a sector that allows two different businesses or arguably (if you’re a lawyer) one business with two very discrete business units, the ability to wash their customer lists together. They can each then go off into the world and demonstrate their fealty to each others customers' privacy by respectively targeting the people they identify within the point of intersection - ie those consumers who are customers of both.

Balancing act

For its part the digital advertising industry has succinct response to concerns about its behaviour; you signed the terms and conditions. The problem is, most of the Ts and Cs are jargon that even the people who wrote them probably don't understand. The privacy proposals stipulate that those terms and conditions must now be so simply worded that anyone of average intelligence can understand what they are consenting to. Or it's not actually consent. That means a tonne of work rewriting the jargon – and asking everybody to consent all over again.

But as the IAB’s regulatory affairs lead Sarah Waladan, speaking on a later panel noted, there’s already a problem. “I saw a stat the other day on consent fatigue, essentially, that if the average consumer read every privacy policy that was sent to them, that it would take them 76 days every year [to read them all]. Clearly, consumers are not keeping up, and consent fatigue is real.”

The IAB finds itself between a rock and several very hard places in the debate over new privacy rules. Its members are almost universally aghast at the proposals around the treatment of targeting and segmentation in the context of de-identified data. But there are nuances beneath that. For instance, IAB represents publishers who need maximum flexibility to compete against Alphabet and Meta (and increasingly Amazon and other retail media plays). Those traditional publishers are also worried about the unintended consequences of the proposed act – such as stymieing public interest journalism – which literally needs to violate privacy sometimes to expose things like public corruption, as Guardian managing director Dan Stinton told the conference.

But the IAB also represents the adtech ecosystem, which is almost entirely constructed upon the kinds of behaviours consumers indicate they hate – the latest consumer survey suggests just nine per cent of Australians are comfortable with targeted advertising and how their online habits are tracked without permission and three quarters not happy about their personal data being shared and sold.

On the flip side, at least two of the IAB's large fee-paying adtech ecosystem members – Alphabet and Meta –  have seen how privacy regimes similar to the one proposed by the Attorney General have driven advertisers terrified of fines and reputational damage deeper into the security of their walled gardens. Alphabet and Meta might not like everything the government is proposing, but deep down they know that they, unlike the broader adtech community and rival publishers, will be just fine. In fact, restrictions on data collection will likely entrench their dominance, and we will all end up working for them.

That’s the needle Gai Le Roy, CEO of IAB Australia, must now thread.

But back to Knott, who business works the “how”, as he pointed out, while its up to marketers to work the “what”: how do you do it versus what should you actually do.

“When you think about it, all of this is coming from consumer demand or just general public demand," he later told Mi3. "And surely that's the ‘S’ of ESG. It is social, it's society. And this is what they're asking of us. They're asking us to have more respect, to have more care around their data, treat them like the jewels that they are. So, we feel that you shouldn't be approaching privacy from the perspective of, well, I want to do all this utility. What privacy tools can I throw in on top to try and make this okay.”

Instead, he argued, it’s better to begin from the perspective of privacy.

“It's locked down, but I want to be able to use it. So how can I work through and add things that mean this becomes usable? Which might sound a little bit semantics, but really it's just a mind shift.”

“It's just a way of thinking about things differently that starts from that genuine privacy-first, respectful position.”

Rulebook thinking

For their part, marketers often fall back on a technical defence: It’s first party data and it’s encrypted: as if owning a bludgeon that no one understands makes it ok to conk a customer on the head. To bastardise Knott, too much ‘how’, not enough ‘why.’

In its most recent annual Digital and Marketing in Focus survey into marketing and digital attitudes, consultancy Arktic Fox found an attitude amongst the marketing fraternity that privacy is somebody else's problem.

Despite potentially radical changes to the rules over targeting and segmenting consumers, more than three quarters of marketers indicate they are not focussed on improving compliance on data privacy.  Similar majorities say they are prioritising the very capabilities that have led to consumer concerns over corporate surveillance. 

According to Arktic Fox founder Teresa Sperti: “Privacy is the real big takeout. The research is telling us that there is a lack of understanding of the importance of privacy to the customer.”

Sperti acknowledges the importance of compliance and the house keeping aspect of privacy but says the current debate overlooks a much bigger issue.

"Marketers spend a lot of time, energy and focus talking about the importance of the brand. And we saw in the findings that developing the brand and brand purpose is still one of the big priorities for the year ahead.”

Despite this, she said, “Many brands fail to make the link between providing consumers with control and transparency and managing data in a way that they can trust.”

Too many marketers still fail to make the link between that brand and privacy, per Sperti.

“If you're really focused on the brand, you understand that to be a trusted brand, data ethics and compliance play a big role in how you are perceived in the market. I think there's probably a gap in understanding in that space as well around the importance of privacy to protect the brand and to build the brand reputation.”

Not everyone agrees, however, that marketers focus too much in the how, and not enough on the what.

Counterpoint

Chris Brinkworth, managing partner at Civic Data and co-chair of the IAB's Data Council, has a different perspective. He says that during Covid, consumers were forced to skill up in all aspects of digital and data. He suggests it's difficult to imagine marketers overlooking this shift.

Brinkworth said high-profile news cycles like Cambridge Analytica, Optus, and Medibank hacks coupled with imagery from Apple's multi million dollar ‘iPhone = privacy’ campaigns, will have influenced both consumers and permeated marketing ethos.

He told Mi3: "While the above is enough alone to drive marketers to consider both compliance and brand implications of their privacy practices, the repeated extensive stats-based research on privacy's impact on trust and loyalty and how it is directly tied to positive sales impact (or negative switching) suggests to me that while marketers are not yet quite there with the ‘technical’ aspect of compliance, they are not blind to the brand aspect."

Clarification: The section on data clean rooms has been edited to more precisely reflect how clean rooms work.