It’s no secret that the age of digitisation has improved many aspects of our daily routines and nowhere has this been seen more than in the meteoric rise of online product consumption, courtesy of e-Commerce against the backdrop of the COVID-19 pandemic.
During this time marketing and advertising have been forced to adjust in order to keep pace with the online experience, which has proven imminently beneficial for the sector in gaining the attention of an expanded group of consumers, while also proving highly cost-efficient.
However, while everything might appear rosy in this new engagement-sales utopia, the menace of data privacy continues to be of significant concern to both industry and audiences alike. Added to this is the existence of Big Data, which further intensifies the problem. Organisations now find themselves facing fresh hurdles to overcome in understanding new developments in purchasing behavior and regaining damaged customer trust.
Why privacy matters
The earliest definition of privacy is found in the medical world within the Hippocratic Oath and medical practitioner’s pledge to ethically serve patients and retain their confidentiality. In the digital landscape, privacy is understood as the right of individuals to keep their personal information and actions secure, while only disclosing information they choose to.
Despite this, Big Data thrives on the digital traces left behind by users’ activities. It is defined by the three ‘V’s’:
1. Volume –the huge amount of user data that can be processed and analysed
2. Velocity – the speed of data creation and how fast this can be acted upon
3. Variety – the unstructured nature of Big Data and the need to distinguish functional versus sensitive and private detail
Big Data is widely available, especially on social media and e-commerce platforms, and is mined with digital tools by data scientists to create consumer profiles which better represent an individual’s interests. In theory this provides a more personalised experience that effectively connects and convinces a consumer to purchase a select product or service.
However, the reality is that Big Data is prone to serious privacy concerns, ranging from a breach in a firm’s online platform opening audiences up to potential cyber-criminal activity, through to consumer fatigue and the widespread erosion of trust and brand reputation.
The reality of confidential data ambitions
Various data regulations have been introduced worldwide to protect consumer privacy. For example, the US Federal Trade Commission (FTC) adopted overseas consumer data protection, justifying the need to avoid deceptive practices. Irrespective of this, US privacy laws do not include any form of consent, which raises serious questions over the control an individual has with regards the sharing of their personal data.
On the other hand, Japan had no privacy laws until 2003, when the Act of Protection of Personal Data was introduced, primarily out of international pressure as the Japanese lifestyle is such that individuals are generally unconcerned with their online privacy.
However, the most problematic regulation comes from China’s social credit system, a result of numerous pilot projects across the country’s regions and the integration of private and public sectors to create and make use of improved new technologies. This system has led to a continual and intrusive evaluation of the Chinese citizenry as part of an ongoing attempt to bring society in line with governmental visions.
The Cambridge Analytica fallout
Data privacy regulation gained momentum and enforcement following the scandalous revelations from the Facebook-Cambridge Analytica case, which helped manipulate the 2016 US election in favor of Donald Trump’s campaign and skewed the UK’s BREXIT Referendum.
After the European Union’s General Data Protection Act was introduced in 2016, it came into full effect by 2018, just in time to coincide with and give more prominence to Cambridge Analytica’s nefarious actions.
One outcome has been the General Data Protection Regulation (GDPR) legislation, which has progressed significantly beyond its Data Protection Directives (DPD) predecessor to safeguard individual rights, such as the right to oppose the processing of data for marketing purposes, and the right to be forgotten online.
Applications of the law have appeared to vary between European member states. For instance, Luxembourg’s National Data Protection Commission (CNPD) found that Amazon had been violating GDPR for years and proceeded to issue a fine of US$888 million. At the same time, while 60,000 data breaches were reported in 2019, only 100 fines were issued. This strongly indicates that the GDPR operates differently between countries, raising a number of concerns about its effectiveness.
What next after BREXIT?
The UK’s exit from the EU has also posed questions about the direction of its data privacy laws. In general, the UK has demonstrated a questionable commitment to privacy, including surveillance within schools. However, it has tried to adhere to the DPD and GDPR laws. In June 2021 the UK made several data agreements with the EU, one of which focused on GDPR, stating it would continue to use the same data laws as if it had remained in the EU.
That said, the UK’s Data Protection Act (DPA), while closely resembling the EU’s GDPR, exhibits substantial differences, such as allowing data retention for historical and statistical purposes.
Research shows gap in privacy impacts
Nada and Nikolaostook a deep delve into the scope of consumer awareness of digital products and services, examining attitudes in Belgium, Greece and the UK, unearthing some surprising differences over how data privacy impacts purchasing behaviour and trustworthiness between northern and southern Europe, and post-BREXIT UK.
Interviewing 35 individuals aged over 18 and frequently engaged in online purchasing, our findings indicate that nearly all are aware of their personal data and the digital marketing methods targeting them. Discussion also covered online buying frequency, perceptions regarding e-mail marketing, the effect of personalised advertising on e-privacy, GDPR, dynamic pricing, data breaches from a known and favoured brand, and trust in online transactions.
Although it has become steadily evident that the COVID pandemic has influenced almost every type of shopper to switch from physical to online buying, generating considerable volumes of Big Data in the process, the majority of our respondents feel that the concept of personalised marketing has failed to effectively influence them.
For example, UK and Belgium research participants stressed the intrusiveness of personalised advertising. At the same time, Greek respondents view this as informative and innovative, in some cases suggesting that it was not used enough. Overall, those surveyed understood that consenting to their data being shared results in personalised advertising.
“Since I have clicked on ‘yeah, I consent’ in cookies for most of the websites I buy from, I think it’s nothing wrong with them.” (Greek research participant)
The purchasing influence of an ad has a different impact. Belgian participants put their faith in the information available on a website, while Greek respondents tend to be more skeptical and will research a website if it is new to them.
“So, I might be inspired by the product, but I wouldn’t necessarily buy it from the website that offered it to me. So, I would do further research, like, if it fulfills what I expect it to fulfill, and then I would be looking at, probably, several websites and several countries to see if there is any difference in price and whether the company is, you know, like real company.” (Belgium research participant)
UK participants express considerable purchasing reluctance and the familiarity of a website is an essential factor for them.
Interestingly, awareness and understanding of dynamic pricing is generally very low. The Belgian sample showed meagre interest in this subject and would instead search for better prices elsewhere. The UK group focused mostly on websites themselves and the quality of the product, rather than the price. The Greek sample expressed the most negative feelings, viewing dynamic pricing as a form of scam.
“Unless the website I’m going to buy for this product is pretty shady or it doesn’t ask for consent or the guidelines for the collection of the data, are murky, I wouldn’t buy it” (Greek research participant).
E-Mail marketing is negatively perceived by all participants. In Belgium participants were annoyed by its very existence, proving indifferent to their ads. Greek participants equally expressed indifference because the medium is not personalised. In the UK respondents were frustrated by the enormous volume of emails they received.
“I just unsubscribe because my email is filled with advertisements from shops so it really bothers me.” (UK research participant)
As a result while most participants’ experience online adverting as a general ‘all purpose’ solution, their expectations demand more personalised engagement. Belgium participants were the only ones who showed gratitude towards GDPR’s existence. Greek and UK participants were indifferent to the regulation as a whole, with Greek participants pointing to flaws in the legislation, such as the absence of a data privacy guarantee, whilst the British highlights the overall confusion raised.
All participants expressed the need for better data protection enforcement through improved consumer education.
“I just sort of click through them…I don’t really think about them too much.’ (UK research participant).
Despite these sentiments, when exposed to non-regulated websites where any data about them could be collected, all participants would prefer to opt for an EU-based website due to the GDPR and its protection guarantee.
This choice, however, is also influenced by a website’s status. For example, some UK and Greek participants put more faith in established websites and brands rather than the GDPR.
“I think that here again it depends on the trustworthiness… if it is a well-known store or if it is some sort of big company, I would trust it much easier than I would some like, random.” (Greek research participant).
Data breaches in a general brand website have a severe impact on participants from Greece and Belgium, who are unwilling to purchase from it again in the future, while UK participants would consider buying again from a breached website.
“I would try to either discrourage people from buying on this website because if it happens once, it can happen again.” (Belgium research participant).
However, remaining loyal to an extent, Belgian participants would choose safer purchase methods to support their favorite brand. Greek respondents are more skeptical and would lower buying habits from the particular brand, while those in the UK appear consistently loyal, as the majority stated they would still trust the company.
The scale of a data breach also plays an important role. Belgian and Greek participants emphasise the value of their sensitive data and indicated that the type of data stolen would play a critical role in their trust. Surprisingly, UK participants did not express an opinion and largely showed indifference over the issue.
Regarding contactless payments and how this affects privacy, both Belgium and UK participants carefully consider the safety of online payment, often using methods such as PayPal to remain secure. Greek participants tend to use PayPal for online purchases overseas, due to the pandemic, but it is evident that physical money makes them feel safer.
Two clear findings emerge. Firstly, consumer trustworthiness is determined by brand loyalty and the brand’s status within the market, which in turn influences consumers to purchase, more so than concerns over GDPR and the likelihood of a data breach. Secondly, GDPR needs to make consumers more aware of what it entails as the majority appear to have little or no opinion on the subject. Altogether this means the bigger the brand is within the market, the easier it is to influence consumers, who are unlikely to question its actions, irrespective of whether they are loyal or not.