The Role of Data Privacy In Digital Marketing - By Nupur Mehta1 ABSTRACT In the digital marketing landscape, data is gold. However, as privacy laws become more stringent, the need to adapt to new methods of collecting and storing data becomes more pressing. As a result, it is sometimes critical, not only from a marketing standpoint, but also from a consumer standpoint, to keep a close eye on and be well aware of these data privacy laws. This paper starts the discussion by highlighting the significant data privacy laws and policies in India, as well as how they affect and are implemented in the Digital Marketing World and how digital marketing can actuall co-exist with data privacy. One primary objective of this research is to better understand the position of Indian data privacy policies in comparison to the laws of the United States and the United Kingdom. The research goes on to detail various cases of data misuse and data privacy guidelines in countries such as India, the United States, and the United Kingdom. This paper concludes by discussing the complexities of these policies and how digital marketers can effectively adapt to them. Keywords: Data ,Digital Marketing, India, Laws, Privacy INTRODUCTION Marketing is a fast-paced and ever-changing, business activity. Marketing's role has shifted dramatically as a result of various crises, including resource and energy shortfalls, inflation, economic recessions, massive unemployment, declining businesses and companies, terrorism and war, and the effects of rapid advancements in technology in specific industries. Such changes, as the internet, have compelled today's marketing to become more digitalized. Digital marketing is a trend that is spanning the globe in this digital age. The trend of digital marketing is growing day by day with the ideas of online marketing that is turning into a critical forum of digital marketing alongside electronic gadgets like digital billboards, tablet devices, and cell phones and numerous others that support digital marketing. Although digital marketing has helped to overcome the challenges of traditional marketing by reaching a large audience in a short period of time, it also has 1 PRN : 1182200142 , TY.BBA.LLB Div:B its own set of challenges, such as dealing with data privacy issues and providing a personalised experience to consumers at the same time. It's unsurprising that questions about data privacy and security have arisen in an age when almost all human data is available and shared online.Data privacy is basically the ability to control how data is distributed, used, and shared online. Data privacy is recognised as a human right in some jurisdictions. Consumers are becoming more aware and increasingly uneasy about data gathering in their daily lives. With legal measures such as GDPR, Apple's privacy modifications, and options such as Firefox offering improved data privacy for customers, it's clear that the era of endless finegrained consumer data is coming to an end. Regardless of the fact that almost every consumer wants more privacy, 63 percent believe customization should be standard when they're provided or sent special or promotional offers. Marketers are left wondering how to meet consumer needsand demands in the absence of a wealth of consumer information. IMPORTANCE OF DATA IN DIGITAL MARKETING One of the mainstays of digital marketing is data. A digital Marketer must comprehend the data and sould take the full benefit of it to get more potential leads, also to create customer involvement and commercialise investment oppurtunities as well. When it comes to customising the consumer experience, data is crucial. Customers want to feel special and will leave if they are overpowered by information or advertisements that are not specifically tailored to them. The Data is usually used to do the following; A. To enhance customer experience Consumer data can help many businesses better understand their customers' needs and increase customer engagement. Companies can deftly modify their online presence, products, or services to better suit the current marketplace by analysing customer behaviour as well as massive stashes of feedback and testimonials. Businesses use customer information not only to improve overall consumer experiences, but also to make decisions on an individual basis. B. To improve a business's marketing strategy Contextually relevant data can help companies know how consumers interact with and respond to their advertising campaigns, allowing them to adjust accordingly. Based on what they've already done, this accurate estimate provides businesses with an idea of what consumers want. Marketing, like other components of consumer data analysis, is becoming more personalised.Mapping and personalising consumer journeys, not only on ones website, but also on platforms such as LinkedIn, Facebook, or any other website, is now crucial. Data segmentation efficaciously allows you to market only to those you realise are most likely to respond. These have created new opportunities in previously difficult-to-market industries. C. Convert the data into income Companies that collect data stand to profit. Data brokers, or data service providers who buy and sell customer information, have emerged as a new industry alongside big data. For companies that collect huge amounts of data, trying to collect and selling information represents new revenue streams. This data is extremely valuable to advertisers, and they will pay for it, so the demand for more data is increasing. That is, the more diverse data and comprehensive data profiles, the more money they can make selling this information to each other and advertisers. This can be ethically wrong as no consent of the customer is taken while sharing the data with other parties. D. To protect more data Some businesses even use consumer data to protect more confidential material. Banking institutions, for instance, may use voice recognition information to authorise a user's access to their banking details or to safeguard them from deceitful attempts to steal their details. These systems operate by combining information from a customer's call centre interaction, artificial intelligence algorithms, and monitoring technologies to identify and flag potentially fraudulent attempts to access a customer's account. This eliminates some of the guesswork and operator mistakes in detecting a fraud Types of Data collected - Personal information. This category includes both personally identifiable information like Social Security numbers and gender and nonpersonally identifiable information like your IP address, web browser cookies, and device IDs (which both your laptop and mobile device have). - Data on engagement. This information describes how customers are interacting with a company's website, mobile applications, messages, pages on social media email messages, paid advertising, and customer support channels. - Data on human behaviour. This category comprises of transactional information like previous purchases, product usage data (like repeated actions), and qualitative information (e.g., mouse movement information). - Data on attitudes. This data type includes consumer satisfaction, purchase criteria, product desirability, and other metrics. REQUIREMENT OF DATA PRIVACY POLICIES When an individual purchases goods online, uses a service, pays taxes, enters into a contract or service, registers for email, or visits the doctor, they must provide personal information. Without any interaction with the individuals, companies and organisations generate and capture data and information without their knowledge. Citizens and consumers have confidence in both businesses and governments because of statutory law governing data protection practises, which aids in effective legislation to reduce corporate surveillance and data exploitation. A data protection policy is a security policy that governs the use, monitoring, and management of data. Its primary goal is to protect and safeguard all data consumed, managed, and stored by the organisation. It is not required by law, but it is frequently used to assist organisations in meeting data security laws and regulations. Data privacy is recognised as a human right in some states. In others, businesses are free to use data however they see fit. Here are some examples of how personal data can be abused: A. Gathered without the user's permission B. Profitably sold to third parties C. User behaviour monitoring and recording According to 81% of users, the risks of businesses collecting data outweigh the advantages.Data privacy has always been important, irrespective of territory.2 People want assurances from companies that the information they give will be properly handled. As a result, many organisations have implemented data protection practises that demonstrate their commitment to maintaining and handling customer data with care. Businesses that utilize unethical customer data management practises or suffer security breaches due to a lack of security precautions risk ruining their reputation and face a lot of losses. Even though the ultimate aim of Data privacy and Data protection policy is same but they are slightly different; A privacy policy is a document that informs customers about how their data is collected and processed by the organisation. Companies that must comply with privacy regulations make it available to the general public. A data protection policy is an internal document intended to establish data protection policies inside a company. It is made accessible to company staff and third parties who are in charge of managing or handling sensitive information. Whether you use the phone to sales calls prospects, meet potential clients, or make connections at events, proven marketing plans that convert visitors into customers are considered the 'pinnacle' in the industry. The vast majority of online customers presently are worried about their personal information and privacy. Such concerns frequently involve sensitive data such as a location, mobile number, and a credit card number. Consumers have a very valid reason to be concerned as to what companies do with their information. By taking the necessary security precautions, worldwide e-commerce companies can ensure that they not only conform with latest privacy laws, but also build worldwide trust with their clients. IMPACT OF PRIVACY POLICIES ON DIGITAL MARKETING Obviously, eradicating threats to cyber security is critical in any digital business undertaking, including digital marketing. Marketing is interesting, but your marketing plan involves collecting customer information - and doing so via cookies. This means that changes in the law may have an impact on digital marketing. 2 Americans and Privacy<https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concernedconfused-and-feeling-lack-of-control-over-their-personal-information/>accessed October 2022 According to recent surveys, more than 90% of consumers are concerned about their online privacy, and nearly 50% have limited their online activity due to privacy concerns. Concerns about privacy and security have a direct impact on digital marketing; Every year, email marketing becomes more difficult to comprehend. First off, increasingly more countries have anti-spam legislation, which is appropriate. This can make it challenging for marketers to comprehend the spam rules that vary by country, such as what constitutes consent to receive email marketing and what consumers must do to stop receiving emails. The best rule to follow is the most stringent. The company it very clear to clients that they are signing for an email list. The second issue is something you can't completely avoid: phishing emails. Phishing is an attempt to obtain personal details or gain access to online account holders through the use of misleading emails, texts, advertisements, or websites that appear to be close to sites individuals are already using. Nevertheless, a company can take steps to safeguard thier clients from such emails by everytime greet them with their full name or screen name, place thier logo at the same location each time, include thier privacy information at a specific location. By using the same format everytime users come to know what the valid and actual email by your company looks like. But still phishing not completely avoidable as their are many hackers who are great a copying formats and even websites for that matter. customers to click on suspicious links. This undermines client trust. And all these bots will often seem to spam any site that lacks adequate security. As a result, the comments page of ones blog or social media post may become swamped with suspicious links. Clients look at it, after which turn and flee. If ones website's customer expectations are low, then Google's will be as well, negatively affecting your Search engine rankings. The value of SEO in digital marketing cannot be overstated and these spam bots are indeed a total SEO killer.Which will directly affect your business. DATA PROTECTION LAWS AND REGULATION Data protection laws refers to a collection of privacy regulations, policies, and procedures designed to limit the invasion of one's privacy induced by the collection, storage, and propagation of personal data. Personal data is generally defined as information or data relating to an individual who can be recognised from that information or data, regardless of whether it is collected by the government, a private organisation, or an institution. Right To Privacy The right to privacy is a component of various legal traditions that seek to limit governmental and private actions that endanger individual people' privacy. The right to privacy is mentioned in over 150 constitutions.3 The right to privacy was regarded as a basic right in Justice K.S. Puttaswamy vs. Union of India 2017, mainly through Article 21 of the Indian Constitution.4 To make this right meaningful, the state must establish a data protection framework that serves the common good while protecting people from threats to informational privacy posed by both state and non-state actors. The Committee must work with the understanding of the state's duty when developing a data protection framework. Regulations in India A series of accusations against big tech companies for misusing and poor handling personal data marked a significant shift in public perception of data privacy breaches. Following that, many states reworked existing laws to pave the way for stricter regulatory systems. India is no exception, and it is trying to make efforts in this area as well. This area is currently governed by the Information Technology Act , 20115. Section 43A of the Information Technology Act allows a data principal to seek restitution for the unauthorised disclosure of sensitive personal information. Section 72A is the penal provision that allows for imprisonment or a fine for anyone, including an intermediary, who reveals sensitive personal data without consent. These laws, however, are deemed insufficient due to their narrow scope. As a result, the Personal Data Protection Bill, a comprehensive draught law, was introduced in 2018 to help shape the regulatory system. It aims to provide the right governing mechanism and deploy the right data facilities so that India can harness the power of data. However, the bill has been plagued by a number of disputes and has already been amended three times. India's local storage mandates may be an impediment to reaching an agreement with the US under the Clarifying Lawful Overseas Use of Data Act also known as the CLOUD Act, an enabling US 3 Aditya Verma ‘Right to Privacy’(central information report) <https://cic.gov.in/sites/default/files/ Right%20to%20Privacy%20and%20RTI%20by%20Aditya%20Verma%20%20%281%29%20%281%29.pdf> accessed 2022 October 4 K.S. Puttaswamy vs. Union of India [2018] SCC1[2019] 5 Information Technology Act, 2011 law that allows for global cooperation on access to data by foreign states for inspecting "serious crimes" when national data laws contradict. If India was a party to the agreement to the CLOUD agreement and was investigating a crime that involved data stored by a US-based service provider, no US permit or court ruling would be necessary to obtain that data. An Indian court order could be utilized to accomplish this. Indian government agencies could directly contact this US supplier and request the necessary data. Because of its massive size and number of internet users, India envisions using its leverage in the global data economy. However, the Data Protection Bill is crucial to conducting a comprehensive assessment of the proposed law and the dangers that some regulations carry, especially those pertaining to cross-border transactions, in order to ensure that the eventual law does not contradict the extremely important component. Data Protection Regulation in other countries GDPR and CCPA are acts passed in Europe and California, respectively, to confirm that their citizens' online privacy is safeguarded. The General Data Protection Requirements (GDPR) of the European Union establishes the rules for data capture, storage, usage, and sharing for businesses. GDPR regulation and compliance are important not only for European countries, but also for any business that specifically target or collects personal data from EU citizens.6 The GDPR has had the most impact on digital marketing, which is why you've been seeing all of those cookie popups on websites lately. You must have someone on your team who will ensure that everything you do is GDPR-compliant, from how data is collected and filtered to how your consumers can access that data. Even if a business has no connection to European customers, it should still be GDPR-compliant because if a company processing information from any European customer, they could submit a request for access to their information. The GDPR is presently the most stringent digital consumer protection law in existence. Adherence with the GDPR will put you well on your way to complying with other digital privacy laws. The California Consumer Privacy Act has brought data privacy to the United States (CCPA). The CCPA is similar to GDPR regulation in that it necessitates customers to opt out of data gathering 6 General Data Protection Requirements,2018 instead of placing the burden on service suppliers. It also designates the state as the entity responsible for developing applicable data law, rather than the internal decision-makers of a company.7 There are many laws in The United States that focus only on children. But in some countries like Austrailia, to meet the requirements of the digital era, the government has amended the laws relating to the Australia Privacy Act 1988. Dragon Fly Search Engine There are still some countries in which Government have full or large amount of control over data. For example China, Taking the case of Dragonfly. According to reports dragon fly was a search engine which was being developed by google only for China. The Dragonfly search engine was being developed to conceal search results that China's authoritarian regime wishes to restrict, such as information about democracy, freedom of speech, peaceful demonstration, and human rights. So whenever a Chinese citizen would try to access any such information the search engine would restict it and the direct report of the citizen was collected by the Chinese government. This search engine would not only hide search results that the Chinese government wishes to suppress, but it would also track a location of a user and share a user's search history with a Chinese official who would have "voluntary access" to the data. This usually includes access to a user's mobile number etc. But after a lot of controversies, google has decided to terminate this project. But still the Dragon Fly project is an example of a clear No Data Protection Policy in a country.8 COEXISTANCE BETWEEN DATA PRIVACY AND DIGITAL MARKETING Many of these regulatory requirements were prompted by a series of consumer-impacting data privacy controversies, such as the infamous Cambridge Analytica scandal, in which personal information connected to thousands of Facebook users was obtained without their permission by British consultancy firm Cambridge Analytica, primarily for political purposes marketing. These events exposed the general public to how their data was being stored and used in ways they may not approve of, eroding consumer trust and prompting several companies to reconsider how they obtain, gather, store, and influence consumer data. The many companies have taken significant measures in recent years to limit access to consumer data like In 2021, Apple made a significant change by 7 The California Consumer Privacy Act, 2018 8 Google Dragonfly<https://theintercept.com/collections/google-dragonfly-china/>accessed October 2022 limiting monitoring on iPhones. As a result, the Big Four technology companies have lost $278 billion. Tracking cookies are now blocked by default in Firefox. To resolve privacy concerns, Google released an updated version of Google Analytics. According to The Rise of Data Capital, a 2016 report by Oracle and MIT Technology Review, one of the major reasons for the success of companies like Google, Uber, and Amazon is that they have adopted the mindset of "data as an asset." When firms treat data as a form of capital, they stockpile, commodify, and commercialise as much information as possible.9 In current times the digital marketing can go hand in hand with data privacy and protection policies if the create transparency on thier website .This includes easily accessible privacy laws, cookies, and the terms and conditions pop-ups. With this Customers will be able to easily opt out of sharing data and feel safer while using the site as a result. Businesses can also target customers on a macro scale by optimising thier creative strategy is another way to address new data privacy challenges. Instead of only creating personalised ad experiences, they examine thier metrics on a macro level. This will allows them to target a large number of consumers without requiring their personal information. Businesses should start giving something back to their customers. Customer satisfaction insights are an excellent way to connect with customers. In exchange for their personal insights and information, provide a discount code. This method clearly states that data exchange is optional for customers who wish to opt out. Meanwhile, because social media and online channels are now important places for consumers to interact with brands, brands are making strategic shifts to social. This not only creates opportunities for meaningful connections, but also provides a platform for brands to create more immersive experiences for their customers. Brands should try out various types of content, such as natural and genuine videos, to figure out how to promote good engagement for users scrolling through the feed. This method, which completely ignores data privacy regulations, is all about trying to make personal connections and creating a brand. The Rise of Data Capital<http://files.technologyreview.com/whitepapers/MIT_Oracle+ReportThe_Rise_of_Data_Capital.pdf>accessed October 2022 9 CONCLUSION In contrast to the physical world, there are very few visual cues indicating the capture of personally identifiable information in the digital world. In cyberspace, the default setting is to collect more personally identifiable information than is currently the case for similar activities in the physical world. The risk society dynamic, in which surveillance is required to manage the risk and uncertainty inherent in relationship dynamics, has been transmitted to cyberspace. Data privacy laws are influencing how businesses collect, store, share, and analyse customer information. Businesses that have so far been unaffected by data privacy regulations can expect a greater legal obligation to protect their customers' data as more people demand personal privacy.Data collection by private companies, on the other hand, is unlikely to disappear; rather, it will change form as businesses adjust to new statutes and regulations. Privacy is a fundamental human right, and the computer system includes a vast amount of sensitive personal data. The utility and degree of importance of data are not the same; they differ on the basis of utility. With the increasing monetary value and significance of private information by businesses worldwide. Effective legislation to safeguard it has become increasingly important. Even so, with the advancement of the cyber world, anyone can access any information relating to other people from any part of the world at any time, posing a significant threat to personal and private information.This issue has been explicitly raised by companies doing business in India but whose data is controlled and transmitted to another country. The government is considering the concerns of businesses and is planning to implement a data protection bill in the future to address the country's need for data protection.Which will not only help the customers in maintaining their privacy but also set a clear picture in the minds of the company, so that they can use data in a legal and in more effective manner.
