Actionable tips, community conversations, and marketing inspiration.

The Battle For Privacy: From Liability to Asset

Jason Finkelstein

CMO @ AdRoll

Topics Covered:

What’s the sexiest part of managing a brand? Most people wouldn’t say it’s communicating the brand’s compliance strategy and privacy policy. However, more companies are finding hidden value in what has traditionally been seen as the dry domain of legal. Privacy isn’t just a policy anymore — it’s a brand identity that helps differentiate first-movers in a crowded marketplace.

When Digital Privacy Breaks Through

The internet has been around for almost 40 years and it seems like digital privacy is only now becoming a big deal. But the surprising truth is that it’s been a big deal for quite a while. Since the early days of networked computers, philosophers, thinkers, scientists, and users have been having an ongoing conversation about what privacy means in a digital world. The Organization for Economic Cooperation and Development (OECD) published a set of guidelines for network data privacy in 1980. Books and scholarly research on individual data privacy go back to roughly that same period.

But the internet was different prior to the early 2000s. It was a place inhabited by the tech-savvy and the future-conscious. The early users were resistant to the idea that privacy was something that needed to be enforced. They understood the risk, or thought they did, and took matters into their own hands; they did business with privacy-minded companies, took sometimes extraordinary steps to protect their identities, and were mindful of what they did and where. Meanwhile, the general population largely ignored the entire conversation — the average person still thought the internet was a fad, and that “those weirdos” online had no bearing on reality.

Then things began to change. By the mid-2000s, Google was a household name, and “googling” something became a common phrase. Facebook’s growth and expansion off of school campuses and into suburban homes brought millions of people online. Amazon began its steady march toward conquering the world. Netflix, Instagram, Yelp, and Gmail brought the internet out of the realm of hobbyists and into the real world. The privacy boffins of old noticed this happening, but had trouble gaining traction — they weren’t taken seriously and were largely speaking a language that was indecipherable to casual internet users.

By the 2010s, privacy could no longer be ignored. A series of data breaches revealed millions of users’ private details at companies like Sony, TD Bank, Yahoo, AOL, Facebook, and CVS. Suddenly the news was carrying weekly stories about the latest hack or exploit dumping the information of regular people across the web. Then people learned how the web makes money — by collecting and selling users’ personal information. As the final nail in the coffin, the 2016 U.S. presidential election made it clear that privacy wasn’t a radical idea but an absolute necessity.

From Liability to Asset

Meanwhile, DuckDuckGo was gaining traction behind the scenes. The privacy-first search engine works similarly to Google and even had a very similar layout until Google added cards and the local pack. Founded in 2008, the search engine startup did things differently. Instead of keeping a history of users’ searches, DuckDuckGo ... didn’t. Instead of making money through hyper-personalized ads that counted on cookies and tracking users’ locations through their phones, smart cars, and browsing histories, DuckDuckGo simply looked at the thing being searched for right now and served ads that matched that search.

For over a decade, this search engine flew under the radar. It was beloved by privacy advocates and people who didn’t want their search history to pop up on the family computer, but not by anyone else. Then suddenly in 2017, searches for DuckDuckGo on Google (ironically enough) spiked. Between 2016 and 2020, search volume tripled, and the browser was just recently included as one of the default search alternatives that Google has to make available to all Android users in Europe. It’s now the sixth-largest search engine in the world by market share (and third in the U.S.) and growing quickly.

On the other side of the household name coin is Apple. The venerable tech behemoth has been in a battle with Google for market supremacy for decades and has recently turned to the one differentiator that Google can’t possibly claim: data privacy. “Privacy. That’s iPhone” the commercials exclaim at the end of a montage of people being private. It’s a compelling message in 2020 and makes a strong case for picking the iPhone over an otherwise almost identical competitor.

Two companies, wildly different in size, are both harnessing a newfound superpower to take market share. And they aren’t the only ones. Companies like WhatsApp (now owned by Facebook), Signal, Secret, and the like have made huge splashes by offering something that just a few years ago was completely ignored: privacy.

Turning Privacy Into a Brand Differentiator

Putting privacy front and center is a no-brainer for modern brands. It’s been one of the biggest breakout topics of 2019 and consumers care very deeply about it. A study from early 2019 pointed out that 89% of American consumers feel they should have a say in whether tech companies can share their personal data or not. And while that same study points out that not everyone agrees with who should be responsible for protecting user data, enterprising brands can show leadership by embracing their role in the privacy battle.

Doing so, however, means more than just adding some text to a privacy policy. The EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) both have specific provisions for how you handle user data, including how you notify users about your privacy policies and how you secure the data you’re collecting, using, and selling.  Before embarking on the path to privacy as a core brand value, companies need to consider several factors.

Is the business model compatible with privacy?

Google, for example, relies so heavily on collecting and using user data that it would likely have difficulty seriously pushing a privacy-first narrative. Some business models work better for turning privacy into brand value. E-commerce companies, for example, can prioritize privacy relatively easily, while a company built on identifying customers may have difficulty.

Is the entire company ready to make privacy a priority?

Marketing might think a privacy-first message is great, but will the sales and revenue operations teams agree? What about customer support? IT? Getting everyone on board first is a priority, but it can be especially difficult in more established companies that have existing data use policies, or that are hesitant to let go of potential revenue streams or engagement opportunities.

Is the infrastructure ready to put privacy first?

Companies with the best of intentions may still have difficulty transitioning to a privacy-first approach simply because they don’t have the IT infrastructure to support their plans. This may be because they don’t have the expertise in-house to properly store and protect customer data or it may be the result of having to use third-party tools with less than ideal customer data policies.

Is there a communications plan to let customers know about the privacy focus?

Privacy policies have come up a lot in this article, and for good reason. For most brands, the privacy policy is usually the only way they communicate with customers about safeguarding their data. In some jurisdictions, they may also incorporate pop-ups/overs and some opt-in text on forms. This is nowhere near enough for communicating a true privacy-first initiative. Apple has spent tens of millions of dollars on getting its message out, and DuckDuckGo makes it a central theme in every communication it puts out.

Be in Front of the Race

One thing is clear: while privacy as a brand value is a strong differentiator, it should not be undertaken lightly. Like reliability and customer service, a reputation for safeguarding customer data is hard to gain and easy to lose. Brands need to focus on making privacy, not just a communicated value, but a lived one. And they need to have all of the pieces in place before they set out. It’s a marathon, not a sprint, and training early and dedicating resources throughout is more necessary than ever. Don’t just show up to the race, be at the front of it. 

Explore Next

Topics Covered: