To Personalize or Hyper-Personalize? The Paradox of Privacy and Targeted Advertising

Today, consumers can access any store online with the tip of their fingers from a device that is always in their pocket. This level of convenience in choosing different options forces businesses to not just meet the needs of customers but anticipate and exceed them. With modern data collection practices in eCommerce and social networks, anticipating consumer’s needs and wants is easier than ever. Businesses are using AI and machine learning to examine vast amounts of personal information in real-time; allowing companies to send personalized offers and recommend specific products.

While consumers can benefit from this level of convenience, it also can invade their privacy, which can lead to undesirable impacts.

What is “Hyper-Personalization”

Hyper-personalization is the most advanced way companies can market and connect to a consumer. While traditional personalization may include collecting a consumer’s name, location, or purchase history, hyper-personalization utilizes browser history, cross-site tracking, data, analytics, AI, and automation to tailor a marketing strategy to individual customers. Traditional personalization is including a customer’s first name in a marketing email, whereas hyper-personalization utilizes a consumer’s likes on social media to target them with specific products. Through hyper-personalization, companies are creating unique and targeted experiences for each consumer that visits their website. GPS location tracking and automation grants businesses the ability to reach out to customers with personalized and targeted communications at the right place and time. The COVID-19 pandemic has also accelerated the eCommerce market and demonstrated the popularity of online shopping. With consumers spending more time on the internet, personalizing the online shopping experience offers many benefits to consumers and businesses. Hyper-personalization can give a company an edge in the highly competitive and accessible eCommerce market by improving the customer experience.

Hyper-Personalization in action

Companies have used hyper-personalization to bolster the consumer experience of using their service. Amazon and Netflix are some major companies that have fully utilized hyper-personalization in crafting their interface. Amazon collects customer demographics, search history, past purchases, and browsing habits to target individuals with specific products. Whether that be in the form of targeted emails of new products and deals or for the targeted products to appear on Amazon’s home page, Amazon ensures its customers see products that align with their interests. Netflix has also taken advantage of data collection in developing its recommendation algorithm. Netflix uses customer viewing behavior and other data points to recommend specific shows and movies. The algorithm has been critical to Netflix’s success and customer retention, as 80% of their users watch what is recommended, whereas only 20% of users search for new content^[i]. Being able to captivate a consumer base on the homepage of a website has led to the rapid success of Amazon and Netflix.

Personalization can be consumer’s best friend

Personalization is also something that consumers want in a shopping experience; according to an Epsilon 2017 online survey of 1,000 consumers, “the appeal for personalization is high, with 80% of respondents indicating they are more likely to do business with a company if it offers personalized experiences and 90% indicating that they find personalization appealing.”[ii] Consumers prefer this experience since it eliminates what is known as “choice-overload,” where a customer feels overwhelmed with a wide range of options. Many consumers will also leave a website and buy from a competitor when faced with too many options. Hyper-personalization reduces the effort required by customers to find what they are looking for, creating an uncluttered and simplified shopping experience. A personalized experience will drive marketing effectiveness, brand loyalty, and revenue.

The privacy drawback

“If you hyper-personalize beyond limits, it can become intrusive to the point where consumers become concerned about their privacy which impacts their trust in the services a company offers, and consumers may just leave the platform. Companies need to think about consumer privacy while developing a hyper-personalization strategy” said Sameer Ahirrao (Founder & CEO of Ardent Privacy) at Data Security Council of India‘s Best Practices Meet 2021.

The rewards of hyper-personalization comes with risks. As companies adopt and expand their personalization, one major issue needs to remain at the forefront: the invasion of privacy. For hyper-personalization to be effective, a company must constantly collect vast amounts of data and personal information from its customers. The more personal information a business collects, the less privacy a user has. That is why corporations need to walk a tightrope when it comes to balancing personalization with privacy. Take a local convenience store as a practical example. A good practice would be for the store to pay attention to what snacks and drinks customers like to buy. That way, the owner can put those items front of center and make sure they are always in stock. This cuts down the time a customer has to spend looking for an item and the frustration of a store not having what the customer came in looking for. Perhaps the shopkeeper could even learn the name of frequent customers to create a warm and inviting environment when they walk in; this is personalization done right. But, perhaps the day a consumer runs out of milk in her fridge the shopkeeper arrives at her doorstep with a new gallon of milk and also knows the name of everyone in her family, that is personalization taken a step too far. A company that “over-personalizes” will make their customers feel uneasy about sharing information with them, which will lead to a loss of consumer trust, brand reputation, and revenue.

Privacy compliance obligations

Online marketers also need to be aware of how data privacy laws regulate their practice. Laws such as the EU’s GDPR, California’s Consumer Protection Act (CCPA), California Privacy Rights Act (CPRA), and Virginia’s Consumer Data Protection Act (CDPA) currently regulate the collection and sharing of data, which requires companies and marketers to take certain steps before collecting information and using it for marketing purposes.

GDPR: There are three GDPR issues that arise with hyper-personalization marketing, a legal basis for processing, obtaining consent, and providing an opt-out option. In order for a company to process data under the GDPR, it must have one of six legal bases: consent, contract, legal obligation, vital interests, public task, or legitimate interest. Since online marketing is not a public service or a requirement to uphold a contract, online marketers mainly fall under the consent category. For online marketers to collect data, they will need to get consent (opt-in) for each data point they collect and intend to use for marketing. Without gaining consent, online marketers will have participated in unsolicited communication and collected data without a legal basis, both of which are violations under the GDPR. Marketers need to take an active step to obtain consent; it cannot be assumed. Websites often offer checkboxes with links to the privacy profile, giving consumers the ability to opt-in to data collection and targeted advertising. However, the GDPR requires that it be as easy to opt-out of data collection as it was to opt-in. Marketers and companies need to offer an easily accessible page that allows consumers to opt-out of data collection. Alternatively, marketers and companies can bifurcate their opt-out options, granting consumers the ability to determine which services they want to consent to. Under the GDPR, a company can still offer targeted emails but allow a consumer to turn off location tracking. This allows consumers to receive a personalized experience while also putting them in control over their privacy.

CCPA: While California’s CCPA does not have a specific opt-in requirement, it requires companies to grant consumers the ability to opt-out from data collection and personal data sales. Websites and marketers are required to list a “Do not sell my personal data” link on their homepage. Through this link, consumers should be able to access the privacy policy as well as opt-out of certain practices of data processes that are used for targeted advertising. Also, while marketers do not need to obtain consent from every consumer under the CCPA, parental consent is required to collect data from anyone under thirteen years of age, and affirmative consent is required from any minor who is between thirteen and sixteen years old.

CPRA: California’s newest law bolsters the restrictions on hyper-personalization. The CPRA grants consumer’s the right to opt-out of data sharing along with sales. Data sharing is often employed by marketers for “cross-context behavioral advertising”, aka targeted advertising. Companies and marketers often share data sets and consumer personal information with one another to best develop a customer profile. These profiles are used by marketers to create targeted and hyper-personalized advertisements, however; with California’s new law consumers will be able to know which companies are sharing their information and will be able to opt-out of this practice.

CDPA: Virginia’s privacy law, which goes into effect January 1, 2023, will also limit hyper-personalization. Similar to the California laws, there is no requirement to have users opt-in, but an opt-out option must be available for certain practices. Notably, the CDPA grants consumers the right to opt-out of data processing (including sales and sharing) for the purposes of targeted advertising and profiling. This means that marketers and companies are required to not only display their data practices in relation to hyper-personalization, but allow users to opt-out of it all together.

Personalization with privacy, the right balance

There are ways to have privacy and personalization co-exist. First, companies should align data collection to practical benefits for the consumer. Collecting only what is necessary for personalization, also known as data minimization, will help businesses build consumer trust by demonstrating they are not collecting excess information that doesn’t benefit consumers directly. Another step businesses should take is to be transparent about collection practices. Posting a privacy policy that clearly lays out what data points are being collected and for what purpose will ease consumers into sharing information, which should also be optional. Having select data points collected only with user consent will also help businesses walk the line between personalization and privacy. Enabling opt-out/in consent will allow privacy-concerned users to opt-out of certain practices while still allowing them to use the service. By empowering consumers to “pick and choose” their privacy preferences, businesses demonstrate a commitment to consumer privacy, which will lead to an increased brand reputation while permitting companies to better their service with personalization. Putting consumers at ease about sharing personal information will enable businesses to tailor the customer experience while still demonstrating a commitment to privacy. Following these steps and practices laid out by international data privacy laws can operate as a “best practices” framework for online marketers and companies in finding the perfect balance between privacy and hyper-personalization.

About Ardent Privacy

Ardent Privacy is an "Enterprise Data Privacy Technology" solutions provider based in the Maryland/DC region of the United States and Pune, India. Ardent harnesses the power of AI to enable companies with data discovery and automated compliance with DPB (India), RBI Security Guidelines, GDPR (EU), CCPA/CPRA (California), and other global regulations by taking a data-driven approach. Ardent Privacy's solution utilizes machine learning and artificial intelligence to identify, inventory, map, minimize, and securely delete data in enterprises to reduce legal and financial liability.

For more information visit https://ardentprivacy.ai/and for more resources here.

Ardent Privacy articles should not be considered legal advice on data privacy regulations or any other specific facts or circumstances.

^[i] Business Insider India. “Why Netflix thinks its personalized recommendation engine is worth $1 billion per year.” June 15, 2016. https://www. businessinsider.in/Why-Netflix-thinks-its-personalized-recommendation-engine-is-worth-1-billion-per-year/articleshow/52754724.cms.

^[ii] Epsilon. “New Epsilon research indicates 80% of Consumers are more likely to make a purchase when brands offer personalized experiences” https://us.epsilon.com/pressroom/new-epsilon-research-indicates-80-of-consumers-are-more-likely-to-make-a-purchase-when-brandsoffer-personalized-experiences.